TechPanelGM/kernel_xiaomi_sm8250
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
804,962 Commits 10 Branches 0 Tags
57f93eaff49df848d0534de9d5ade19a7212ab2d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Paolo Valente 57f93eaff4 block, bfq: fix use after free in bfq_bfqq_expire 
commit eed47d19d9362bdd958e4ab56af480b9dbf6b2b6 upstream.

The function bfq_bfqq_expire() invokes the function
__bfq_bfqq_expire(), and the latter may free the in-service bfq-queue.
If this happens, then no other instruction of bfq_bfqq_expire() must
be executed, or a use-after-free will occur.

Basing on the assumption that __bfq_bfqq_expire() invokes
bfq_put_queue() on the in-service bfq-queue exactly once, the queue is
assumed to be freed if its refcounter is equal to one right before
invoking __bfq_bfqq_expire().

But, since commit 9dee8b3b057e ("block, bfq: fix queue removal from
weights tree") this assumption is false. __bfq_bfqq_expire() may also
invoke bfq_weights_tree_remove() and, since commit 9dee8b3b057e
("block, bfq: fix queue removal from weights tree"), also
the latter function may invoke bfq_put_queue(). So __bfq_bfqq_expire()
may invoke bfq_put_queue() twice, and this is the actual case where
the in-service queue may happen to be freed.

To address this issue, this commit moves the check on the refcounter
of the queue right around the last bfq_put_queue() that may be invoked
on the queue.

Fixes: 9dee8b3b057e ("block, bfq: fix queue removal from weights tree")
Reported-by: Dmitrii Tcvetkov <demfloro@demfloro.ru>
Reported-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Dmitrii Tcvetkov <demfloro@demfloro.ru>
Tested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-29 12:20:43 +01:00
arch
ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
2021-12-22 09:19:04 +01:00
block
block, bfq: fix use after free in bfq_bfqq_expire
2021-12-29 12:20:43 +01:00
certs
certs: Trigger creation of RSA module signing key if it's not an RSA key
2021-09-22 11:47:51 +02:00
crypto
crypto: pcrypt - Delay write to padata->info
2021-11-26 11:36:11 +01:00
Documentation
netfilter: ipvs: Fix reuse connection if RS weight is 0
2021-12-01 09:27:41 +01:00
drivers
net: usb: lan78xx: add Allied Telesis AT29M2-AF
2021-12-29 12:20:42 +01:00
firmware
Fix built-in early-load Intel microcode alignment
2020-01-23 08:21:29 +01:00
fs
ovl: fix warning in ovl_create_real()
2021-12-22 09:19:04 +01:00
include
aio: fix use-after-free due to missing POLLFREE handling
2021-12-14 10:18:07 +01:00
init
pid: take a reference when initializing cad_pid
2021-06-10 13:24:06 +02:00
ipc
shm: extend forced shm destroy to support objects from several IPC nses
2021-12-08 08:50:11 +01:00
kernel
timekeeping: Really make sure wall_to_monotonic isn't positive
2021-12-22 09:19:03 +01:00
lib
ARM: 8800/1: use choice for kernel unwinders
2021-12-22 09:19:03 +01:00
LICENSES
LICENSES: Remove CC-BY-SA-4.0 license text
2018-10-18 11:28:50 +02:00
mm
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
2021-12-14 10:18:05 +01:00
net
mac80211: validate extended element ID is present
2021-12-22 09:19:03 +01:00
samples
samples/kretprobes: Fix return value if register_kretprobe() failed
2021-11-26 11:36:11 +01:00
scripts
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
2021-12-22 09:19:00 +01:00
security
fortify: Explicitly disable Clang support
2021-11-26 11:36:18 +01:00
sound
ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
2021-12-14 10:18:07 +01:00
tools
tools build: Remove needless libpython-version feature check that breaks test-all fast path
2021-12-14 10:18:07 +01:00
usr
initramfs: restore default compression behavior
2020-04-13 10:44:59 +02:00
virt
KVM: remember position in kvm->vcpus array
2021-09-26 13:39:46 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Documentation/llvm: add documentation on building w/ Clang/LLVM
2020-09-26 18:01:31 +02:00
Makefile
Linux 4.19.222
2021-12-22 09:19:05 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 2.1 GiB
Languages
C 98%
Assembly 1.3%
Makefile 0.3%
Shell 0.1%