NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Kernel Source and devicetree for NOTHING Phone(3a) and Phone(3a)Pro
1149400 commits 1 branch 0 tags 2.6 GiB
Find a file
Sagi Grimberg f691ec5a54 nvmet-tcp: Fix a possible UAF in queue intialization setup 
commit d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd upstream.

From Alon:
"Due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel,
a malicious user can cause a UAF and a double free, which may lead to
RCE (may also lead to an LPE in case the attacker already has local
privileges)."

Hence, when a queue initialization fails after the ahash requests are
allocated, it is guaranteed that the queue removal async work will be
called, hence leave the deallocation to the queue removal.

Also, be extra careful not to continue processing the socket, so set
queue rcv_state to NVMET_TCP_RECV_ERR upon a socket error.

Cc: stable@vger.kernel.org
Reported-by: Alon Zahavi <zahavi.alon@gmail.com>
Tested-by: Alon Zahavi <zahavi.alon@gmail.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-10-25 12:03:05 +02:00
arch x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() 2023-10-25 12:03:04 +02:00
block block: fix use-after-free of q->q_usage_counter 2023-10-10 22:00:37 +02:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto crypto: lrw,xts - Replace strlcpy with strscpy 2023-09-23 11:11:01 +02:00
Documentation tcp: enforce receive buffer memory limits by allowing the tcp window to shrink 2023-10-19 23:08:54 +02:00
drivers nvmet-tcp: Fix a possible UAF in queue intialization setup 2023-10-25 12:03:05 +02:00
fs fs/ntfs3: fix deadlock in mark_as_free_ex 2023-10-25 12:03:05 +02:00
include audit,io_uring: io_uring openat triggers audit reference count underflow 2023-10-25 12:03:04 +02:00
init sched/psi: Select KERNFS as needed 2023-09-13 09:42:28 +02:00
io_uring io_uring/fs: remove sqe->rw_flags checking from LINKAT 2023-10-06 14:57:02 +02:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:32:01 +01:00
kernel audit,io_uring: io_uring openat triggers audit reference count underflow 2023-10-25 12:03:04 +02:00
lib lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default 2023-10-25 12:03:02 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list 2023-10-10 22:00:36 +02:00
net netfilter: nft_payload: fix wrong mac header matching 2023-10-25 12:03:05 +02:00
rust rust: allocator: Prevent mis-aligned allocation 2023-08-11 12:08:18 +02:00
samples samples/hw_breakpoint: fix building without module unloading 2023-09-23 11:11:09 +02:00
scripts modpost: add missing else to the "of" check 2023-10-10 22:00:41 +02:00
security KEYS: trusted: Remove redundant static calls usage 2023-10-19 23:08:50 +02:00
sound ALSA: hda/realtek - Fixed two speaker platform 2023-10-19 23:08:58 +02:00
tools netfilter: nf_tables: Deduplicate nft_register_obj audit logs 2023-10-10 22:00:43 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add() 2023-09-13 09:42:46 +02:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS devlink: move code to a dedicated directory 2023-08-30 16:11:00 +02:00
Makefile Linux 6.1.59 2023-10-19 23:08:58 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.