UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,232,403 Commits 6 Branches 40 Tags 3.3 GiB
C 97%
Assembly 1.4%
C++ 0.6%
Makefile 0.3%
Shell 0.3%
Other 0.3%
Go to file
Michal Luczaj f3b8e9d341 vsock: Orphan socket after transport release 
commit 78dafe1cf3afa02ed71084b350713b07e72a18fb upstream.

During socket release, sock_orphan() is called without considering that it
sets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a
null pointer dereferenced in virtio_transport_wait_close().

Orphan the socket only after transport release.

Partially reverts the 'Fixes:' commit.

KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
 lock_acquire+0x19e/0x500
 _raw_spin_lock_irqsave+0x47/0x70
 add_wait_queue+0x46/0x230
 virtio_transport_release+0x4e7/0x7f0
 __vsock_release+0xfd/0x490
 vsock_release+0x90/0x120
 __sock_release+0xa3/0x250
 sock_close+0x14/0x20
 __fput+0x35e/0xa90
 __x64_sys_close+0x78/0xd0
 do_syscall_64+0x93/0x1b0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Reported-by: syzbot+9d55b199192a4be7d02c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9d55b199192a4be7d02c
Fixes: fcdd2242c023 ("vsock: Keep the binding until socket destruction")
Tested-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Link: https://patch.msgid.link/20250210-vsock-linger-nullderef-v3-1-ef6244d02b54@rbox.co
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2025-02-21 13:57:27 +01:00
Documentation arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented 2025-02-21 13:57:26 +01:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch alpha: replace hardcoded stack offsets with autogenerated ones 2025-02-21 13:57:27 +01:00
block partitions: mac: fix handling of bogus partition table 2025-02-21 13:57:18 +01:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes 2025-01-09 13:31:52 +01:00
drivers HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context 2025-02-21 13:57:27 +01:00
fs btrfs: fix hole expansion when writing at an offset beyond EOF 2025-02-21 13:57:19 +01:00
include net: add dev_net_rcu() helper 2025-02-21 13:57:20 +01:00
init Compiler Attributes: disable __counted_by for clang < 19.1.3 2024-12-09 10:32:46 +01:00
io_uring io_uring/kbuf: reallocate buf lists on upgrade 2025-02-21 13:57:27 +01:00
ipc ipc: fix memleak if msg_init_ns failed in create_ipc_ns 2024-12-09 10:32:54 +01:00
kernel clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context 2025-02-21 13:57:20 +01:00
lib maple_tree: simplify split calculation 2025-02-17 09:40:39 +01:00
mm mm: gup: fix infinite loop within __get_longterm_locked 2025-02-21 13:57:26 +01:00
net vsock: Orphan socket after transport release 2025-02-21 13:57:27 +01:00
rust rust: init: use explicit ABI to clean warning in future compilers 2025-02-17 09:40:27 +01:00
samples samples/landlock: Fix possible NULL dereference in parse_path() 2025-02-08 09:51:57 +01:00
scripts scripts/gdb: fix aarch64 userspace detection in get_current_task 2025-02-17 09:40:39 +01:00
security tomoyo: don't emit warning in tomoyo_write_control() 2025-02-17 09:40:07 +01:00
sound ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V 2025-02-21 13:57:12 +01:00
tools selftests: rtnetlink: update netdevsim ipsec output format 2025-02-21 13:57:25 +01:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock 2024-10-04 16:29:47 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Remove *.orig pattern from .gitignore 2024-10-04 16:29:44 +02:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS membarrier: riscv: Add full memory barrier in switch_mm() 2024-09-12 11:11:45 +02:00
Makefile kbuild: userprogs: fix bitsize and target detection on clang 2025-02-21 13:57:17 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.