hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/Documentation
History
Eric Biggers 3fd8712707 strparser: initialize all callbacks 
commit bbb03029a8 ("strparser: Generalize strparser") added more
function pointers to 'struct strp_callbacks'; however, kcm_attach() was
not updated to initialize them.  This could cause the ->lock() and/or
->unlock() function pointers to be set to garbage values, causing a
crash in strp_work().

Fix the bug by moving the callback structs into static memory, so
unspecified members are zeroed.  Also constify them while we're at it.

This bug was found by syzkaller, which encountered the following splat:

    IP: 0x55
    PGD 3b1ca067
    P4D 3b1ca067
    PUD 3b12f067
    PMD 0

    Oops: 0010 [#1] SMP KASAN
    Dumping ftrace buffer:
       (ftrace buffer empty)
    Modules linked in:
    CPU: 2 PID: 1194 Comm: kworker/u8:1 Not tainted 4.13.0-rc4-next-20170811 #2
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    Workqueue: kstrp strp_work
    task: ffff88006bb0e480 task.stack: ffff88006bb10000
    RIP: 0010:0x55
    RSP: 0018:ffff88006bb17540 EFLAGS: 00010246
    RAX: dffffc0000000000 RBX: ffff88006ce4bd60 RCX: 0000000000000000
    RDX: 1ffff1000d9c97bd RSI: 0000000000000000 RDI: ffff88006ce4bc48
    RBP: ffff88006bb17558 R08: ffffffff81467ab2 R09: 0000000000000000
    R10: ffff88006bb17438 R11: ffff88006bb17940 R12: ffff88006ce4bc48
    R13: ffff88003c683018 R14: ffff88006bb17980 R15: ffff88003c683000
    FS:  0000000000000000(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000055 CR3: 000000003c145000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     process_one_work+0xbf3/0x1bc0 kernel/workqueue.c:2098
     worker_thread+0x223/0x1860 kernel/workqueue.c:2233
     kthread+0x35e/0x430 kernel/kthread.c:231
     ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
    Code:  Bad RIP value.
    RIP: 0x55 RSP: ffff88006bb17540
    CR2: 0000000000000055
    ---[ end trace f0e4920047069cee ]---

Here is a C reproducer (requires CONFIG_BPF_SYSCALL=y and
CONFIG_AF_KCM=y):

    #include <linux/bpf.h>
    #include <linux/kcm.h>
    #include <linux/types.h>
    #include <stdint.h>
    #include <sys/ioctl.h>
    #include <sys/socket.h>
    #include <sys/syscall.h>
    #include <unistd.h>

    static const struct bpf_insn bpf_insns[3] = {
        { .code = 0xb7 }, /* BPF_MOV64_IMM(0, 0) */
        { .code = 0x95 }, /* BPF_EXIT_INSN() */
    };

    static const union bpf_attr bpf_attr = {
        .prog_type = 1,
        .insn_cnt = 2,
        .insns = (uintptr_t)&bpf_insns,
        .license = (uintptr_t)"",
    };

    int main(void)
    {
        int bpf_fd = syscall(__NR_bpf, BPF_PROG_LOAD,
                             &bpf_attr, sizeof(bpf_attr));
        int inet_fd = socket(AF_INET, SOCK_STREAM, 0);
        int kcm_fd = socket(AF_KCM, SOCK_DGRAM, 0);

        ioctl(kcm_fd, SIOCKCMATTACH,
              &(struct kcm_attach) { .fd = inet_fd, .bpf_fd = bpf_fd });
    }

Fixes: bbb03029a8 ("strparser: Generalize strparser")
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Tom Herbert <tom@quantonium.net>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2017-08-24 21:57:50 -07:00
..
ABI MTD updates for v4.13-rc1: 2017-07-13 12:07:44 -07:00
EDID drm: use .hword to represent 16-bit numbers 2017-03-30 10:15:19 +02:00
PCI docs: update old references for DocBook from the documentation 2017-05-16 08:44:19 -03:00
RCU rcu: Remove debugfs tracing 2017-06-08 18:52:43 -07:00
accounting
acpi This is the bulk of GPIO changes for the v4.13 series: 2017-07-07 12:40:27 -07:00
admin-guide cpufreq: docs: Add missing cpuinfo_cur_freq description 2017-07-27 23:54:14 +02:00
aoe
arm ARM: at91: Documentation: add armv7m families 2017-06-02 10:11:09 +02:00
arm64 IOMMU Updates for Linux v4.13 2017-07-12 10:00:04 -07:00
auxdisplay
backlight
blackfin samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
block bio-integrity: fold bio_integrity_enabled to bio_integrity_prep 2017-07-03 16:56:24 -06:00
blockdev remove the mg_disk driver 2017-04-14 14:00:49 -06:00
bus-devices
cdrom cdrom: Make device operations read-only 2017-02-14 08:29:56 -07:00
cgroup-v1 mm, vmpressure: pass-through notification support 2017-07-10 16:32:31 -07:00
cma
connector
console
core-api A set of fixes for various warnings, including the one caused by the 2017-07-13 13:44:54 -07:00
cpu-freq cpufreq: intel_pstate: Document the current behavior and user interface 2017-05-14 02:06:03 +02:00
cpuidle
cris
crypto KEYS: Add documentation for asymmetric keyring restrictions 2017-07-14 11:01:38 +10:00
dev-tools linux-kselftest-4.13-rc1-update 2017-07-07 14:04:47 -07:00
device-mapper dm raid: bump target version 2017-07-25 14:54:20 -04:00
devicetree Documentation/bindings: net: marvell-pp2: add the system controller 2017-08-22 14:32:19 -07:00
dmaengine dmaengine: Documentation: Fix typo in pxa_dma.txt 2016-11-14 08:14:24 +05:30
doc-guide kernel-doc: describe the ``literal`` syntax 2017-05-16 08:44:24 -03:00
driver-api A set of fixes for various warnings, including the one caused by the 2017-07-13 13:44:54 -07:00
driver-model pci-v4.13-changes 2017-07-08 15:51:57 -07:00
early-userspace Documentation: Fix dead URLs to ftp.kernel.org 2017-03-29 15:46:06 -06:00
extcon extcon: Remove porting compatibility of swich class 2017-04-06 10:55:24 +09:00
fault-injection fault-inject: add /proc/<pid>/fail-nth 2017-07-14 15:05:13 -07:00
fb efifb: allow user to disable write combined mapping. 2017-07-31 18:45:41 +02:00
features powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
filesystems Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-15 12:00:42 -07:00
firmware_class firmware: revamp firmware documentation 2017-01-11 09:42:59 +01:00
fmc
fpga fpga: Add scatterlist based programming 2017-02-10 15:20:44 +01:00
frv docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
gpio pinctrl: generic: update references to Documentation/pinctrl.txt 2017-08-07 15:26:34 +02:00
gpu main drm pull for v4.13 2017-07-09 18:48:37 -07:00
hid Documentation: hid: fix path to input bus definitions 2017-03-13 17:15:19 -06:00
hwmon hwmon: (pmbus) move header file out of I2C realm 2017-06-11 17:08:19 -07:00
i2c i2c: i801: Add support for Intel Cannon Lake 2017-06-19 16:17:41 +02:00
ia64
ide
iio
infiniband IB/opa-vnic: Virtual Network Interface Controller (VNIC) documentation 2017-04-20 12:01:06 -04:00
input A set of fixes for various warnings, including the one caused by the 2017-07-13 13:44:54 -07:00
ioctl scsi: cxlflash: Introduce host ioctl support 2017-06-26 15:01:11 -04:00
isdn docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
kbuild Kbuild thin archives updates for v4.13 2017-07-07 15:11:12 -07:00
kdump kexec/kdump: minor Documentation updates for arm64 and Image 2017-07-12 16:26:00 -07:00
kernel-hacking There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
laptops platform/x86: thinkpad_acpi: Add support for X1 Yoga (2016) Tablet Mode 2016-12-13 09:29:06 -08:00
leds Documentaion: leds: leds-lp55xx.txt: Fix typos 2017-03-17 13:06:14 -06:00
lightnvm lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
livepatch livepatch: allow removal of a disabled patch 2017-03-08 09:38:43 +01:00
locking locking/ww_mutex/Documentation: Update the design document 2017-01-14 11:14:55 +01:00
m68k docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
md Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-05-03 10:05:38 -07:00
media media: svg: avoid too long lines 2017-07-26 05:46:41 -04:00
memory-devices
metag
mic
mips
misc-devices Documentation: misc-devices: Add Documentation for pci-endpoint-test driver 2017-04-28 10:23:19 -05:00
mmc MMC core: 2017-05-02 17:34:32 -07:00
mn10300
mtd spi-nor: Add support for Intel SPI serial flash controller 2017-01-03 17:33:36 +00:00
namespaces
netlabel
networking strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
nfc
nios2
nvdimm
nvmem
parisc
pcmcia
perf perf: qcom: Add L3 cache PMU driver 2017-04-03 18:53:50 +01:00
phy
platform
power PM / runtime: Document new pm_runtime_set_suspended() constraint 2017-07-27 23:57:40 +02:00
powerpc powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
pps Doc: clarify source of jitter in USB1.1, and USB2.0 2017-01-04 14:40:52 -07:00
process Kbuild thin archives updates for v4.13 2017-07-07 15:11:12 -07:00
pti
ptp
rapidio
s390 docs: add documentation for vfio-ccw 2017-03-31 12:55:11 +02:00
scheduler sched/deadline: Add documentation about GRUB reclaiming 2017-06-08 10:31:56 +02:00
scsi scsi: make asynchronous aborts mandatory 2017-04-06 13:07:33 -04:00
security KEYS: Add documentation for asymmetric keyring restrictions 2017-07-14 11:01:38 +10:00
serial tty: n_gsm: do not send/receive in ldisc close path 2017-06-03 18:48:52 +09:00
sh docs-rst: convert sh book to ReST 2017-05-16 08:44:18 -03:00
sound sound updates for 4.13-rc1 2017-07-06 10:56:51 -07:00
sparc Documentation/sparc: Steps for sending break on sunhv console 2017-02-23 08:27:25 -08:00
sphinx Docs: clean up some DocBook loose ends 2017-06-23 14:17:38 -06:00
sphinx-static
spi spi: Document SPI slave controller support 2017-05-26 13:11:00 +01:00
sysctl bpf, doc: Add arm32 as arch supporting eBPF JIT 2017-08-23 22:40:12 -07:00
target Documentation/target: add an example script to configure an iSCSI target 2017-05-01 22:21:35 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
timers rcu: Eliminate NOCBs CPU-state Kconfig options 2017-06-08 18:52:43 -07:00
trace A few more minor updates: 2017-07-13 13:17:19 -07:00
translations kokr/memory-barriers.txt: Fix obsolete link to atomic_ops.txt 2017-07-12 16:56:40 -06:00
usb usb: gadget: add f_uac1 variant based on a new u_audio api 2017-06-19 09:22:47 +03:00
userspace-api doc: ReSTify no_new_privs.txt 2017-05-18 10:30:09 -06:00
virtual kvm: x86: hyperv: make VP_INDEX managed by userspace 2017-07-14 16:28:18 +02:00
vm ksm: introduce ksm_max_page_sharing per page deduplication limit 2017-07-06 16:24:31 -07:00
w1 w1: add documentation for w1_ds2438 2017-03-17 15:10:49 +09:00
watchdog watchdog: uniphier: add UniPhier watchdog driver 2017-07-03 13:58:55 +02:00
wimax
x86 x86/mce: Update bootlog description to reflect behavior on AMD 2017-06-14 07:32:10 +02:00
xtensa of: update ePAPR references to point to Devicetree Specification 2017-06-22 11:22:06 -05:00
.gitignore
00-INDEX linux-kselftest-4.13-rc1-update 2017-07-07 14:04:47 -07:00
Changes docs: add back 'Documentation/Changes' file (as symlink) 2016-12-14 16:30:12 -08:00
CodingStyle doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
DMA-API-HOWTO.txt DMA-API-HOWTO.txt: standardize document format 2017-07-14 13:51:32 -06:00
DMA-API.txt DMA-API.txt: standardize document format 2017-07-14 13:51:32 -06:00
DMA-ISA-LPC.txt DMA-ISA-LPC.txt: standardize document format 2017-07-14 13:51:33 -06:00
DMA-attributes.txt DMA-attributes.txt: standardize document format 2017-07-14 13:51:33 -06:00
IPMI.txt IPMI.txt: standardize document format 2017-07-14 13:51:40 -06:00
IRQ-affinity.txt IRQ-affinity.txt: standardize document format 2017-07-14 13:51:41 -06:00
IRQ-domain.txt IRQ-domain.txt: standardize document format 2017-07-14 13:51:41 -06:00
IRQ.txt IRQ.txt: add a markup for its title 2017-07-14 13:51:42 -06:00
Intel-IOMMU.txt Intel-IOMMU.txt: standardize document format 2017-07-14 13:51:38 -06:00
Makefile docs: remove DocBook from the building system 2017-05-16 08:44:19 -03:00
SAK.txt SAK.txt: standardize document format 2017-07-14 13:58:04 -06:00
SM501.txt SM501.txt: standardize document format 2017-07-14 13:58:06 -06:00
SubmittingPatches doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
bcache.txt bcache.txt: standardize document format 2017-07-14 13:51:27 -06:00
bt8xxgpio.txt bt8xxgpio.txt: standardize document format 2017-07-14 13:51:27 -06:00
btmrvl.txt btmrvl.txt: standardize document format 2017-07-14 13:51:27 -06:00
bus-virt-phys-mapping.txt bus-virt-phys-mapping.txt: standardize document format 2017-07-14 13:51:28 -06:00
cachetlb.txt cachetlb.txt: standardize document format 2017-07-14 13:51:28 -06:00
cgroup-v2.txt cgroup-v2.txt: standardize document format 2017-07-14 13:58:13 -06:00
circular-buffers.txt circular-buffers.txt: standardize document format 2017-07-14 13:51:29 -06:00
clk.txt clk.txt: standardize document format 2017-07-14 13:51:29 -06:00
conf.py Docs: Fix breakage with Sphinx 1.5 and upper 2017-06-23 13:45:37 -06:00
cpu-load.txt cpu-load: standardize document format 2017-07-14 13:51:30 -06:00
cputopology.txt cputopology.txt: standardize document format 2017-07-14 13:51:30 -06:00
crc32.txt crc32.txt: standardize document format 2017-07-14 13:51:30 -06:00
dcdbas.txt dcdbas.txt: standardize document format 2017-07-14 13:51:31 -06:00
debugging-modules.txt
debugging-via-ohci1394.txt debugging-via-ohci1394.txt: standardize document format 2017-07-14 13:51:34 -06:00
dell_rbu.txt dell_rbu.txt: standardize document format 2017-07-14 13:58:12 -06:00
digsig.txt digsig.txt: standardize document format 2017-07-14 13:51:31 -06:00
docutils.conf
dontdiff GCC plugin updates: 2017-07-05 11:46:59 -07:00
efi-stub.txt efi-stub.txt: standardize document format 2017-07-14 13:51:34 -06:00
eisa.txt eisa.txt: standardize document format 2017-07-14 13:51:34 -06:00
flexible-arrays.txt flexible-arrays.txt: standardize document format 2017-07-14 13:51:35 -06:00
futex-requeue-pi.txt futex-requeue-pi.txt: standardize document format 2017-07-14 13:51:35 -06:00
gcc-plugins.txt gcc-plugins.txt: standardize document format 2017-07-14 13:51:36 -06:00
highuid.txt highuid.txt: standardize document format 2017-07-14 13:51:36 -06:00
hw_random.txt hw_random.txt: standardize document format 2017-07-14 13:51:37 -06:00
hwspinlock.txt hwspinlock.txt: standardize document format 2017-07-14 13:51:37 -06:00
index.rst Make the main documentation title less Geocities 2017-06-23 14:02:27 -06:00
intel_txt.txt intel_txt.txt: standardize document format 2017-07-14 13:51:38 -06:00
io-mapping.txt io-mapping.txt: standardize document format 2017-07-14 13:51:38 -06:00
io_ordering.txt io_ordering.txt: standardize document format 2017-07-14 13:51:39 -06:00
iostats.txt iostats.txt: update it to cover recent Kernels 2017-07-14 13:51:40 -06:00
irqflags-tracing.txt irqflags-tracing.txt: standardize document format 2017-07-14 13:51:42 -06:00
isa.txt isa.txt: standardize document format 2017-07-14 13:51:43 -06:00
isapnp.txt isapnp.txt: promote title level 2017-07-14 13:51:43 -06:00
kernel-doc-nano-HOWTO.txt docs: update old references for DocBook from the documentation 2017-05-16 08:44:19 -03:00
kernel-per-CPU-kthreads.txt kernel-per-CPU-kthreads.txt: standardize document format 2017-07-14 13:51:43 -06:00
kobject.txt kobject.txt: standardize document format 2017-07-14 13:51:44 -06:00
kprobes.txt docs: kprobes.txt: Fix whitespacing 2017-07-14 13:58:14 -06:00
kref.txt kref.txt: standardize document format 2017-07-14 13:51:45 -06:00
ldm.txt ldm.txt: standardize document format 2017-07-14 13:51:45 -06:00
lockup-watchdogs.txt lockup-watchdogs.txt: standardize document format 2017-07-14 13:51:46 -06:00
logo.gif
logo.txt
lsm.txt docs-rst: convert lsm from DocBook to ReST 2017-05-16 08:44:19 -03:00
lzo.txt lzo.txt: standardize document format 2017-07-14 13:51:46 -06:00
mailbox.txt mailbox.txt: standardize document format 2017-07-14 13:51:47 -06:00
memory-barriers.txt A set of fixes for various warnings, including the one caused by the 2017-07-13 13:44:54 -07:00
memory-hotplug.txt memory-hotplug.txt: standardize document format 2017-07-14 13:57:53 -06:00
men-chameleon-bus.txt men-chameleon-bus.txt: standardize document format 2017-07-14 13:57:54 -06:00
nommu-mmap.txt nommu-mmap.txt: don't use all upper case on titles 2017-07-14 13:57:55 -06:00
ntb.txt This series converts a number of top-level documents to the RST format 2017-07-15 12:58:58 -07:00
numastat.txt numastat.txt: standardize document format 2017-07-14 13:57:56 -06:00
padata.txt padata.txt: standardize document format 2017-07-14 13:57:56 -06:00
parport-lowlevel.txt parport-lowlevel.txt: standardize document format 2017-07-14 13:57:57 -06:00
percpu-rw-semaphore.txt percpu-rw-semaphore.txt: standardize document format 2017-07-14 13:57:58 -06:00
phy.txt phy.txt: standardize document format 2017-07-14 13:57:58 -06:00
pi-futex.txt pi-futex.txt: standardize document format 2017-07-14 13:57:59 -06:00
pnp.txt pnp.txt: standardize document format 2017-07-14 13:57:59 -06:00
preempt-locking.txt preempt-locking.txt: standardize document format 2017-07-14 13:58:00 -06:00
printk-formats.txt printk-formats.txt: Better describe the difference between %pS and %pF 2017-08-16 21:09:45 +02:00
pwm.txt pwm: Standardize document format 2017-07-06 08:23:30 +02:00
rbtree.txt rbtree.txt: standardize document format 2017-07-14 13:58:01 -06:00
remoteproc.txt remoteproc.txt: standardize document format 2017-07-14 13:58:02 -06:00
rfkill.txt rfkill.txt: standardize document format 2017-07-14 13:58:02 -06:00
robust-futex-ABI.txt robust-futex-ABI.txt: standardize document format 2017-07-14 13:58:03 -06:00
robust-futexes.txt robust-futexes.txt: standardize document format 2017-07-14 13:58:03 -06:00
rpmsg.txt rpmsg.txt: standardize document format 2017-07-14 13:58:04 -06:00
rtc.txt rtc: add generic nvmem support 2017-07-07 13:14:14 +02:00
sgi-ioc4.txt sgi-ioc4.txt: standardize document format 2017-07-14 13:58:05 -06:00
siphash.txt siphash.txt: standardize document format 2017-07-14 13:58:06 -06:00
smsc_ece1099.txt smsc_ece1099.txt: standardize document format 2017-07-14 13:58:07 -06:00
static-keys.txt static-keys.txt: standardize document format 2017-07-14 13:58:07 -06:00
svga.txt svga.txt: standardize document format 2017-07-14 13:58:08 -06:00
switchtec.txt switchtec: Add IOCTLs to the Switchtec driver 2017-04-12 12:23:37 -05:00
sync_file.txt sync_file.txt: standardize document format 2017-05-24 13:01:27 -03:00
tee.txt tee.txt: standardize document format 2017-07-14 13:58:14 -06:00
this_cpu_ops.txt this_cpu_ops.txt: standardize document format 2017-07-14 13:58:08 -06:00
unaligned-memory-access.txt unaligned-memory-access.txt: standardize document format 2017-07-14 13:58:09 -06:00
vfio-mediated-device.txt vfio-mediated-device.txt: standardize document format 2017-07-14 13:58:10 -06:00
vfio.txt vfio.txt: standardize document format 2017-07-14 13:58:10 -06:00
video-output.txt
xillybus.txt xillybus.txt: standardize document format 2017-07-14 13:58:11 -06:00
xz.txt xz.txt: standardize document format 2017-07-14 13:58:11 -06:00
zorro.txt zorro.txt: standardize document format 2017-07-14 13:58:12 -06:00