admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,397,167 Commits 1 Branch 910 Tags
89e1fb7ceffd898505ad7fa57acec0585bfaa2cc
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Fengnan Chang 89e1fb7cef blk-mq: fix potential uaf for 'queue_hw_ctx' 
This is just apply Kuai's patch in [1] with mirror changes.

blk_mq_realloc_hw_ctxs() will free the 'queue_hw_ctx'(e.g. undate
submit_queues through configfs for null_blk), while it might still be
used from other context(e.g. switch elevator to none):

t1					t2
elevator_switch
 blk_mq_unquiesce_queue
  blk_mq_run_hw_queues
   queue_for_each_hw_ctx
    // assembly code for hctx = (q)->queue_hw_ctx[i]
    mov    0x48(%rbp),%rdx -> read old queue_hw_ctx

					__blk_mq_update_nr_hw_queues
					 blk_mq_realloc_hw_ctxs
					  hctxs = q->queue_hw_ctx
					  q->queue_hw_ctx = new_hctxs
					  kfree(hctxs)
    movslq %ebx,%rax
    mov    (%rdx,%rax,8),%rdi ->uaf

This problem was found by code review, and I comfirmed that the concurrent
scenario do exist(specifically 'q->queue_hw_ctx' can be changed during
blk_mq_run_hw_queues()), however, the uaf problem hasn't been repoduced yet
without hacking the kernel.

Sicne the queue is freezed in __blk_mq_update_nr_hw_queues(), fix the
problem by protecting 'queue_hw_ctx' through rcu where it can be accessed
without grabbing 'q_usage_counter'.

[1] https://lore.kernel.org/all/20220225072053.2472431-1-yukuai3@huawei.com/

Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2025-11-28 09:09:19 -07:00
arch
Merge tag 'x86_urgent_for_v6.18_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2025-10-19 04:41:27 -10:00
block
blk-mq: fix potential uaf for 'queue_hw_ctx'
2025-11-28 09:09:19 -07:00
certs
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
2024-09-20 19:52:48 +03:00
crypto
Merge tag 'v6.18-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2025-10-10 08:56:16 -07:00
Documentation
Documentation: admin-guide: blockdev: update zloop parameters
2025-11-17 09:40:09 -07:00
drivers
ublk: prevent invalid access with DEBUG
2025-11-26 10:59:18 -07:00
fs
xfs: use blkdev_report_zones_cached()
2025-11-05 08:07:21 -07:00
include
blk-mq: fix potential uaf for 'queue_hw_ctx'
2025-11-28 09:09:19 -07:00
init
Merge tag 'printk-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
2025-10-04 11:13:11 -07:00
io_uring
io_uring/rw: check for NULL io_br_sel when putting a buffer
2025-10-15 13:38:53 -06:00
ipc
Merge tag 'namespace-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-09-29 11:20:29 -07:00
kernel
blktrace: add support for REQ_OP_WRITE_ZEROES tracing
2025-11-03 08:30:56 -07:00
lib
lib/test_kho: use kho_preserve_vmalloc instead of storing addresses in fdt
2025-10-07 13:48:56 -07:00
LICENSES
LICENSES: Replace the obsolete address of the FSF in the GFDL-1.2
2025-07-24 11:15:39 +02:00
mm
slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL
2025-10-16 15:16:45 +02:00
net
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2025-10-18 08:00:43 -10:00
rust
rust: block: update ARef and AlwaysRefCounted imports from sync::aref
2025-11-05 18:24:10 -07:00
samples
Merge tag 'char-misc-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2025-10-04 16:26:32 -07:00
scripts
Merge tag 'kbuild-fixes-6.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux
2025-10-11 15:47:12 -07:00
security
Merge tag 'integrity-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
2025-10-05 10:48:33 -07:00
sound
ALSA: hda/realtek: Fix mute led for HP Omen 17-cb0xxx
2025-10-17 16:37:21 +02:00
tools
selftests: ublk: make ublk_thread thread-local variable
2025-11-03 08:34:59 -07:00
usr
gen_init_cpio: Ignore fsync() returning EINVAL on pipes
2025-10-07 09:53:05 -07:00
virt
Merge tag 'kvm-x86-fixes-6.18-rc2' of https://github.com/kvm-x86/linux into HEAD
2025-10-18 10:25:43 +02:00
.clang-format
memblock: drop for_each_free_mem_pfn_range_in_zone_from()
2025-09-14 08:49:03 +03:00
.clippy.toml
rust: clean Rust 1.88.0's warning about clippy::disallowed_macros configuration
2025-05-07 00:11:47 +02:00
.cocciconfig
scripts: add Linux .cocciconfig for coccinelle
2016-07-22 12:13:39 +02:00
.editorconfig
.editorconfig: remove trim_trailing_whitespace option
2024-06-13 16:47:52 +02:00
.get_maintainer.ignore
MAINTAINERS: remove Alyssa Rosenzweig
2025-09-18 21:17:31 +02:00
.gitattributes
.gitattributes: set diff driver for Rust source code files
2023-05-31 17:48:25 +02:00
.gitignore
.gitignore: ignore compile_commands.json globally
2025-08-12 15:53:55 -07:00
.mailmap
Merge tag 'net-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2025-10-16 09:41:21 -07:00
.pylintrc
tools: docs: parse-headers.py: move it from sphinx dir
2025-08-29 15:54:42 -06:00
.rustfmt.toml
rust: add .rustfmt.toml
2022-09-28 09:02:20 +02:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
Merge tag 'usb-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2025-10-04 16:07:08 -07:00
Kbuild
sched: Make migrate_{en,dis}able() inline
2025-09-25 09:57:16 +02:00
Kconfig
io_uring: Rename KConfig to Kconfig
2025-02-19 14:53:27 -07:00
MAINTAINERS
MAINTAINERS: add a maintainer for zoned block device support
2025-11-19 07:37:48 -07:00
Makefile
Linux 6.18-rc2
2025-10-19 15:19:16 -10:00
README
README: Fix spelling
2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Reference in New Issue View Git Blame Copy Permalink
Description
Linux kernel source tree
Readme 8.3 GiB
Languages
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%