* [GIT pull core fix for 4.12
@ 2017-05-27 8:32 Thomas Gleixner
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Gleixner @ 2017-05-27 8:32 UTC (permalink / raw)
To: Linus Torvalds; +Cc: LKML, Andrew Morton, Ingo Molnar, H. Peter Anvin
Linus,
please pull the latest core-urgent-for-linus git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core-urgent-for-linus
A single fix which prevents a use after free when kthread fork fails.
Thanks,
tglx
------------------>
Vegard Nossum (1):
kthread: Fix use-after-free if kthread fork fails
kernel/fork.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index d681f8f10d2d..b7cdea10239c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1553,6 +1553,18 @@ static __latent_entropy struct task_struct *copy_process(
if (!p)
goto fork_out;
+ /*
+ * This _must_ happen before we call free_task(), i.e. before we jump
+ * to any of the bad_fork_* labels. This is to avoid freeing
+ * p->set_child_tid which is (ab)used as a kthread's data pointer for
+ * kernel threads (PF_KTHREAD).
+ */
+ p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
+ /*
+ * Clear TID on mm_release()?
+ */
+ p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr : NULL;
+
ftrace_graph_init_task(p);
rt_mutex_init_task(p);
@@ -1716,11 +1728,6 @@ static __latent_entropy struct task_struct *copy_process(
}
}
- p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
- /*
- * Clear TID on mm_release()?
- */
- p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr : NULL;
#ifdef CONFIG_BLOCK
p->plug = NULL;
#endif
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [GIT pull] core fix for 4.12
@ 2017-06-18 9:21 Thomas Gleixner
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Gleixner @ 2017-06-18 9:21 UTC (permalink / raw)
To: Linus Torvalds; +Cc: LKML, Ingo Molnar, H. Peter Anvin
Linus,
please pull the latest core-urgent-for-linus git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core-urgent-for-linus
A single fix which adds fortify_panic to the list of no return functions.
Thanks,
tglx
------------------>
Kees Cook (1):
objtool: Add fortify_panic as __noreturn function
tools/objtool/builtin-check.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 282a60368b14..5f66697fe1e0 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
"complete_and_exit",
"kvm_spurious_fault",
"__reiserfs_panic",
- "lbug_with_loc"
+ "lbug_with_loc",
+ "fortify_panic",
};
if (func->bind == STB_WEAK)
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-18 9:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-27 8:32 [GIT pull core fix for 4.12 Thomas Gleixner
2017-06-18 9:21 [GIT pull] " Thomas Gleixner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).