linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-04 00:15:49 -04:00

Go to file

Maor Gottlieb c7a198c700 RDMA/ucma: Fix use after free in destroy id flow

ucma_free_ctx() should call to __destroy_id() on all the connection requests
that have not been delivered to user space. Currently it calls on the
context itself and cause to use after free.

Fixes the trace:

   BUG: Unable to handle kernel data access on write at 0x5deadbeef0000108
   Faulting instruction address: 0xc0080000002428f4
   Oops: Kernel access of bad area, sig: 11 [#1]
   Call Trace:
   [c000000207f2b680] [c00800000024280c] .__destroy_id+0x28c/0x610 [rdma_ucm] (unreliable)
   [c000000207f2b750] [c0080000002429c4] .__destroy_id+0x444/0x610 [rdma_ucm]
   [c000000207f2b820] [c008000000242c24] .ucma_close+0x94/0xf0 [rdma_ucm]
   [c000000207f2b8c0] [c00000000046fbdc] .__fput+0xac/0x330
   [c000000207f2b960] [c00000000015d48c] .task_work_run+0xbc/0x110
   [c000000207f2b9f0] [c00000000012fb00] .do_exit+0x430/0xc50
   [c000000207f2bae0] [c0000000001303ec] .do_group_exit+0x5c/0xd0
   [c000000207f2bb70] [c000000000144a34] .get_signal+0x194/0xe30
   [c000000207f2bc60] [c00000000001f6b4] .do_notify_resume+0x124/0x470
   [c000000207f2bd60] [c000000000032484] .interrupt_exit_user_prepare+0x1b4/0x240
   [c000000207f2be20] [c000000000010034] interrupt_return+0x14/0x1c0

Rename listen_ctx to conn_req_ctx as the poor name was the cause of this
bug.

Fixes: a1d33b70db ("RDMA/ucma: Rework how new connections are passed through event delivery")
Link: https://lore.kernel.org/r/20201012045600.418271-4-leon@kernel.org
Signed-off-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

2020-10-16 14:07:08 -03:00

arch

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

2020-10-03 12:19:23 -07:00

block

Merge tag 'block-5.9-2020-10-02' of git://git.kernel.dk/linux-block

2020-10-02 14:34:52 -07:00

certs

.gitignore: add SPDX License Identifier

2020-03-25 11:50:48 +01:00

crypto

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2020-08-30 15:53:44 -07:00

Documentation

Merge branch 'dynamic_sg' into rdma.git for-next

2020-10-16 12:40:58 -03:00

drivers

RDMA/ucma: Fix use after free in destroy id flow

2020-10-16 14:07:08 -03:00

Merge tag 'io_uring-5.9-2020-10-02' of git://git.kernel.dk/linux-block

2020-10-02 14:38:10 -07:00

include

RDMA/rxe: Move the definitions for rxe_av.network_type to uAPI

2020-10-16 13:54:10 -03:00

init

bootconfig: init: make xbc_namebuf static

2020-09-18 22:17:05 -04:00

ipc

ipc: adjust proc_ipc_sem_dointvec definition to match prototype

2020-09-05 12:14:29 -07:00

kernel

Merge tag 'trace-v5.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

2020-10-01 09:41:02 -07:00

lib

lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values

2020-10-16 12:41:33 -03:00

LICENSES

LICENSES: Rename other to deprecated

2019-05-03 06:34:32 -06:00

mm/page_alloc: handle a missing case for memalloc_nocma_{save/restore} APIs

2020-10-03 11:28:12 -07:00

net

Merge tag 'nfsd-5.9-2' of git://git.linux-nfs.org/projects/cel/cel-2.6

2020-09-25 10:46:11 -07:00

samples

treewide: Use fallthrough pseudo-keyword

2020-08-23 17:36:59 -05:00

scripts

scripts/spelling.txt: fix malformed entry

2020-10-03 11:28:12 -07:00

security

Merge tag 'fixes-v5.9a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2020-09-15 16:26:57 -07:00

sound

Merge tag 'sound-5.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

2020-09-24 09:00:05 -07:00

tools

lib/scatterlist: Add support in dynamic allocation of SG table from pages

2020-10-05 20:45:45 -03:00

usr

Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2020-08-07 13:29:39 -07:00

virt

KVM: fix memory leak in kvm_io_bus_unregister_dev()

2020-09-11 13:15:11 -04:00

.clang-format

Merge branch 'mlx5_active_speed' into rdma.git for-next

2020-09-18 10:31:45 -03:00

.cocciconfig

scripts: add Linux .cocciconfig for coccinelle

2016-07-22 12:13:39 +02:00

.get_maintainer.ignore

Opt out of scripts/get_maintainer.pl

2019-05-16 10:53:40 -07:00

.gitattributes

.gitattributes: use 'dts' diff driver for dts files

2019-12-04 19:44:11 -08:00

.gitignore

.gitignore: Add ZSTD-compressed files

2020-07-31 11:50:49 +02:00

.mailmap

mailmap: add older email addresses for Kees Cook

2020-09-19 13:13:38 -07:00

COPYING

COPYING: state that all contributions really are covered by this file

2020-02-10 13:32:20 -08:00

CREDITS

CREDITS: Replace HTTP links with HTTPS ones

2020-07-23 14:53:58 -06:00

Kbuild

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-04 01:53:07 +09:00

Kconfig

kbuild: ensure full rebuild when the compiler is updated

2020-05-12 13:28:33 +09:00

MAINTAINERS

Merge branch 'dynamic_sg' into rdma.git for-next

2020-10-16 12:40:58 -03:00

Makefile

Linux 5.9-rc8

2020-10-04 16:04:34 -07:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97%

Assembly 1%

Shell 0.6%

Rust 0.5%

Python 0.4%

Other 0.3%