qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,163,548 Commits 5 Branches 2,220 Tags 2.7 GiB
C 97.5%
Assembly 1.1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Other 0.1%
Go to file
Waiman Long 916d1a5638 padata: avoid UAF for reorder_work 
JIRA: https://issues.redhat.com/browse/RHEL-81522
CVE: CVE-2025-21726

commit dd7d37ccf6b11f3d95e797ebe4e9e886d0332600
Author: Chen Ridong <chenridong@huawei.com>
Date:   Fri, 10 Jan 2025 06:16:39 +0000

    padata: avoid UAF for reorder_work

    Although the previous patch can avoid ps and ps UAF for _do_serial, it
    can not avoid potential UAF issue for reorder_work. This issue can
    happen just as below:

    crypto_request                  crypto_request          crypto_del_alg
    padata_do_serial
      ...
      padata_reorder
        // processes all remaining
        // requests then breaks
        while (1) {
          if (!padata)
            break;
          ...
        }

                                    padata_do_serial
                                      // new request added
                                      list_add
        // sees the new request
        queue_work(reorder_work)
                                      padata_reorder
                                        queue_work_on(squeue->work)
    ...

                                    <kworker context>
                                    padata_serial_worker
                                    // completes new request,
                                    // no more outstanding
                                    // requests

                                                            crypto_del_alg
                                                              // free pd

    <kworker context>
    invoke_padata_reorder
      // UAF of pd

    To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work'
    into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.

    Fixes: bbefa1dd6a ("crypto: pcrypt - Avoid deadlock by using per-instance padata queues")
    Signed-off-by: Chen Ridong <chenridong@huawei.com>
    Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Waiman Long <longman@redhat.com>
 		2025-02-28 11:00:53 -05:00
Documentation Merge: Upgrade the UFS core to v6.12 2025-02-14 02:34:29 -05:00
LICENSES
arch Merge: s390/mm: add support for UFFDIO_POISON 2025-02-17 12:00:35 -05:00
block
certs
crypto
drivers Merge: CVE-2025-21689: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() 2025-02-17 12:00:37 -05:00
fs Merge: ovl: Filter invalid inodes with missing lookup function 2025-02-17 12:00:33 -05:00
include Merge: Upgrade the UFS core to v6.12 2025-02-14 02:34:29 -05:00
init
io_uring
ipc
kernel padata: avoid UAF for reorder_work 2025-02-28 11:00:53 -05:00
lib
mm Merge: CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM 2025-02-17 12:00:34 -05:00
net Merge: af_packet: performance degradation on higher core count platforms 2025-02-17 12:00:37 -05:00
redhat [redhat] kernel-5.14.0-570.el9 2025-02-17 12:00:40 -05:00
samples Merge: Update drivers/misc/mei to upstream 6.12 2025-02-13 02:24:34 -05:00
scripts
security
sound
tools Merge: clocksource: Avoid calling get_random_u32() in atomic context 2025-02-14 02:34:26 -05:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.gitlab-ci.yml
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
Kconfig.redhat
MAINTAINERS Merge: Update drivers/misc/mei to upstream 6.12 2025-02-13 02:24:34 -05:00
Makefile
Makefile.rhelver [redhat] kernel-5.14.0-570.el9 2025-02-17 12:00:40 -05:00
README
makefile

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.