Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4045305775d6bbbfaf45fd4f33109937a1eb4057
kernel_amazon_mt8127-common/fs
T
History
Andrea Arcangeli 14468afe50 fs/exec: fix use after free in execve 
"file" can be already freed if bprm->file is NULL after
search_binary_handler() return. binfmt_script will do exactly that for
example. If the VM reuses the file after fput run(), this will result in
a use ater free.

So obtain d_is_su before search_binary_handler() runs.

This should explain this crash:

[25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185
[..]
[25333.009918] [2:             am:21861] PC is at do_execve+0x354/0x474

Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2018-05-03 18:49:05 +02:00
..
9p
posix_acl: Clear SGID bit when setting file permissions
2017-06-08 00:46:47 +02:00
adfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
affs
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
afs
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
autofs4
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
befs
befs_readdir(): do not increment ->f_pos if filldir tells us to stop
2013-05-31 15:17:56 -04:00
bfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
btrfs
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
cachefiles
lift sb_start_write() out of ->write()
2013-04-09 14:12:56 -04:00
ceph
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
cifs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
coda
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
configfs
configfs: fix race between dentry put and lookup
2013-11-29 11:11:53 -08:00
cramfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
debugfs
Merge tag 'v3.10.76' into update
2018-03-21 22:42:30 +01:00
devpts
pty: make sure super_block is still valid in final /dev/tty close
2016-02-25 11:57:46 -08:00
dlm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2013-05-01 14:08:52 -07:00
ecryptfs
introduce iterate_dir() and dir_context
2018-05-03 18:33:29 +02:00
efivarfs
efi: Make efivarfs entries immutable by default
2016-03-16 08:41:37 -07:00
efs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
exofs
ore: Fix wrong math in allocation of per device BIO
2014-02-13 13:48:00 -08:00
exportfs
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
ext2
Merge tag 'v3.10.63' into update
2018-03-21 22:33:47 +01:00
ext3
posix_acl: Clear SGID bit when setting file permissions
2017-06-08 00:46:47 +02:00
ext4
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
f2fs
f2fs: set ->owner for debugfs status file's file_operations
2017-06-08 00:46:49 +02:00
fat
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
freevxfs
fs: Readd the fs module aliases.
2013-03-12 18:55:21 -07:00
fscache
FS-Cache: fix dereference of NULL user_key_payload
2017-11-02 07:16:17 +01:00
fuse
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
gfs2
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
hfs
hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
2015-10-01 12:07:34 +02:00
hfsplus
hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
2015-10-01 12:07:34 +02:00
hostfs
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
2017-02-10 11:03:30 +01:00
hpfs
hpfs: update ctime and mtime on directory modification
2015-09-21 10:00:10 -07:00
hppfs
hppfs: get rid of ->fsync()
2013-04-29 15:41:42 -04:00
hugetlbfs
mm: larger stack guard gap, between vmas
2017-06-21 15:42:43 +02:00
isofs
isofs: Do not return EACCES for unknown filesystems
2017-02-10 11:03:30 +01:00
jbd
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2013-05-03 09:56:25 -07:00
jbd2
jbd2: don't leak modified metadata buffers on an aborted journal
2017-06-20 08:02:35 +02:00
jffs2
Merge tag 'v3.10.100' into update
2018-03-21 22:52:38 +01:00
jfs
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
lockd
lockd: create NSM handles per net namespace
2016-03-03 15:06:20 -08:00
logfs
block: Remove bi_idx references
2013-03-23 14:15:31 -07:00
minix
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
ncpfs
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
nfs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
nfs_common
nfs_common: Update the translation between nfsv3 acls linux posix acls
2013-02-13 06:15:14 -08:00
nfsd
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
nilfs2
Merge tag 'v3.10.103' into update
2018-03-21 22:58:21 +01:00
nls
nls: fix (and rename) mac NLS table files and config options
2012-06-01 19:51:22 -07:00
notify
fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
2015-08-16 20:51:35 -07:00
ntfs
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
ocfs2
ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed()
2017-06-20 08:03:01 +02:00
omfs
fs, omfs: add NULL terminator in the end up the token list
2015-06-05 23:19:54 -07:00
openpromfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
proc
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
pstore
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
qnx4
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
qnx6
qnx6: qnx6_readdir() has a braino in pos calculation
2013-05-31 15:17:31 -04:00
quota
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
ramfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-02-26 20:16:07 -08:00
reiserfs
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
romfs
romfs: fix nommu map length to keep inside filesystem
2013-04-29 09:17:57 +10:00
squashfs
fs: Limit sys_mount to only request filesystem modules. (Part 3)
2013-03-11 07:09:48 -07:00
sysfs
sysfs: check if one entry has been removed before freeing
2013-04-05 15:35:52 -07:00
sysv
fix sysvfs symlinks
2016-02-19 14:22:39 -08:00
ubifs
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
udf
udf: Fix deadlock between writeback and udf_setsize()
2017-11-02 10:45:57 +01:00
ufs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2013-04-30 09:36:50 -07:00
xfs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
aio.c
Merge tag 'v3.10.98' into update
2018-03-21 22:51:37 +01:00
anon_inodes.c
get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
2013-02-26 02:46:11 -05:00
attr.c
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2014-06-16 13:42:52 -07:00
bad_inode.c
lseek: the "whence" argument is called "whence"
2012-12-17 17:15:12 -08:00
binfmt_aout.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
binfmt_elf_fdpic.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
2013-05-02 10:16:16 -07:00
binfmt_elf.c
Merge tag 'v3.10.97' into update
2018-03-21 22:51:04 +01:00
binfmt_em86.c
exec: use -ELOOP for max recursion depth
2012-12-17 17:15:23 -08:00
binfmt_flat.c
new helper: read_code()
2013-04-29 15:40:23 -04:00
binfmt_misc.c
binfmt_misc: reuse string_unescape_inplace()
2013-04-30 17:04:03 -07:00
binfmt_script.c
exec: do not leave bprm->interp on stack
2012-12-20 17:40:19 -08:00
binfmt_som.c
get rid of pt_regs argument of ->load_binary()
2012-11-28 21:53:38 -05:00
bio-integrity.c
bio-integrity: Fix bio_integrity_verify segment start bug
2014-03-23 21:38:21 -07:00
bio.c
block: Fix bio_copy_data()
2013-10-05 07:13:09 -07:00
block_dev.c
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
buffer.c
Merge tag 'v3.10.60' into update
2018-03-21 22:31:34 +01:00
char_dev.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat_binfmt_elf.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat_ioctl.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat.c
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
coredump.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
coredump.h
coredump: update coredump-related headers
2012-10-06 03:05:15 +09:00
dcache.c
move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
2017-06-20 14:04:14 +02:00
dcookies.c
fs/compat: fix lookup_dcookie() parameter handling
2014-02-13 13:48:00 -08:00
direct-io.c
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
drop_caches.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
eventfd.c
fs, eventfd: add procfs fdinfo helper
2012-12-17 17:15:27 -08:00
eventpoll.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
exec.c
fs/exec: fix use after free in execve
2018-05-03 18:49:05 +02:00
fcntl.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
fhandle.c
vfs: read file_handle only once in handle_to_path
2015-06-05 23:20:00 -07:00
file_table.c
Merge tag 'v3.10.83' into update
2018-03-21 22:46:32 +01:00
file.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
filesystems.c
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
fs_struct.c
constify path_get/path_put and fs_struct.c stuff
2013-03-01 23:51:07 -05:00
fs-writeback.c
Merge tag 'v3.10.65' into update
2018-03-21 22:36:23 +01:00
generic_acl.c
import PULS_20180308
2018-03-13 20:30:12 +01:00
inode.c
Merge tag 'v3.10.84' into update
2018-03-21 22:46:36 +01:00
internal.h
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
ioctl.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
ioprio.c
Merge tag 'v3.10.61' into update
2018-03-21 22:31:40 +01:00
Kconfig
efivarfs: Move to fs/efivarfs
2013-04-17 13:25:09 +01:00
Kconfig.binfmt
fs: make binfmt support for #! scripts modular and removable
2013-04-30 17:04:04 -07:00
libfs.c
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
locks.c
locks: fix unlock when fcntl_setlk races with a close
2016-03-09 15:31:53 -08:00
Makefile
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
mbcache.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
mount.h
vfs: Is mounted should be testing mnt_ns for NULL or error.
2014-02-06 11:08:16 -08:00
mpage.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
namei.c
kernel: Fix potential refcount leak in su check
2018-05-03 18:46:03 +02:00
namespace.c
Merge tag 'v3.10.64' into update
2018-03-21 22:33:51 +01:00
no-block.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
open.c
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
pipe.c
pipe: limit the per-user amount of pages allocated in pipes
2016-08-21 23:22:36 +02:00
pnode.c
vfs: Fix invalid ida_remove() call
2013-05-31 15:16:33 -04:00
pnode.h
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
posix_acl.c
fix compilation after merge
2018-03-21 23:40:56 +01:00
proc_namespace.c
get rid of magic in proc_namespace.c
2012-07-14 16:32:48 +04:00
read_write.c
fs/compat: fix parameter handling for compat readv/writev syscalls
2014-02-13 13:48:00 -08:00
readdir.c
fs: readdir: Fix su hide patch for non-iterate filesystems
2018-05-03 18:47:07 +02:00
select.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
seq_file.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
signalfd.c
signalfd: fix information leak in signalfd_copyinfo
2015-08-16 20:51:42 -07:00
splice.c
vfs: fix uninitialized flags in splice_to_pipe()
2017-06-20 14:04:20 +02:00
stack.c
fs: reduce the use of module.h wherever possible
2012-02-28 19:31:58 -05:00
stat.c
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
statfs.c
vfs: allow O_PATH file descriptors for fstatfs()
2013-10-18 07:45:44 -07:00
super.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
sync.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
timerfd.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
utimes.c
vfs: allow utimensat() calls to retry once on an ESTALE error
2012-12-20 18:50:08 -05:00
xattr_acl.c
userns: Fix posix_acl_file_xattr_userns gid conversion
2012-10-12 13:16:48 -07:00
xattr.c
vfs: make lremovexattr retry once on ESTALE error
2012-12-20 18:50:11 -05:00