Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
557d9dfd7005a24215f98e70dfe7db0f6bb0916c
kernel_amazon_mt8127-common/fs
T
History
Andrea Arcangeli 14468afe50 fs/exec: fix use after free in execve 
"file" can be already freed if bprm->file is NULL after
search_binary_handler() return. binfmt_script will do exactly that for
example. If the VM reuses the file after fput run(), this will result in
a use ater free.

So obtain d_is_su before search_binary_handler() runs.

This should explain this crash:

[25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185
[..]
[25333.009918] [2:             am:21861] PC is at do_execve+0x354/0x474

Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2018-05-03 18:49:05 +02:00
..
9p
Merge tag 'v3.10.85' into update
2018-03-21 22:46:39 +01:00
adfs
affs
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
afs
autofs4
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
befs
bfs
btrfs
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
cachefiles
ceph
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
cifs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
coda
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
configfs
cramfs
debugfs
Merge tag 'v3.10.76' into update
2018-03-21 22:42:30 +01:00
devpts
pty: make sure super_block is still valid in final /dev/tty close
2016-02-25 11:57:46 -08:00
dlm
ecryptfs
introduce iterate_dir() and dir_context
2018-05-03 18:33:29 +02:00
efivarfs
efi: Make efivarfs entries immutable by default
2016-03-16 08:41:37 -07:00
efs
exofs
exportfs
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
ext2
Merge tag 'v3.10.63' into update
2018-03-21 22:33:47 +01:00
ext3
Merge tag 'v3.10.60' into update
2018-03-21 22:31:34 +01:00
ext4
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
f2fs
import PULS_20180308
2018-03-13 20:30:12 +01:00
fat
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
freevxfs
fscache
FS-Cache: fix dereference of NULL user_key_payload
2017-11-02 07:16:17 +01:00
fuse
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
gfs2
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
hfs
hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
2015-10-01 12:07:34 +02:00
hfsplus
hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
2015-10-01 12:07:34 +02:00
hostfs
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
2017-02-10 11:03:30 +01:00
hpfs
hpfs: update ctime and mtime on directory modification
2015-09-21 10:00:10 -07:00
hppfs
hugetlbfs
mm: larger stack guard gap, between vmas
2017-06-21 15:42:43 +02:00
isofs
isofs: Do not return EACCES for unknown filesystems
2017-02-10 11:03:30 +01:00
jbd
jbd2
jbd2: don't leak modified metadata buffers on an aborted journal
2017-06-20 08:02:35 +02:00
jffs2
Merge tag 'v3.10.100' into update
2018-03-21 22:52:38 +01:00
jfs
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
lockd
lockd: create NSM handles per net namespace
2016-03-03 15:06:20 -08:00
logfs
minix
ncpfs
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
nfs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
nfs_common
nfsd
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
nilfs2
Merge tag 'v3.10.103' into update
2018-03-21 22:58:21 +01:00
nls
notify
fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
2015-08-16 20:51:35 -07:00
ntfs
ocfs2
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
omfs
fs, omfs: add NULL terminator in the end up the token list
2015-06-05 23:19:54 -07:00
openpromfs
proc
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
pstore
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
qnx4
qnx6
quota
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
ramfs
reiserfs
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
romfs
squashfs
sysfs
sysv
fix sysvfs symlinks
2016-02-19 14:22:39 -08:00
ubifs
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
udf
udf: Fix deadlock between writeback and udf_setsize()
2017-11-02 10:45:57 +01:00
ufs
xfs
Merge tag 'v3.10.107' into update
2018-03-21 23:07:35 +01:00
aio.c
Merge tag 'v3.10.98' into update
2018-03-21 22:51:37 +01:00
anon_inodes.c
attr.c
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2014-06-16 13:42:52 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
Merge tag 'v3.10.97' into update
2018-03-21 22:51:04 +01:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio-integrity: Fix bio_integrity_verify segment start bug
2014-03-23 21:38:21 -07:00
bio.c
block_dev.c
Merge tag 'v3.10.106' into update
2018-03-21 23:06:23 +01:00
buffer.c
Merge tag 'v3.10.60' into update
2018-03-21 22:31:34 +01:00
char_dev.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat_binfmt_elf.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat_ioctl.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
compat.c
introduce ->iterate(), ctx->pos, dir_emit()
2018-05-03 18:37:22 +02:00
coredump.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
coredump.h
dcache.c
move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
2017-06-20 14:04:14 +02:00
dcookies.c
direct-io.c
Merge tag 'v3.10.108' into update
2018-03-21 23:07:40 +01:00
drop_caches.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
eventfd.c
eventpoll.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
exec.c
fs/exec: fix use after free in execve
2018-05-03 18:49:05 +02:00
fcntl.c
fhandle.c
vfs: read file_handle only once in handle_to_path
2015-06-05 23:20:00 -07:00
file_table.c
Merge tag 'v3.10.83' into update
2018-03-21 22:46:32 +01:00
file.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
filesystems.c
fs_struct.c
fs-writeback.c
Merge tag 'v3.10.65' into update
2018-03-21 22:36:23 +01:00
generic_acl.c
import PULS_20180308
2018-03-13 20:30:12 +01:00
inode.c
Merge tag 'v3.10.84' into update
2018-03-21 22:46:36 +01:00
internal.h
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
ioctl.c
ioprio.c
Merge tag 'v3.10.61' into update
2018-03-21 22:31:40 +01:00
Kconfig
Kconfig.binfmt
libfs.c
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
locks.c
locks: fix unlock when fcntl_setlk races with a close
2016-03-09 15:31:53 -08:00
Makefile
mbcache.c
mount.h
mpage.c
namei.c
kernel: Fix potential refcount leak in su check
2018-05-03 18:46:03 +02:00
namespace.c
Merge tag 'v3.10.64' into update
2018-03-21 22:33:51 +01:00
no-block.c
open.c
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
pipe.c
pipe: limit the per-user amount of pages allocated in pipes
2016-08-21 23:22:36 +02:00
pnode.c
pnode.h
posix_acl.c
fix compilation after merge
2018-03-21 23:40:56 +01:00
proc_namespace.c
read_write.c
readdir.c
fs: readdir: Fix su hide patch for non-iterate filesystems
2018-05-03 18:47:07 +02:00
select.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
seq_file.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
signalfd.c
signalfd: fix information leak in signalfd_copyinfo
2015-08-16 20:51:42 -07:00
splice.c
vfs: fix uninitialized flags in splice_to_pipe()
2017-06-20 14:04:20 +02:00
stack.c
stat.c
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
statfs.c
super.c
Merge tag 'v3.10.105' into update
2018-03-21 23:00:38 +01:00
sync.c
timerfd.c
import PULS_20160108
2018-03-13 20:29:02 +01:00
utimes.c
xattr_acl.c
xattr.c