system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-05 19:02:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
809765 commits 7 branches 855 tags 6.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Stanislav Fomichev 0b7959b625 tun: publish tfile after it's fully initialized 
BUG: unable to handle kernel NULL pointer dereference at 00000000000000d1
Call Trace:
 ? napi_gro_frags+0xa7/0x2c0
 tun_get_user+0xb50/0xf20
 tun_chr_write_iter+0x53/0x70
 new_sync_write+0xff/0x160
 vfs_write+0x191/0x1e0
 __x64_sys_write+0x5e/0xd0
 do_syscall_64+0x47/0xf0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

I think there is a subtle race between sending a packet via tap and
attaching it:

CPU0:                    CPU1:
tun_chr_ioctl(TUNSETIFF)
  tun_set_iff
    tun_attach
      rcu_assign_pointer(tfile->tun, tun);
                         tun_fops->write_iter()
                           tun_chr_write_iter
                             tun_napi_alloc_frags
                               napi_get_frags
                                 napi->skb = napi_alloc_skb
      tun_napi_init
        netif_napi_add
          napi->skb = NULL
                              napi->skb is NULL here
                              napi_gro_frags
                                napi_frags_skb
				  skb = napi->skb
				  skb_reset_mac_header(skb)
				  panic()

Move rcu_assign_pointer(tfile->tun) and rcu_assign_pointer(tun->tfiles) to
be the last thing we do in tun_attach(); this should guarantee that when we
call tun_get() we always get an initialized object.

v2 changes:
* remove extra napi_mutex locks/unlocks for napi operations

Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 90e33d4594 ("tun: enable napi_gro_frags() for TUN/TAP driver")

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 09:24:38 -05:00
arch Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
block for-4.21/block-20190102 2019-01-02 18:49:58 -08:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
Documentation bpf, doc: update design qa to reflect kern_version requirement 2019-01-07 15:52:00 -08:00
drivers tun: publish tfile after it's fully initialized 2019-01-10 09:24:38 -05:00
firmware firmware: refactor firmware/Makefile 2018-12-23 10:10:32 +09:00
fs Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
include ptp: uapi: change _IOW to IOWR in PTP_SYS_OFFSET_EXTENDED definition 2019-01-08 16:22:56 -05:00
init Merge tag 'devicetree-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux 2018-12-28 20:08:34 -08:00
ipc ipc: IPCMNI limit check for semmni 2018-10-31 08:54:14 -07:00
kernel bpf: fix sanitation of alu op with pointer / scalar type from different paths 2019-01-05 21:32:38 -08:00
lib Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
LICENSES This is a fairly typical cycle for documentation. There's some welcome 2018-10-24 18:01:11 +01:00
mm Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
net packet: Do not leak dev refcounts on error exit 2019-01-08 21:41:40 -05:00
samples selftests/bpf: fix incorrect users of create_and_get_cgroup 2019-01-07 13:15:55 -08:00
scripts Tracing changes for v4.21: 2018-12-31 11:46:59 -08:00
security Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
sound Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
tools selftests: forwarding: Add a test for VLAN deletion 2019-01-08 16:53:54 -05:00
usr user/Makefile: Fix typo and capitalization in comment section 2018-12-11 00:18:03 +09:00
virt Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
.clang-format page cache: Convert find_get_pages_contig to XArray 2018-10-21 10:46:34 -04:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support for DT binding schema checks 2018-12-13 09:41:32 -06:00
.mailmap Merge tag 'nand/for-4.21' of git://git.infradead.org/linux-mtd into mtd/next 2018-12-18 19:59:16 +01:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS: update entry for MMP platform 2018-12-03 12:39:57 -08:00
Kbuild kbuild: remove unused cmd_gentimeconst 2018-12-25 00:10:30 +09:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS Merge branch 'for-linus-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2019-01-02 18:39:22 -08:00
Makefile Kbuild updates for v4.21 2018-12-29 12:03:17 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.