system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-07-23 19:49:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1247936 commits 7 branches 845 tags 6.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Sharath Srinivasan 13e788deb7 net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv 
Syzcaller UBSAN crash occurs in rds_cmsg_recv(),
which reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),
but with array size of 4 (RDS_RX_MAX_TRACES).
Here 'j' is assigned from rs->rs_rx_trace[i] and in-turn from
trace.rx_trace_pos[i] in rds_recv_track_latency(),
with both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the
off-by-one bounds check in rds_recv_track_latency() to prevent
a potential crash in rds_cmsg_recv().

Found by syzcaller:
=================================================================
UBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39
index 4 is out of range for type 'u64 [4]'
CPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
 rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585
 rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716
 sock_recvmsg_nosec net/socket.c:1044 [inline]
 sock_recvmsg+0xe2/0x160 net/socket.c:1066
 __sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246
 __do_sys_recvfrom net/socket.c:2264 [inline]
 __se_sys_recvfrom net/socket.c:2260 [inline]
 __x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
==================================================================

Fixes: 3289025aed ("RDS: add receive message trace used by application")
Reported-by: Chenyuan Yang <chenyuan0y@gmail.com>
Closes: https://lore.kernel.org/linux-rdma/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw@mail.gmail.com/
Signed-off-by: Sharath Srinivasan <sharath.srinivasan@oracle.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-01-22 11:24:00 +00:00
arch RTC for 6.8 2024-01-18 17:25:39 -08:00
block for-6.8/block-2024-01-08 2024-01-11 13:58:04 -08:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto crypto: scomp - fix req->dst buffer overflow 2023-12-29 11:25:56 +08:00
Documentation This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
drivers net: micrel: Fix PTP frame parsing for lan8814 2024-01-22 11:02:23 +00:00
fs More eventfs fixes and a seq_buf fix for 6.8: 2024-01-18 14:45:33 -08:00
include udp: fix busy polling 2024-01-21 18:09:30 +00:00
init Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
io_uring Generic: 2024-01-17 13:03:37 -08:00
ipc shm: Slim down dependencies 2023-12-20 19:26:31 -05:00
kernel Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
lib cxl for v6.8 2024-01-18 16:22:43 -08:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm memblock: code readability improvement 2024-01-18 16:46:18 -08:00
net net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv 2024-01-22 11:24:00 +00:00
rust Rust changes for v6.8 2024-01-11 13:05:41 -08:00
samples tracing updates for 6.8: 2024-01-18 14:35:29 -08:00
scripts Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
security misc cleanups (the part that hadn't been picked by individual fs trees) 2024-01-11 20:23:50 -08:00
sound This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
tools selftests: bonding: Increase timeout to 1200s 2024-01-19 21:12:31 -08:00
usr usr/Kconfig: fix typos of "its" 2023-12-20 15:02:58 -08:00
virt Generic: 2024-01-17 13:03:37 -08:00
.clang-format clang-format: Update with v6.7-rc4's for_each macro list 2023-12-08 23:54:38 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/ 2023-10-03 20:49:09 +09:00
.mailmap Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
Makefile Quite a lot of kexec work this time around. Many singleton patches in 2024-01-09 11:46:20 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.