GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 23:32:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Star64_linux/mm
History
David Rientjes c11600e4fe mm, mempolicy: task->mempolicy must be NULL before dropping final reference 
KASAN allocates memory from the page allocator as part of
kmem_cache_free(), and that can reference current->mempolicy through any
number of allocation functions.  It needs to be NULL'd out before the
final reference is dropped to prevent a use-after-free bug:

	BUG: KASAN: use-after-free in alloc_pages_current+0x363/0x370 at addr ffff88010b48102c
	CPU: 0 PID: 15425 Comm: trinity-c2 Not tainted 4.8.0-rc2+ #140
	...
	Call Trace:
		dump_stack
		kasan_object_err
		kasan_report_error
		__asan_report_load2_noabort
		alloc_pages_current	<-- use after free
		depot_save_stack
		save_stack
		kasan_slab_free
		kmem_cache_free
		__mpol_put		<-- free
		do_exit

This patch sets current->mempolicy to NULL before dropping the final
reference.

Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1608301442180.63329@chino.kir.corp.google.com
Fixes: cd11016e5f ("mm, kasan: stackdepot implementation. Enable stackdepot for SLAB")
Signed-off-by: David Rientjes <rientjes@google.com>
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>	[4.6+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-09-01 17:52:01 -07:00
..
kasan kasan: remove the unnecessary WARN_ONCE from quarantine.c 2016-08-11 16:58:14 -07:00
backing-dev.c block: fix bdi vs gendisk lifetime mismatch 2016-08-04 14:19:16 -06:00
balloon_compaction.c
bootmem.c
cleancache.c
cma.c
cma.h
cma_debug.c
compaction.c
debug.c
debug_page_ref.c
dmapool.c
early_ioremap.c
fadvise.c
failslab.c
filemap.c block/mm: make bdev_ops->rw_page() take a bool for read/write 2016-08-07 14:41:02 -06:00
frame_vector.c
frontswap.c
gup.c
highmem.c
huge_memory.c soft_dirty: fix soft_dirty during THP split 2016-08-26 17:39:35 -07:00
hugetlb.c mm/hugetlb: fix incorrect hugepages count during mem hotplug 2016-08-11 16:58:13 -07:00
hugetlb_cgroup.c
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
Kconfig mm: clarify COMPACTION Kconfig text 2016-08-26 17:39:35 -07:00
Kconfig.debug
khugepaged.c
kmemcheck.c
kmemleak-test.c
kmemleak.c
ksm.c
list_lru.c
maccess.c
madvise.c
Makefile Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user 2016-08-08 14:48:14 -07:00
memblock.c mm/memblock.c: fix NULL dereference error 2016-08-04 20:02:09 -04:00
memcontrol.c mm: memcontrol: avoid unused function warning 2016-08-26 17:39:35 -07:00
memory-failure.c
memory.c mm: move swap-in anonymous page into active list 2016-08-02 17:31:41 -04:00
memory_hotplug.c mm/memory_hotplug.c: initialize per_cpu_nodestats for hotadded pgdats 2016-08-11 16:58:14 -07:00
mempolicy.c mm, mempolicy: task->mempolicy must be NULL before dropping final reference 2016-09-01 17:52:01 -07:00
mempool.c
memtest.c
migrate.c
mincore.c
mlock.c
mm_init.c
mmap.c mm: refuse wrapped vm_brk requests 2016-08-02 19:35:15 -04:00
mmu_context.c
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c
msync.c
nobootmem.c
nommu.c
oom_kill.c mm, oom: fix uninitialized ret in task_will_free_mem() 2016-08-11 16:58:14 -07:00
page-writeback.c
page_alloc.c mm, vmscan: only allocate and reclaim from zones with pages managed by the buddy allocator 2016-09-01 17:52:01 -07:00
page_counter.c
page_ext.c
page_idle.c
page_io.c mm: make __swap_writepage() use bio_set_op_attrs() 2016-08-07 14:41:02 -06:00
page_isolation.c
page_owner.c
page_poison.c
pagewalk.c
percpu-km.c
percpu-vm.c
percpu.c
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c mm: silently skip readahead for DAX inodes 2016-08-26 17:39:35 -07:00
rmap.c rmap: fix compound check logic in page_remove_file_rmap 2016-08-10 16:40:56 -07:00
shmem.c thp: move shmem_huge_enabled() outside of SYSFS ifdef 2016-08-10 16:40:56 -07:00
slab.c Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user 2016-08-08 14:48:14 -07:00
slab.h
slab_common.c
slob.c
slub.c mm/slub.c: run free_partial() outside of the kmem_cache_node->list_lock 2016-08-10 16:40:56 -07:00
sparse-vmemmap.c treewide: replace obsolete _refok by __ref 2016-08-02 17:31:41 -04:00
sparse.c treewide: replace obsolete _refok by __ref 2016-08-02 17:31:41 -04:00
swap.c
swap_cgroup.c
swap_state.c
swapfile.c
truncate.c
usercopy.c usercopy: fix overlap check for kernel text 2016-08-22 19:10:51 -07:00
userfaultfd.c
util.c
vmacache.c
vmalloc.c
vmpressure.c
vmscan.c mm, vmscan: only allocate and reclaim from zones with pages managed by the buddy allocator 2016-09-01 17:52:01 -07:00
vmstat.c
workingset.c
z3fold.c
zbud.c
zpool.c
zsmalloc.c
zswap.c