Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2024-08-05T21:34:23+00:00 2024-08-05T21:34:23+00:00 Petr Pavlu petr.pavlu@suse.com 2024-07-17T13:00:23+00:00 urn:sha1:f91f7ac900e7342e0fd66093dfbf7cb8cb585a99 When a reference counter is at zero and refcount_sub_and_test() is invoked to subtract zero, the function accepts this request without any warning and returns true. This behavior does not seem ideal because the counter being already at zero indicates a use-after-free. Furthermore, returning true by refcount_sub_and_test() in this case potentially results in a double-free done by its caller. Modify the underlying function __refcount_sub_and_test() to warn about this case as a use-after-free and have it return false to avoid the potential double-free. Signed-off-by: Petr Pavlu <petr.pavlu@suse.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lore.kernel.org/r/20240717130023.5675-1-petr.pavlu@suse.com Signed-off-by: Kees Cook <kees@kernel.org> 2022-04-12T23:16:48+00:00 Kees Cook keescook@chromium.org 2022-03-04T00:31:16+00:00 urn:sha1:73f62e60d80c2d74491933ca49006b9e70563738 It's long been annoying that to add a new LKDTM test one had to update lkdtm.h and core.c to get it "registered". Switch to a per-category list and update the crashtype walking code in core.c to handle it. This also means that all the lkdtm_* tests themselves can be static now. Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2019-11-25T08:15:46+00:00 Will Deacon will@kernel.org 2019-11-21T11:59:02+00:00 urn:sha1:500543c53a54134ced386aed85cd93cf1363f981 CONFIG_REFCOUNT_FULL no longer exists, so remove all references to it. Signed-off-by: Will Deacon <will@kernel.org> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Kees Cook <keescook@chromium.org> Tested-by: Hanjun Guo <guohanjun@huawei.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Elena Reshetova <elena.reshetova@intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20191121115902.2551-11-will@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 2019-11-25T08:14:13+00:00 Will Deacon will@kernel.org 2019-11-21T11:58:53+00:00 urn:sha1:23e6b169c9917fbd77534f8c5f378cb073f548bd The REFCOUNT_FULL implementation uses a different saturation point than the x86 implementation, which means that the shared refcount code in lib/refcount.c (e.g. refcount_dec_not_one()) needs to be aware of the difference. Rather than duplicate the definitions from the lkdtm driver, instead move them into <linux/refcount.h> and update all references accordingly. Signed-off-by: Will Deacon <will@kernel.org> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Hanjun Guo <guohanjun@huawei.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Elena Reshetova <elena.reshetova@intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20191121115902.2551-2-will@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 2018-03-07T03:18:55+00:00 Kees Cook keescook@chromium.org 2018-03-06T22:58:10+00:00 urn:sha1:aeef9c09740691e33aceeaa5f5b8a4457a4eab97 The refcount.c file missed the mass-addition of the SPDX lines. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-03-07T03:18:55+00:00 Kees Cook keescook@chromium.org 2018-03-06T22:58:09+00:00 urn:sha1:039a1c42058db54692a6d4497508bd48555f29fb The LKDTM modules keep expanding, and it's getting weird to have each file get a prefix. Instead, move to a subdirectory for cleaner handling. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>