diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-08-15 21:50:07 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-08-15 21:50:07 +0300 |
| commit | e724918b3786252b985b0c2764c16a57d1937707 (patch) | |
| tree | af1edc7958a77a7da94becf684c7f429252fdb51 /include/linux | |
| parent | a4a35f6cbebbf9466b6c412506ab89299d567f51 (diff) | |
| parent | fb6a421fb6153d97cf3058f9bd550b377b76a490 (diff) | |
| download | linux-e724918b3786252b985b0c2764c16a57d1937707.tar.xz | |
Merge tag 'hardening-v6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
- gcc-plugins: randstruct: Remove GCC 4.7 or newer requirement
(Thorsten Blum)
- kallsyms: Clean up interaction with LTO suffixes (Song Liu)
- refcount: Report UAF for refcount_sub_and_test(0) when counter==0
(Petr Pavlu)
- kunit/overflow: Avoid misallocation of driver name (Ivan Orlov)
* tag 'hardening-v6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
kallsyms: Match symbols exactly with CONFIG_LTO_CLANG
kallsyms: Do not cleanup .llvm.<hash> suffix before sorting symbols
kunit/overflow: Fix UB in overflow_allocation_test
gcc-plugins: randstruct: Remove GCC 4.7 or newer requirement
refcount: Report UAF for refcount_sub_and_test(0) when counter==0
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/refcount.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/refcount.h b/include/linux/refcount.h index 59b3b752394d..35f039ecb272 100644 --- a/include/linux/refcount.h +++ b/include/linux/refcount.h @@ -266,12 +266,12 @@ bool __refcount_sub_and_test(int i, refcount_t *r, int *oldp) if (oldp) *oldp = old; - if (old == i) { + if (old > 0 && old == i) { smp_acquire__after_ctrl_dep(); return true; } - if (unlikely(old < 0 || old - i < 0)) + if (unlikely(old <= 0 || old - i < 0)) refcount_warn_saturate(r, REFCOUNT_SUB_UAF); return false; |