diff options
| author | Pratyush Yadav (Google) <pratyush@kernel.org> | 2026-05-19 15:24:26 +0300 |
|---|---|---|
| committer | Mike Rapoport (Microsoft) <rppt@kernel.org> | 2026-06-01 09:19:38 +0300 |
| commit | 507e3b479f9c6d85135eb5e1a77fb3fddb259ad8 (patch) | |
| tree | a2ef1e25f6664eb51eb5d9c316cc85b72567c038 /scripts/basic | |
| parent | 051a224c4933e58a0592c5528e89831099c65d6b (diff) | |
| download | linux-507e3b479f9c6d85135eb5e1a77fb3fddb259ad8.tar.xz | |
liveupdate: validate session type before performing operation
The sessions ioctls are not applicable to all session types. PRESERVE_FD
is only applicable to outgoing sessions. RETRIEVE_FD and FINISH are only
valid for incoming session. Calling a incoming ioctl on an outgoing
session is invalid and can cause file handlers to run into unexpected
errors.
For example, a user can create a (outgoing) session, preserve a memfd,
and then immediately do a retrieve without doing a kexec in between.
This would result in memfd's retrieve handler to run. The handlers
expects to be called from a post-kexec context, and will try to do a
kho_restore_vmalloc() or kho_restore_folio() to try and restore memory.
KHO catches this (thanks to KHO_PAGE_MAGIC) and returns an error, but
since this is considered an internal error and KHO throws out a bunch of
WARN()s.
Associate a type with each ioctl op and validate the type in
luo_session_ioctl() before dispatching the ioctl handler to make sure
the op is being called for the right session type.
Fixes: 16cec0d26521 ("liveupdate: luo_session: add ioctls for file preservation")
Cc: stable@vger.kernel.org
Signed-off-by: Pratyush Yadav (Google) <pratyush@kernel.org>
Link: https://patch.msgid.link/20260519122428.2378446-1-pratyush@kernel.org
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Diffstat (limited to 'scripts/basic')
0 files changed, 0 insertions, 0 deletions
