tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp fixes from Kees Cook:
"This fixes a rare race condition in seccomp when using TSYNC and
USER_NOTIF together where a memory allocation would not get freed
(found by syzkaller, fixed by Tycho).

Additionally updates Tycho's MAINTAINERS and .mailmap entries for his
new address"

* tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
seccomp: don't leave dangling ->notif if file allocation fails
mailmap, MAINTAINERS: move to tycho.pizza
seccomp: don't leak memory when filter install races

Linus Torvalds ef2e9a56 4f8b0a5b

+20 -7
+1
.mailmap
··· 308 308 TripleX Chung <xxx.phy@gmail.com> <triplex@zh-kernel.org> 309 309 TripleX Chung <xxx.phy@gmail.com> <zhongyu@18mail.cn> 310 310 Tsuneo Yoshioka <Tsuneo.Yoshioka@f-secure.com> 311 + Tycho Andersen <tycho@tycho.pizza> <tycho@tycho.ws> 311 312 Uwe Kleine-König <ukleinek@informatik.uni-freiburg.de> 312 313 Uwe Kleine-König <ukl@pengutronix.de> 313 314 Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
+1 -1
MAINTAINERS
··· 9800 9800 9801 9801 LEAKING_ADDRESSES 9802 9802 M: Tobin C. Harding <me@tobin.cc> 9803 - M: Tycho Andersen <tycho@tycho.ws> 9803 + M: Tycho Andersen <tycho@tycho.pizza> 9804 9804 L: kernel-hardening@lists.openwall.com 9805 9805 S: Maintained 9806 9806 T: git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
+18 -6
kernel/seccomp.c
··· 1109 1109 } 1110 1110 1111 1111 #ifdef CONFIG_SECCOMP_FILTER 1112 - static int seccomp_notify_release(struct inode *inode, struct file *file) 1112 + static void seccomp_notify_free(struct seccomp_filter *filter) 1113 1113 { 1114 - struct seccomp_filter *filter = file->private_data; 1114 + kfree(filter->notif); 1115 + filter->notif = NULL; 1116 + } 1117 + 1118 + static void seccomp_notify_detach(struct seccomp_filter *filter) 1119 + { 1115 1120 struct seccomp_knotif *knotif; 1116 1121 1117 1122 if (!filter) 1118 - return 0; 1123 + return; 1119 1124 1120 1125 mutex_lock(&filter->notify_lock); 1121 1126 ··· 1144 1139 complete(&knotif->ready); 1145 1140 } 1146 1141 1147 - kfree(filter->notif); 1148 - filter->notif = NULL; 1142 + seccomp_notify_free(filter); 1149 1143 mutex_unlock(&filter->notify_lock); 1144 + } 1145 + 1146 + static int seccomp_notify_release(struct inode *inode, struct file *file) 1147 + { 1148 + struct seccomp_filter *filter = file->private_data; 1149 + 1150 + seccomp_notify_detach(filter); 1150 1151 __put_seccomp_filter(filter); 1151 1152 return 0; 1152 1153 } ··· 1499 1488 1500 1489 out_notif: 1501 1490 if (IS_ERR(ret)) 1502 - kfree(filter->notif); 1491 + seccomp_notify_free(filter); 1503 1492 out: 1504 1493 return ret; 1505 1494 } ··· 1592 1581 listener_f->private_data = NULL; 1593 1582 fput(listener_f); 1594 1583 put_unused_fd(listener); 1584 + seccomp_notify_detach(prepared); 1595 1585 } else { 1596 1586 fd_install(listener, listener_f); 1597 1587 ret = listener;