lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YbOdV8CPbyPAF234@sol.localdomain>
Date:   Fri, 10 Dec 2021 10:32:55 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Benjamin LaHaise <bcrl@...ck.org>, linux-aio@...ck.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Ramji Jiyani <ramjiyani@...gle.com>,
        Christoph Hellwig <hch@....de>,
        Oleg Nesterov <oleg@...hat.com>, Jens Axboe <axboe@...nel.dk>,
        Martijn Coenen <maco@...roid.com>,
        Xie Yongji <xieyongji@...edance.com>
Subject: [GIT PULL] aio poll fixes for 5.16-rc5

The following changes since commit 0fcfb00b28c0b7884635dacf38e46d60bf3d4eb1:

  Linux 5.16-rc4 (2021-12-05 14:08:22 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git tags/aio-poll-for-linus

for you to fetch changes up to 4b3749865374899e115aa8c48681709b086fe6d3:

  aio: Fix incorrect usage of eventfd_signal_allowed() (2021-12-09 10:52:55 -0800)

----------------------------------------------------------------

Fix three bugs in aio poll, and one issue with POLLFREE more broadly:

  - aio poll didn't handle POLLFREE, causing a use-after-free.
  - aio poll could block while the file is ready.
  - aio poll called eventfd_signal() when it isn't allowed.
  - POLLFREE didn't handle multiple exclusive waiters correctly.

This has been tested with the libaio test suite, as well as with test
programs I wrote that reproduce the first two bugs.  I am sending this
pull request myself as no one seems to be maintaining this code.

----------------------------------------------------------------
Eric Biggers (5):
      wait: add wake_up_pollfree()
      binder: use wake_up_pollfree()
      signalfd: use wake_up_pollfree()
      aio: keep poll requests on waitqueue until completed
      aio: fix use-after-free due to missing POLLFREE handling

Xie Yongji (1):
      aio: Fix incorrect usage of eventfd_signal_allowed()

 drivers/android/binder.c        |  21 ++---
 fs/aio.c                        | 186 ++++++++++++++++++++++++++++++++--------
 fs/signalfd.c                   |  12 +--
 include/linux/wait.h            |  26 ++++++
 include/uapi/asm-generic/poll.h |   2 +-
 kernel/sched/wait.c             |   7 ++
 6 files changed, 196 insertions(+), 58 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ