redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
Fork of alistair23 Linux kernel for reMarkable from https://github.com/alistair23/linux
884,503 Commits
15 Branches
0 Tags
3.4 GiB
C 97.7%
Assembly 1.4%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Other 0.1%
 
 
 
 
 
 
Go to file
Thomas Gleixner ecd62d2e9a futex: Handle faults correctly for PI futexes 
commit 34b1a1ce14 upstream

fixup_pi_state_owner() tries to ensure that the state of the rtmutex,
pi_state and the user space value related to the PI futex are consistent
before returning to user space. In case that the user space value update
faults and the fault cannot be resolved by faulting the page in via
fault_in_user_writeable() the function returns with -EFAULT and leaves
the rtmutex and pi_state owner state inconsistent.

A subsequent futex_unlock_pi() operates on the inconsistent pi_state and
releases the rtmutex despite not owning it which can corrupt the RB tree of
the rtmutex and cause a subsequent kernel stack use after free.

It was suggested to loop forever in fixup_pi_state_owner() if the fault
cannot be resolved, but that results in runaway tasks which is especially
undesired when the problem happens due to a programming error and not due
to malice.

As the user space value cannot be fixed up, the proper solution is to make
the rtmutex and the pi_state consistent so both have the same owner. This
leaves the user space value out of sync. Any subsequent operation on the
futex will fail because the 10th rule of PI futexes (pi_state owner and
user space value are consistent) has been violated.

As a consequence this removes the inept attempts of 'fixing' the situation
in case that the current task owns the rtmutex when returning with an
unresolvable fault by unlocking the rtmutex which left pi_state::owner and
rtmutex::owner out of sync in a different and only slightly less dangerous
way.

Fixes: 1b7558e457 ("futexes: fix fault handling in futex_lock_pi")
Reported-by: gzobqq@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-01-30 13:54:10 +01:00
Documentation x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery 2021-01-27 11:47:45 +01:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
arch sh: dma: fix kconfig dependency for G2_DMA 2021-01-27 11:47:52 +01:00
block bfq: Fix computation of shallow depth 2021-01-19 18:26:15 +01:00
certs PKCS#7: Refactor verify_pkcs7_signature() 2019-08-05 18:40:18 -04:00
crypto crypto: asym_tpm: correct zero out potential secrets 2021-01-12 20:16:17 +01:00
drivers gpio: mvebu: fix pwm .get_state period calculation 2021-01-30 13:54:09 +01:00
fs cifs: do not fail __smb_send_rqst if non-fatal signals are pending 2021-01-27 11:47:49 +01:00
include tcp: fix TCP_USER_TIMEOUT with zero window 2021-01-27 11:47:55 +01:00
init exec: Transform exec_update_mutex into a rw_semaphore 2021-01-09 13:44:55 +01:00
ipc ipc/util.c: sysvipc_find_ipc() incorrectly updates position index 2020-05-20 08:20:16 +02:00
kernel futex: Handle faults correctly for PI futexes 2021-01-30 13:54:10 +01:00
lib lib/raid6: Let $(UNROLL) rules work with macOS userland 2021-01-19 18:26:15 +01:00
mm Revert "mm/slub: fix a memory leak in sysfs_slab_add()" 2021-01-30 13:54:09 +01:00
net tcp: fix TCP_USER_TIMEOUT with zero window 2021-01-27 11:47:55 +01:00
samples samples: bpf: Fix lwt_len_hist reusing previous BPF map 2020-12-30 11:51:12 +01:00
scripts depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-12 20:16:10 +01:00
security dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:26:16 +01:00
sound ASoC: Intel: haswell: Add missing pm_ops 2021-01-27 11:47:42 +01:00
tools selftests: net: fib_tests: remove duplicate log test 2021-01-27 11:47:48 +01:00
usr initramfs: restore default compression behavior 2020-04-08 09:08:38 +02:00
virt kvm: check tlbs_dirty directly 2021-01-12 20:16:22 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Modules updates for v5.4 2019-09-22 10:34:46 -07:00
.mailmap ARM: SoC fixes 2019-11-10 13:41:59 -08:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer 2019-10-10 08:12:51 -07:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS Documentation/llvm: add documentation on building w/ Clang/LLVM 2020-08-26 10:40:46 +02:00
Makefile Linux 5.4.93 2021-01-27 11:47:55 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.