TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
e8873fb76ab1b66ab22cf997c83dc350af41c2e2
ubports_kernel_google_msm/kernel
History
Thomas Gleixner e8873fb76a futex: Validate atomic acquisition in futex_lock_pi_atomic() 
CVE-2014-3153

commit b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 upstream.

We need to protect the atomic acquisition in the kernel against rogue
user space which sets the user space futex to 0, so the kernel side
acquisition succeeds while there is existing state in the kernel
associated to the real owner.

Verify whether the futex has waiters associated with kernel state.  If
it has, return -EINVAL.  The state is corrupted already, so no point in
cleaning it up.  Subsequent calls will fail as well.  Not our problem.

[ tglx: Use futex_top_waiter() and explain why we do not need to try
  	restoring the already corrupted user space state. ]

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
2014-06-27 08:15:43 -06:00
..
debug
debug: add parameters to prevent entering debug mode on errors
2012-05-18 17:03:10 -07:00
events
perf: Treat attr.config as u64 in perf_swevent_init()
2014-06-26 13:36:31 -06:00
gcov
irq
random: remove rand_initialize_irq()
2013-09-09 17:01:42 -07:00
power
freezer: shorten freezer sleep time using exponential backoff
2013-07-12 14:22:56 -07:00
sched
wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task
2014-06-26 13:20:19 -06:00
time
timekeeping: fix 32-bit overflow in get_monotonic_boottime
2013-04-18 16:08:05 -07:00
trace
trace/events: add gpu trace events
2013-04-18 16:08:19 -07:00
.gitignore
acct.c
Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2012-01-08 12:19:57 -08:00
async.c
kernel/async: remove redundant declaration.
2012-01-13 09:32:18 +10:30
audit_tree.c
audit_watch.c
audit.c
constify path argument of audit_log_d_path()
2012-03-20 21:29:40 -04:00
audit.h
audit: remove AUDIT_SETUP_CONTEXT as it isn't used
2012-01-17 16:16:57 -05:00
auditfilter.c
audit: allow interfield comparison in audit rules
2012-01-17 16:17:01 -05:00
auditsc.c
kernel-doc: fix new warnings in auditsc.c
2012-01-23 08:44:53 -08:00
backtracetest.c
bounds.c
capability.c
Revert "capabitlies: ns_capable can use the cap helpers rather than lsm call"
2012-01-17 10:19:41 -08:00
cgroup_freezer.c
cgroup: remove cgroup_subsys argument from callbacks
2012-02-02 09:20:22 -08:00
cgroup.c
cgroup: Remove call to synchronize_rcu in cgroup_attach_task
2012-04-09 13:53:12 -07:00
compat.c
compat: Fix RT signal mask corruption via sigprocmask
2012-05-10 08:58:33 -07:00
configs.c
cpu_pm.c
cpu.c
Move x86_64 idle notifiers to generic
2012-04-09 13:57:52 -07:00
cpuset.c
Merge tag 'for-linus' of git://github.com/rustyrussell/linux
2012-04-02 08:53:24 -07:00
crash_dump.c
cred.c
cred: copy_process() should clear child->replacement_session_keyring
2012-04-11 08:20:11 -07:00
delayacct.c
dma.c
Remove all #inclusions of asm/system.h
2012-03-28 18:30:03 +01:00
elfcore.c
exec_domain.c
exit.c
lockdep: remove task argument from debug_check_no_locks_held
2013-07-12 14:22:56 -07:00
extable.c
fork.c
android/lowmemorykiller: Ignore tasks with freed mm
2013-03-15 17:08:47 -07:00
freezer.c
freezer: skip waking up tasks with PF_FREEZER_SKIP set
2013-07-12 14:22:56 -07:00
futex_compat.c
futex: Revert "futex: Mark get_robust_list as deprecated"
2014-06-27 08:15:42 -06:00
futex.c
futex: Validate atomic acquisition in futex_lock_pi_atomic()
2014-06-27 08:15:43 -06:00
groups.c
hrtimer.c
nanosleep: use freezable blocking call
2013-07-12 14:22:58 -07:00
hung_task.c
hung_task: fix the broken rcu_lock_break() logic
2012-03-05 15:49:42 -08:00
irq_work.c
irq_work: fix compile failure on tile from missing include
2012-04-13 13:15:16 -04:00
itimer.c
itimer: Use printk_once instead of WARN_ONCE
2012-04-10 11:00:30 +02:00
jump_label.c
static keys: Inline the static_key_enabled() function
2012-02-28 20:01:08 +01:00
kallsyms.c
vsprintf: Fix %ps on non symbols when using kallsyms
2013-02-08 15:14:22 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
Kconfig.preempt
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
kexec.c
Merge branch 'akpm' (Andrew's patch-bomb)
2012-03-28 17:19:28 -07:00
kfifo.c
kmod.c
PM / Sleep: Mitigate race between the freezer and request_firmware()
2012-03-28 23:30:28 +02:00
kprobes.c
kprobes: return proper error code from register_kprobe()
2012-03-05 15:49:42 -08:00
ksysfs.c
kthread.c
latencytop.c
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
lockdep.c
lockdep: remove task argument from debug_check_no_locks_held
2013-07-12 14:22:56 -07:00
Makefile
sysctl: Move the implementation into fs/proc/proc_sysctl.c
2012-01-24 16:37:54 -08:00
module.c
module: Remove module size limit
2012-03-26 12:50:53 +10:30
mutex-debug.c
mutex-debug.h
mutex.c
sched/rt: Use schedule_preempt_disabled()
2012-03-01 10:28:03 +01:00
mutex.h
notifier.c
nsproxy.c
padata.c
padata: Fix cpu hotplug
2012-03-29 19:52:46 +08:00
panic.c
panic: resume console if panic after console suspend.
2013-09-09 17:16:14 -07:00
params.c
params: <level>_initcall-like kernel parameters
2012-03-26 12:50:51 +10:30
pid_namespace.c
pidns: add reboot_pid_ns() to handle the reboot syscall
2012-03-28 17:14:36 -07:00
pid.c
vfs: fix panic in __d_lookup() with high dentry hashtable counts
2012-02-13 20:45:38 -05:00
posix-cpu-timers.c
[S390] cputime: add sparse checking and cleanup
2011-12-15 14:56:19 +01:00
posix-timers.c
printk.c
panic: resume console if panic after console suspend.
2013-09-09 17:16:14 -07:00
profile.c
ptrace.c
ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
2014-06-26 13:20:19 -06:00
range.c
rcu.h
rcu: Allow nesting of rcu_idle_enter() and rcu_idle_exit()
2012-02-21 09:06:12 -08:00
rcupdate.c
rcu: Check for illegal use of RCU from offlined CPUs
2012-02-21 09:06:03 -08:00
rcutiny_plugin.h
rcu: Simplify unboosting checks
2012-02-21 09:03:43 -08:00
rcutiny.c
rcu: Add RCU_NONIDLE() for idle-loop RCU read-side critical sections
2012-02-21 09:06:13 -08:00
rcutorture.c
PTR_ERR should be called before its argument is cleared.
2012-02-21 09:06:10 -08:00
rcutree_plugin.h
rcu: Hold off RCU_FAST_NO_HZ after timer posted
2012-02-21 09:42:30 -08:00
rcutree_trace.c
rcu: Rework detection of use of RCU by offline CPUs
2012-02-21 09:06:07 -08:00
rcutree.c
rcu: Fix day-one dyntick-idle stall-warning bug
2013-02-08 15:14:25 -08:00
rcutree.h
rcu: Rework detection of use of RCU by offline CPUs
2012-02-21 09:06:07 -08:00
relay.c
relay: prevent integer overflow in relay_open()
2012-02-10 09:04:49 +01:00
res_counter.c
net: introduce res_counter_charge_nofail() for socket allocations
2012-01-22 15:08:46 -05:00
resource.c
DMM: Fix for movable bytes near end of address space
2013-02-20 02:50:30 -08:00
rtmutex_common.h
rtmutex-debug.c
lockdep, rtmutex, bug: Show taint flags on error
2011-12-06 08:16:49 +01:00
rtmutex-debug.h
rtmutex-tester.c
rtmutex-tester: convert sysdev_class to a regular subsystem
2011-12-14 14:54:22 -08:00
rtmutex.c
Revert "rcu: Permit rt_mutex_unlock() with irqs disabled"
2011-12-11 10:33:18 -08:00
rtmutex.h
rwsem.c
Remove all #inclusions of asm/system.h
2012-03-28 18:30:03 +01:00
seccomp.c
seccomp: audit abnormal end to a process due to seccomp
2012-01-17 16:16:55 -05:00
semaphore.c
signal.c
ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
2014-06-26 13:20:19 -06:00
smp.c
smp: add func to IPI cpus based on parameter func
2012-03-28 17:14:35 -07:00
softirq.c
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2012-03-20 10:32:09 -07:00
spinlock.c
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
srcu.c
rcu: Call out dangers of expedited RCU primitives
2012-02-21 09:06:08 -08:00
stacktrace.c
stop_machine.c
sys_ni.c
sys.c
use clamp_t in UNAME26 fix
2014-06-26 12:52:23 -06:00
sysctl_binary.c
msm: 8x55: put reason for boot in procfs from SMEM
2013-02-08 15:14:28 -08:00
sysctl.c
Revert "sched: add sysctl for controlling task migrations on wake"
2013-03-15 17:13:14 -07:00
taskstats.c
test_kprobes.c
time.c
time: Remove bogus comments
2012-03-15 18:17:55 -07:00
timeconst.pl
timer.c
timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
2013-06-24 18:55:42 +00:00
tracepoint.c
static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]()
2012-02-24 10:05:59 +01:00
tsacct.c
[S390] cputime: add sparse checking and cleanup
2011-12-15 14:56:19 +01:00
uid16.c
up.c
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
wait.c
lockdep/waitqueues: Add better annotation
2011-12-21 10:07:39 +01:00
watchdog.c
kernel/watchdog.c: add comment to watchdog() exit path
2012-03-23 16:58:32 -07:00
workqueue_sched.h
workqueue.c
workqueue: skip nr_running sanity check in worker_enter_idle() if trustee is active
2013-03-04 12:48:24 -08:00