github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-05 13:06:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
fa5466d73c
linux/drivers
History
Eric W. Biederman 392d51e0b5 signal/GenWQE: Fix sending of SIGKILL 
commit 0ab93e9c99 upstream.

The genweq_add_file and genwqe_del_file by caching current without
using reference counting embed the assumption that a file descriptor
will never be passed from one process to another.  It even embeds the
assumption that the the thread that opened the file will be in
existence when the process terminates.   Neither of which are
guaranteed to be true.

Therefore replace caching the task_struct of the opener with
pid of the openers thread group id.  All the knowledge of the
opener is used for is as the target of SIGKILL and a SIGKILL
will kill the entire process group.

Rename genwqe_force_sig to genwqe_terminate, remove it's unncessary
signal argument, update it's ownly caller, and use kill_pid
instead of force_sig.

The work force_sig does in changing signal handling state is not
relevant to SIGKILL sent as SEND_SIG_PRIV.  The exact same processess
will be killed just with less work, and less confusion.  The work done
by force_sig is really only needed for handling syncrhonous
exceptions.

It will still be possible to cause genwqe_device_remove to wait
8 seconds by passing a file descriptor to another process but
the possible user after free is fixed.

Fixes: eaf4722d46 ("GenWQE Character device and DDCB queue")
Cc: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Frank Haverkamp <haver@linux.vnet.ibm.com>
Cc: Joerg-Stephan Vogt <jsvogt@de.ibm.com>
Cc: Michael Jung <mijung@gmx.net>
Cc: Michael Ruettger <michael@ibmra.de>
Cc: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Cc: Eberhard S. Amann <esa@linux.vnet.ibm.com>
Cc: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Cc: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-13 11:08:45 -08:00
..
accessibility
acpi ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers 2018-11-13 11:08:28 -08:00
amba
android android: binder: fix the race mmap and alloc_new_buf_locked 2018-09-12 09:18:29 +02:00
ata libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 2018-11-13 11:08:30 -08:00
atm
auxdisplay Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
base Char/Misc fixes for 4.19-rc7 2018-10-07 08:15:57 +02:00
bcma
block xen/blkfront: avoid NULL blkfront_info dereference on device removal 2018-11-13 11:08:40 -08:00
bluetooth Bluetooth: hci_qca: Remove hdev dereference in qca_close(). 2018-11-13 11:08:25 -08:00
bus Merge branch 'perm-fix' into omap-for-v4.19/fixes-v2 2018-08-28 09:58:03 -07:00
cdrom cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status 2018-08-29 08:09:20 -06:00
char tpm: Restore functionality to xen vtpm driver. 2018-11-13 11:08:40 -08:00
clk One fix for the Allwinner A10 SoC's audio PLL that wasn't properly set 2018-10-17 13:40:10 +02:00
clocksource clocksource/drivers/timer-atmel-pit: Properly handle error cases 2018-09-27 12:01:45 +02:00
connector
cpufreq cpufreq: dt: Try freeing static OPPs only if we have added them 2018-11-13 11:08:24 -08:00
cpuidle cpuidle: menu: Retain tick when shallow state is selected 2018-08-25 13:16:08 +02:00
crypto crypto: caam - fix implicit casts in endianness helpers 2018-11-13 11:08:36 -08:00
dax device-dax: Add missing address_space_operations 2018-09-22 09:07:33 -07:00
dca
devfreq Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
dio
dma dmaengine: ppc4xx: fix off-by-one build failure 2018-11-13 11:08:41 -08:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire firewire: use 64-bit time_t based interfaces 2018-08-17 16:20:27 -07:00
firmware firmware: coreboot: Unmap ioregion after device population 2018-11-13 11:08:37 -08:00
fmc
fpga fpga: bridge: fix obvious function documentation error 2018-09-30 08:49:55 -07:00
fsi fsi: sbefifo: Bump max command length 2018-08-08 15:44:47 +10:00
gnss
gpio gpio: brcmstb: allow 0 width GPIO banks 2018-11-13 11:08:30 -08:00
gpu Second pull request for v4.19: 2018-10-20 12:26:26 +10:00
hid HID: hiddev: fix potential Spectre v1 2018-11-13 11:08:44 -08:00
hsi
hv Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask 2018-11-13 11:08:34 -08:00
hwmon hwmon: (pwm-fan) Set fan speed to 0 on suspend 2018-11-13 11:08:21 -08:00
hwspinlock hwspinlock: Fix incorrect return pointers 2018-07-30 20:54:51 -07:00
hwtracing coresight: etb10: Fix handling of perf mode 2018-11-13 11:08:36 -08:00
i2c i2c: rcar: cleanup DMA for all kinds of failure 2018-10-20 15:25:59 +02:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2018-08-22 07:40:33 -07:00
idle
iio First set of IIO fixes for the 4.19 cycle. 2018-09-09 09:33:29 +02:00
infiniband IB/mlx5: Fix MR cache initialization 2018-11-13 11:08:43 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-10-20 08:42:56 +02:00
iommu iommu/amd: Clear memory encryption mask from physical address 2018-10-05 10:20:24 +02:00
ipack
irqchip irqchip/pdc: Setup all edge interrupts as rising edge at GIC 2018-11-13 11:08:34 -08:00
isdn isdn: Disable IIOCDBGVAR 2018-08-16 12:26:24 -07:00
leds leds: ns2: Change unsigned to unsigned int 2018-08-06 23:03:12 +02:00
lightnvm lightnvm: pblk: fix race condition on metadata I/O 2018-11-13 11:08:21 -08:00
macintosh macintosh: therm_windtunnel: drop using attach_adapter 2018-08-24 14:42:42 +02:00
mailbox mailbox: PCC: handle parse error 2018-11-13 11:08:18 -08:00
mcb
md MD: fix invalid stored role for a disk 2018-11-13 11:08:35 -08:00
media media: v4l: event: Prevent freeing event subscriptions while accessed 2018-10-03 06:32:51 -04:00
memory memory: ti-aemif: fix a potential NULL-pointer dereference 2018-09-06 10:04:07 -07:00
memstick
message scsi: message: fusion: Replace GFP_ATOMIC with GFP_KERNEL 2018-07-30 23:17:53 -04:00
mfd mfd: menelaus: Fix possible race condition and leak 2018-11-13 11:08:38 -08:00
misc signal/GenWQE: Fix sending of SIGKILL 2018-11-13 11:08:45 -08:00
mmc sdhci: acpi: add free_slot callback 2018-11-13 11:08:23 -08:00
mtd mtd: rawnand: atmel: Fix potential NULL pointer dereference 2018-11-13 11:08:24 -08:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() 2018-11-13 11:08:41 -08:00
nfc
ntb
nubus
nvdimm libnvdimm, pmem: Fix badblocks population for 'raw' namespaces 2018-11-13 11:08:42 -08:00
nvme nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O 2018-11-13 11:08:24 -08:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: Add missing exports of node name compare functions 2018-11-13 11:08:32 -08:00
opp OPP: Free OPP table properly on performance state irregularities 2018-11-13 11:08:39 -08:00
oprofile
parisc
parport Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
pci PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk 2018-11-13 11:08:45 -08:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf arm64: perf: Reject stand-alone CHAIN events for PMUv3 2018-10-12 15:25:17 +01:00
phy Merge 4.18-rc7 into usb-next 2018-07-30 10:04:58 +02:00
pinctrl pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant 2018-11-13 11:08:29 -08:00
platform mfd: cros-ec: copy the whole event in get_next_event_xfer 2018-10-09 20:57:30 -07:00
pnp
power treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
powercap
pps
ps3
ptp ptp: fix Spectre v1 vulnerability 2018-10-17 22:00:22 -07:00
pwm pwm: mediatek: Add MT7628 support 2018-08-20 11:36:07 +02:00
rapidio drivers/rapidio/devices/rio_mport_cdev.c: remove redundant pointer md 2018-08-22 10:52:51 -07:00
ras
regulator regulator: fix crash caused by null driver data 2018-09-20 09:04:51 -07:00
remoteproc remoteproc/davinci: use the reset framework 2018-08-16 17:39:55 -07:00
reset ARM: SoC: late updates 2018-08-25 14:12:36 -07:00
rpmsg rpmsg: Add compat ioctl for rpmsg char driver 2018-07-30 23:40:23 -07:00
rtc RTC for 4.19 2018-08-20 16:30:27 -07:00
s390 s390 fixes for 4.19-rc8 2018-10-10 08:44:35 +02:00
sbus oradax: remove redundant null check before kfree 2018-10-07 22:42:00 -07:00
scsi scsi: lpfc: Correct race with abort on completion path 2018-11-13 11:08:37 -08:00
sfi
sh sh: introduce a sh_cacheop_vaddr helper 2018-08-02 13:54:06 +02:00
siox
slimbus
sn
soc soc: fsl: qman_portals: defer probe after qman's probe 2018-10-01 17:47:43 -05:00
soundwire soundwire: Fix acquiring bus lock twice during master release 2018-08-27 09:49:48 +05:30
spi spi: gpio: No MISO does not imply no RX 2018-11-13 11:08:28 -08:00
spmi
ssb ssb: Remove SSB_WARN_ON, SSB_BUG_ON and SSB_DEBUG 2018-08-09 18:47:47 +03:00
staging media fixes for v4.19-rc5 2018-09-24 15:16:41 +02:00
target scsi: target: Fix target_wait_for_sess_cmds breakage with active signals 2018-11-13 11:08:42 -08:00
tc
tee ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
thermal thermal: da9062/61: Prevent hardware access during system suspend 2018-11-13 11:08:31 -08:00
thunderbolt thunderbolt: Initialize after IOMMUs 2018-10-02 10:51:16 -07:00
tty Fix open-coded multiplication arguments to allocators 2018-10-11 19:10:30 +02:00
uio uio: ensure class is registered before devices 2018-11-13 11:08:37 -08:00
usb usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" 2018-11-13 11:08:41 -08:00
uwb
vfio powerpc updates for 4.19 2018-08-17 11:32:50 -07:00
vhost vhost: Fix Spectre V1 vulnerability 2018-11-04 14:50:51 +01:00
video mach64: detect the dot clock divider correctly on sparc 2018-10-07 22:41:05 -07:00
virt
virtio virtio, vhost: fixes, tweaks 2018-08-24 08:45:19 -07:00
visorbus
vlynq
vme
w1 power supply and reset changes for the v4.19 series 2018-08-21 18:06:27 -07:00
watchdog include/linux/compiler*.h: make compiler-*.h mutually exclusive 2018-08-22 17:31:34 -07:00
xen xen/balloon: Support xend-based toolstack 2018-11-13 11:08:40 -08:00
zorro
Kconfig
Makefile Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00