Commit ef2e9a56 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull seccomp fixes from Kees Cook:
 "This fixes a rare race condition in seccomp when using TSYNC and
  USER_NOTIF together where a memory allocation would not get freed
  (found by syzkaller, fixed by Tycho).

  Additionally updates Tycho's MAINTAINERS and .mailmap entries for his
  new address"

* tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  seccomp: don't leave dangling ->notif if file allocation fails
  mailmap, MAINTAINERS: move to tycho.pizza
  seccomp: don't leak memory when filter install races
parents 4f8b0a5b e8393179

.mailmap

+1 −0
Original line number Diff line number Diff line
@@ -308,6 +308,7 @@ Tony Luck <tony.luck@intel.com> 
TripleX Chung <xxx.phy@gmail.com> <triplex@zh-kernel.org>

TripleX Chung <xxx.phy@gmail.com> <zhongyu@18mail.cn>

Tsuneo Yoshioka <Tsuneo.Yoshioka@f-secure.com>

Tycho Andersen <tycho@tycho.pizza> <tycho@tycho.ws>

Uwe Kleine-König <ukleinek@informatik.uni-freiburg.de>

Uwe Kleine-König <ukl@pengutronix.de>

Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>

MAINTAINERS

+1 −1
Original line number Diff line number Diff line
@@ -9800,7 +9800,7 @@ F: drivers/scsi/53c700* 














LEAKING_ADDRESSES















M:	Tobin C. Harding <me@tobin.cc>













M:	Tycho Andersen <tycho@tycho.ws>













M:	Tycho Andersen <tycho@tycho.pizza>















L:	kernel-hardening@lists.openwall.com















S:	Maintained















T:	git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git

































kernel/seccomp.c



+18
−6






























Original line number
Diff line number
Diff line








@@ -1109,13 +1109,18 @@ out:













}































#ifdef CONFIG_SECCOMP_FILTER













static int seccomp_notify_release(struct inode *inode, struct file *file)













static void seccomp_notify_free(struct seccomp_filter *filter)













{













	kfree(filter->notif);













	filter->notif = NULL;













}



























static void seccomp_notify_detach(struct seccomp_filter *filter)















{













	struct seccomp_filter *filter = file->private_data;















	struct seccomp_knotif *knotif;































	if (!filter)













		return 0;













		return;































	mutex_lock(&filter->notify_lock);

























@@ -1139,9 +1144,15 @@ static int seccomp_notify_release(struct inode *inode, struct file *file)













		complete(&knotif->ready);















	}





























	kfree(filter->notif);













	filter->notif = NULL;













	seccomp_notify_free(filter);















	mutex_unlock(&filter->notify_lock);













}



























static int seccomp_notify_release(struct inode *inode, struct file *file)













{













	struct seccomp_filter *filter = file->private_data;



























	seccomp_notify_detach(filter);















	__put_seccomp_filter(filter);















	return 0;















}










@@ -1488,7 +1499,7 @@ static struct file *init_listener(struct seccomp_filter *filter)





























out_notif:















	if (IS_ERR(ret))













		kfree(filter->notif);













		seccomp_notify_free(filter);















out:















	return ret;















}










@@ -1581,6 +1592,7 @@ out_put_fd:













			listener_f->private_data = NULL;















			fput(listener_f);















			put_unused_fd(listener);













			seccomp_notify_detach(prepared);















		} else {















			fd_install(listener, listener_f);















			ret = listener;



































































CRA Git | Maintained and supported by SUSTech CRA and CCSE