armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
868c257ab2ea3bea5900a16b502b74c09cff2f55
linux/mm
History
Andrey Ryabinin 65375ce7a1 mm: rmap: fix use-after-free in __put_anon_vma 
commit 624483f3ea upstream.

While working address sanitizer for kernel I've discovered
use-after-free bug in __put_anon_vma.

For the last anon_vma, anon_vma->root freed before child anon_vma.
Later in anon_vma_free(anon_vma) we are referencing to already freed
anon_vma->root to check rwsem.

This fixes it by freeing the child anon_vma before freeing
anon_vma->root.

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-11 12:03:26 -07:00
..
backing-dev.c
bdi: avoid oops on device removal
2014-04-26 17:15:35 -07:00
balloon_compaction.c
mm: introduce a common interface for balloon pages mobility
2012-12-11 17:22:26 -08:00
bootmem.c
mm: Add alloc_bootmem_low_pages_nopanic()
2013-01-29 19:32:59 -08:00
bounce.c
mm/bounce.c: fix a regression where MS_SNAP_STABLE (stable pages snapshotting) was ignored
2013-10-13 16:08:33 -07:00
cleancache.c
mm: cleancache: clean up cleancache_enabled
2013-04-30 17:04:01 -07:00
compaction.c
mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block
2014-03-23 21:38:18 -07:00
debug-pagealloc.c
dmapool.c
dmapool: make DMAPOOL_DEBUG detect corruption of free marker
2012-12-11 17:22:24 -08:00
fadvise.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
failslab.c
filemap_xip.c
lift sb_start_write() out of ->write()
2013-04-09 14:12:56 -04:00
filemap.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
fremap.c
mm: fix use-after-free in sys_remap_file_pages
2014-01-09 12:24:24 -08:00
frontswap.c
frontswap: fix incorrect zeroing and allocation size for frontswap_map
2013-06-12 16:29:46 -07:00
highmem.c
Merge tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
2012-12-20 08:37:05 -08:00
huge_memory.c
thp: fix copy_page_rep GPF by testing is_huge_zero_pmd once only
2014-01-25 08:27:12 -08:00
hugetlb_cgroup.c
mm/hugetlb: create hugetlb cgroup file in hugetlb_init
2012-12-18 15:02:15 -08:00
hugetlb.c
mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
2014-05-30 21:52:12 -07:00
hwpoison-inject.c
init-mm.c
internal.h
mm: accelerate munlock() treatment of THP pages
2013-02-27 19:10:09 -08:00
interval_tree.c
mm: add CONFIG_DEBUG_VM_RB build option
2012-10-09 16:22:42 +09:00
Kconfig
mmKconfig: add an option to disable bounce
2013-04-29 15:54:40 -07:00
Kconfig.debug
kmemcheck.c
kmemleak-test.c
kmemleak.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
ksm.c
mm: close PageTail race
2014-04-03 12:01:05 -07:00
maccess.c
madvise.c
mm: madvise: complete input validation before taking lock
2013-04-29 15:54:37 -07:00
Makefile
memcg: add memory.pressure_level events
2013-04-29 15:54:38 -07:00
memblock.c
memblock: fix missing comment of memblock_insert_region()
2013-04-29 15:54:38 -07:00
memcontrol.c
memcg: reparent charges of children before processing parent
2014-03-23 21:38:20 -07:00
memory_hotplug.c
mm/memory_hotplug.c: fix printk format warnings
2013-05-24 16:22:52 -07:00
memory-failure.c
mm/memory-failure.c: fix memory leak by race between poison and unpoison
2014-06-11 12:03:22 -07:00
memory.c
mm: make fixup_user_fault() check the vma access rights too
2014-06-07 13:25:29 -07:00
mempolicy.c
mm/mempolicy.c: fix mempolicy printing in numa_maps
2014-02-06 11:08:12 -08:00
mempool.c
migrate.c
mm: numa: avoid unnecessary work on the failure path
2014-01-09 12:24:23 -08:00
mincore.c
swap: make each swap partition have one address_space
2013-02-23 17:50:17 -08:00
mlock.c
mm: try_to_unmap_cluster() should lock_page() before mlocking
2014-05-06 07:55:32 -07:00
mm_init.c
mm: init: report on last-nid information stored in page->flags
2013-02-23 17:50:18 -08:00
mmap.c
mm: ensure get_unmapped_area() returns higher address than mmap_min_addr
2013-12-04 10:56:39 -08:00
mmu_context.c
mm: remove old aio use_mm() comment
2013-05-07 18:38:27 -07:00
mmu_notifier.c
mm: mmu_notifier: re-fix freed page still mapped in secondary MMU
2013-05-24 16:22:51 -07:00
mmzone.c
mm: rename page struct field helpers
2013-02-23 17:50:18 -08:00
mprotect.c
mm: fix TLB flush race between migration, and change_protection_range
2014-01-09 12:24:23 -08:00
mremap.c
mm, thp: close race between mremap() and split_huge_page()
2014-06-07 13:25:31 -07:00
msync.c
nobootmem.c
mm, nobootmem: do memset() after memblock_reserve()
2013-04-29 15:54:39 -07:00
nommu.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-05-01 07:21:43 -07:00
oom_kill.c
mm, oom: base root bonus on current usage
2014-02-13 13:48:02 -08:00
page_alloc.c
mm: close PageTail race
2014-04-03 12:01:05 -07:00
page_cgroup.c
memcontrol: use N_MEMORY instead N_HIGH_MEMORY
2012-12-12 17:38:32 -08:00
page_io.c
Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block
2013-05-08 10:13:35 -07:00
page_isolation.c
mm: fix zone_watermark_ok_safe() accounting of isolated pages
2013-01-04 16:11:46 -08:00
page-writeback.c
mm: __set_page_dirty_nobuffers() uses spin_lock_irqsave() instead of spin_lock_irq()
2014-02-20 11:06:11 -08:00
pagewalk.c
mm/pagewalk.c: fix walk_page_range() access of wrong PTEs
2013-11-13 12:05:34 +09:00
percpu-km.c
percpu-vm.c
percpu.c
percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()
2014-06-07 13:25:37 -07:00
pgtable-generic.c
mm: fix TLB flush race between migration, and change_protection_range
2014-01-09 12:24:23 -08:00
process_vm_access.c
Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys
2013-03-12 11:05:45 -07:00
quicklist.c
readahead.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
rmap.c
mm: rmap: fix use-after-free in __put_anon_vma
2014-06-11 12:03:26 -07:00
shmem.c
cope with potentially long ->d_dname() output for shmem/hugetlb
2013-10-18 07:45:45 -07:00
slab_common.c
slab: prevent warnings when allocating with __GFP_NOWARN
2013-06-13 10:01:58 +03:00
slab.c
slab: fix init_lock_keys
2013-07-21 18:21:26 -07:00
slab.h
memcg: check that kmem_cache has memcg_params before accessing it
2013-09-07 22:09:58 -07:00
slob.c
mm: rename page struct field helpers
2013-02-23 17:50:18 -08:00
slub.c
slub: Fix calculation of cpu slabs
2014-02-13 13:48:00 -08:00
sparse-vmemmap.c
sparse-vmemmap: specify vmemmap population range in bytes
2013-04-29 15:54:35 -07:00
sparse.c
mm, hotplug: avoid compiling memory hotremove functions when disabled
2013-04-29 15:54:37 -07:00
swap_state.c
swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion
2013-06-12 16:29:45 -07:00
swap.c
mm: close PageTail race
2014-04-03 12:01:05 -07:00
swapfile.c
frontswap: fix incorrect zeroing and allocation size for frontswap_map
2013-06-12 16:29:46 -07:00
truncate.c
mm: drop vmtruncate
2012-12-20 18:46:29 -05:00
util.c
swap: make each swap partition have one address_space
2013-02-23 17:50:17 -08:00
vmalloc.c
mm/vmalloc.c: fix an overflow bug in alloc_vmap_area()
2013-11-13 12:05:34 +09:00
vmpressure.c
memcg: add memory.pressure_level events
2013-04-29 15:54:38 -07:00
vmscan.c
mm/page-writeback.c: do not count anon pages as dirtyable memory
2014-02-13 13:48:00 -08:00
vmstat.c
mm: numa: return the number of base pages altered by protection changes
2013-12-08 07:29:27 -08:00