linux

mirror of https://github.com/torvalds/linux.git synced 2026-03-08 07:04:48 +01:00

Linux kernel source tree

Find a file

Thomas Gleixner 8b68e97871 x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in tss_update_io_bitmap(). tss_update_io_bitmap() operates on the current task. If current has TIF_IO_BITMAP set, but no bitmap installed, tss_update_io_bitmap() crashes with a NULL pointer dereference. There are two issues, which lead to that problem: 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when the task, which is cleaned up, is not the current task. That's a clear indicator for a cleanup after a failed fork(). 2) A task should not have TIF_IO_BITMAP set and neither a bitmap installed nor IOPL emulation level 3 activated. This happens when a kernel thread is created in the context of a user space thread, which has TIF_IO_BITMAP set as the thread flags are copied and the IO bitmap pointer is cleared. Other than in the failed fork() case this has no impact because kernel threads including IO workers never return to user space and therefore never invoke tss_update_io_bitmap(). Cure this by adding the missing cleanups and checks: 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if the to be cleaned up task is not the current task. 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user space forks it is set later, when the IO bitmap is inherited in io_bitmap_share(). For paranoia sake, add a warning into tss_update_io_bitmap() to catch the case, when that code is invoked with inconsistent state. Fixes: `ea5f1cd7ab` ("x86/ioperm: Remove bitmap if all permissions dropped") Reported-by: syzbot+e2b1803445d236442e54@syzkaller.appspotmail.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/87wmdceom2.ffs@tglx		2025-06-03 15:56:39 +02:00
arch	x86/iopl: Cure TIF_IO_BITMAP inconsistencies	2025-06-03 15:56:39 +02:00
block	xfs: New code for 6.16	2025-05-26 12:56:01 -07:00
certs	sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3	2024-09-20 19:52:48 +03:00
crypto	This update includes the following changes:	2025-05-26 13:47:28 -07:00
Documentation	Carve out the resctrl filesystem-related code into fs/resctrl/ so that	2025-05-27 09:53:02 -07:00
drivers	Add a virtual TPM driver glue which allows a guest kernel to talk to a TPM	2025-05-27 10:21:04 -07:00
fs	Carve out the resctrl filesystem-related code into fs/resctrl/ so that	2025-05-27 09:53:02 -07:00
include	Add a virtual TPM driver glue which allows a guest kernel to talk to a TPM	2025-05-27 10:21:04 -07:00
init	Another set of timer API cleanups:	2025-05-27 08:31:21 -07:00
io_uring	Locking changes for v6.16:	2025-05-26 14:42:07 -07:00
ipc	VFS: rename lookup_one_len family to lookup_noperm and remove permission check	2025-04-08 11:24:36 +02:00
kernel	Updates for the time/timer core code:	2025-05-27 09:04:15 -07:00
lib	Carve out the resctrl filesystem-related code into fs/resctrl/ so that	2025-05-27 09:53:02 -07:00
LICENSES	LICENSES: add 0BSD license text	2024-09-01 20:43:24 -07:00
mm	Locking changes for v6.16:	2025-05-26 14:42:07 -07:00
net	Another set of timer API cleanups:	2025-05-27 08:31:21 -07:00
rust	RCU pull request for v6.16	2025-05-26 14:20:50 -07:00
samples	configfs-for-v6.16	2025-05-26 12:28:55 -07:00
scripts	Core x86 updates for v6.16:	2025-05-26 16:04:17 -07:00
security	vfs-6.16-rc1.async.dir	2025-05-26 08:02:43 -07:00
sound	Another set of timer API cleanups:	2025-05-27 08:31:21 -07:00
tools	Core x86 updates for v6.16:	2025-05-26 16:04:17 -07:00
usr	usr/include: openrisc: don't HDRTEST bpf_perf_event.h	2025-05-12 15:03:17 +09:00
virt	ARM:	2025-04-08 13:47:55 -07:00
.clang-format	clang-format: Update the ForEachMacros list for v6.15-rc1	2025-04-13 11:03:59 +02:00
.clippy.toml	rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration	2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig	.editorconfig: remove trim_trailing_whitespace option	2024-06-13 16:47:52 +02:00
.get_maintainer.ignore	MAINTAINERS: Retire Ralf Baechle	2024-11-12 15:48:59 +01:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	kbuild: Create intermediate vmlinux build with relocations preserved	2025-03-17 00:29:50 +09:00
.mailmap	22 hotfixes. 13 are cc:stable and the remainder address post-6.14 issues	2025-05-25 07:48:35 -07:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: update SLAB ALLOCATOR maintainers	2025-04-17 20:10:06 -07:00
Kbuild	drm: ensure drm headers are self-contained and pass kernel-doc	2025-02-12 10:44:43 +02:00
Kconfig	io_uring: Rename KConfig to Kconfig	2025-02-19 14:53:27 -07:00
MAINTAINERS	Carve out the resctrl filesystem-related code into fs/resctrl/ so that	2025-05-27 09:53:02 -07:00
Makefile	Linux 6.15	2025-05-25 16:09:23 -07:00
README	README: Fix spelling	2024-03-18 03:36:32 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.