mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bbb6d0f3e1feb43d663af089c7dedb23be6a04fb
linux/kernel
History
Alexey Gladkov bbb6d0f3e1 ucounts: Increase ucounts reference counter before the security hook 
We need to increment the ucounts reference counter befor security_prepare_creds()
because this function may fail and abort_creds() will try to decrement
this reference.

[   96.465056][ T8641] FAULT_INJECTION: forcing a failure.
[   96.465056][ T8641] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   96.478453][ T8641] CPU: 1 PID: 8641 Comm: syz-executor668 Not tainted 5.14.0-rc6-syzkaller #0
[   96.487215][ T8641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   96.497254][ T8641] Call Trace:
[   96.500517][ T8641]  dump_stack_lvl+0x1d3/0x29f
[   96.505758][ T8641]  ? show_regs_print_info+0x12/0x12
[   96.510944][ T8641]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   96.516652][ T8641]  should_fail+0x384/0x4b0
[   96.521141][ T8641]  prepare_alloc_pages+0x1d1/0x5a0
[   96.526236][ T8641]  __alloc_pages+0x14d/0x5f0
[   96.530808][ T8641]  ? __rmqueue_pcplist+0x2030/0x2030
[   96.536073][ T8641]  ? lockdep_hardirqs_on_prepare+0x3e2/0x750
[   96.542056][ T8641]  ? alloc_pages+0x3f3/0x500
[   96.546635][ T8641]  allocate_slab+0xf1/0x540
[   96.551120][ T8641]  ___slab_alloc+0x1cf/0x350
[   96.555689][ T8641]  ? kzalloc+0x1d/0x30
[   96.559740][ T8641]  __kmalloc+0x2e7/0x390
[   96.563980][ T8641]  ? kzalloc+0x1d/0x30
[   96.568029][ T8641]  kzalloc+0x1d/0x30
[   96.571903][ T8641]  security_prepare_creds+0x46/0x220
[   96.577174][ T8641]  prepare_creds+0x411/0x640
[   96.581747][ T8641]  __sys_setfsuid+0xe2/0x3a0
[   96.586333][ T8641]  do_syscall_64+0x3d/0xb0
[   96.590739][ T8641]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   96.596611][ T8641] RIP: 0033:0x445a69
[   96.600483][ T8641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   96.620152][ T8641] RSP: 002b:00007f1054173318 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[   96.628543][ T8641] RAX: ffffffffffffffda RBX: 00000000004ca4c8 RCX: 0000000000445a69
[   96.636600][ T8641] RDX: 0000000000000010 RSI: 00007f10541732f0 RDI: 0000000000000000
[   96.644550][ T8641] RBP: 00000000004ca4c0 R08: 0000000000000001 R09: 0000000000000000
[   96.652500][ T8641] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004ca4cc
[   96.660631][ T8641] R13: 00007fffffe0b62f R14: 00007f1054173400 R15: 0000000000022000

Fixes: 905ae01c4a ("Add a reference to ucounts for each cred")
Reported-by: syzbot+01985d7909f9468f013c@syzkaller.appspotmail.com
Signed-off-by: Alexey Gladkov <legion@kernel.org>
Link: https://lkml.kernel.org/r/97433b1742c3331f02ad92de5a4f07d673c90613.1629735352.git.legion@kernel.org
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2021-08-23 16:13:04 -05:00
..
bpf
bpf: Fix tail_call_reachable rejection for interpreter when jit failed
2021-07-13 08:19:13 -07:00
cgroup
fs: add vfs_parse_fs_param_source() helper
2021-07-14 09:19:06 -07:00
configs
drivers/char: remove /dev/kmem for good
2021-05-07 00:26:34 -07:00
debug
kernel: debug: Fix unreachable code in gdb_serial_stub()
2021-07-12 11:03:35 -05:00
dma
dma-mapping: handle vmalloc addresses in dma_common_{mmap,get_sgtable}
2021-07-16 11:30:26 +02:00
entry
tick/nohz: Only check for RCU deferred wakeup on user/guest entry when needed
2021-05-31 10:14:49 +02:00
events
Merge branch 'akpm' (patches from Andrew)
2021-06-29 17:29:11 -07:00
gcov
Kconfig: Introduce ARCH_WANTS_NO_INSTR and CC_HAS_NO_PROFILE_FN_ATTR
2021-06-22 11:07:18 -07:00
irq
Merge tag 'irqchip-fixes-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
2021-07-09 15:35:13 +02:00
kcsan
Merge branch 'kcsan.2021.05.18a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu
2021-07-04 12:29:16 -07:00
livepatch
Merge tag 'livepatching-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
2021-04-27 18:14:38 -07:00
locking
Merge tag 'locking-urgent-2021-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-07-11 11:06:09 -07:00
power
PM: hibernate: disable when there are active secretmem users
2021-07-08 11:48:21 -07:00
printk
Merge tag 'printk-for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
2021-06-29 12:07:18 -07:00
rcu
rcu: Fix pr_info() formats and values in show_rcu_gp_kthreads()
2021-07-06 15:53:12 -07:00
sched
Merge tag 'sched-urgent-2021-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-07-11 11:13:57 -07:00
time
timers: Fix get_next_timer_interrupt() with no timers pending
2021-07-15 01:23:54 +02:00
trace
ftrace: Remove redundant initialization of variable ret
2021-07-23 08:46:02 -04:00
.gitignore
.gitignore: prefix local generated files with a slash
2021-05-02 00:43:35 +09:00
acct.c
kernel/acct.c: use #elif instead of #end and #elif
2020-12-15 22:46:15 -08:00
async.c
kernel/async.c: remove async_unregister_domain()
2021-05-07 00:26:33 -07:00
audit_fsnotify.c
audit_alloc_mark(): don't open-code ERR_CAST()
2021-02-23 10:25:27 -05:00
audit_tree.c
audit: Use list_move instead of list_del/list_add
2021-06-08 22:18:35 -04:00
audit_watch.c
fsnotify: generalize handle_inode_event()
2020-12-03 14:58:35 +01:00
audit.c
lsm: separate security_task_getsecid() into subjective and objective variants
2021-03-22 15:23:32 -04:00
audit.h
audit: remove trailing spaces and tabs
2021-06-10 20:59:05 -04:00
auditfilter.c
lsm: separate security_task_getsecid() into subjective and objective variants
2021-03-22 15:23:32 -04:00
auditsc.c
audit: remove trailing spaces and tabs
2021-06-10 20:59:05 -04:00
backtracetest.c
bounds.c
capability.c
capability: handle idmapped mounts
2021-01-24 14:27:16 +01:00
cfi.c
add support for Clang CFI
2021-04-08 16:04:20 -07:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
Merge tag 'smp-urgent-2021-06-29' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-06-29 12:23:02 -07:00
crash_core.c
kdump: use vmlinux_build_id to simplify
2021-07-08 11:48:22 -07:00
crash_dump.c
cred.c
ucounts: Increase ucounts reference counter before the security hook
2021-08-23 16:13:04 -05:00
delayacct.c
delayacct: Add sysctl to enable at runtime
2021-05-12 11:43:25 +02:00
dma.c
exec_domain.c
exit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
extable.c
fail_function.c
fault-injection: handle EI_ETYPE_TRUE
2020-12-15 22:46:19 -08:00
fork.c
ucounts: Fix regression preventing increasing of rlimits in init_user_ns
2021-08-23 16:10:42 -05:00
freezer.c
sched: Add get_current_state()
2021-06-18 11:43:08 +02:00
futex.c
Merge tag 'locking-core-2021-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-06-28 11:45:29 -07:00
gen_kheaders.sh
kbuild: clean up ${quiet} checks in shell scripts
2021-05-27 04:01:50 +09:00
groups.c
groups: simplify struct group_info allocation
2021-02-26 09:41:03 -08:00
hung_task.c
Merge branch 'akpm' (patches from Andrew)
2021-07-02 12:08:10 -07:00
iomem.c
irq_work.c
irq_work: Make irq_work_queue() NMI-safe again
2021-06-10 10:00:08 +02:00
jump_label.c
jump_label: Fix jump_label_text_reserved() vs __init
2021-07-05 10:46:20 +02:00
kallsyms.c
module: add printk formats to add module build ID to stacktraces
2021-07-08 11:48:22 -07:00
kcmp.c
Merge branch 'exec-update-lock-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-12-15 19:36:48 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
sched/core: Disable CONFIG_SCHED_CORE by default
2021-06-28 22:43:05 +02:00
kcov.c
kernel: make kcov_common_handle consider the current context
2020-11-02 18:00:20 -08:00
kexec_core.c
kernel.h: split out panic and oops helpers
2021-07-01 11:06:04 -07:00
kexec_elf.c
kexec_file.c
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
2021-05-07 00:26:32 -07:00
kexec_internal.h
kexec: move machine_kexec_post_load() to public interface
2021-02-22 12:33:26 +00:00
kexec.c
kheaders.c
kmod.c
modules: add CONFIG_MODPROBE_PATH
2021-05-07 00:26:33 -07:00
kprobes.c
Merge tag 'locking-urgent-2021-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-07-11 11:06:09 -07:00
ksysfs.c
kthread.c
Merge branch 'akpm' (patches from Andrew)
2021-06-29 17:29:11 -07:00
latencytop.c
Makefile
kbuild: update config_data.gz only when the content of .config is changed
2021-05-02 00:43:35 +09:00
module_signature.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module_signing.c
module: harden ELF info handling
2021-01-19 10:24:45 +01:00
module-internal.h
module.c
module: add printk formats to add module build ID to stacktraces
2021-07-08 11:48:22 -07:00
notifier.c
nsproxy.c
Merge tag 'fixes-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
2020-12-14 16:40:27 -08:00
padata.c
panic.c
kernel.h: split out panic and oops helpers
2021-07-01 11:06:04 -07:00
params.c
Merge tag 'modules-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
2020-12-17 13:01:31 -08:00
pid_namespace.c
Merge tag 'fixes-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
2020-12-14 16:40:27 -08:00
pid.c
Merge branch 'exec-update-lock-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-12-15 19:36:48 -08:00
profile.c
kernel: Initialize cpumask before parsing
2021-04-10 13:35:54 +02:00
ptrace.c
sched: Change task_struct::state
2021-06-18 11:43:09 +02:00
range.c
reboot.c
reboot: Add hardware protection power-off
2021-06-21 13:08:36 +01:00
regset.c
relay.c
relay: allow the use of const callback structs
2020-12-15 22:46:18 -08:00
resource_kunit.c
resource: provide meaningful MODULE_LICENSE() in test suite
2020-11-25 18:52:35 +01:00
resource.c
kernel/resource: fix return code check in __request_free_mem_region
2021-05-14 19:41:32 -07:00
rseq.c
rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
2021-04-14 18:04:09 +02:00
scftorture.c
scftorture: Avoid false-positive warnings in scftorture_invoker()
2021-07-06 12:37:55 -07:00
scs.c
scs: switch to vmapped shadow stacks
2020-12-01 10:30:28 +00:00
seccomp.c
seccomp: Support atomic "addfd + send reply"
2021-06-28 12:49:52 -07:00
signal.c
Fix UCOUNT_RLIMIT_SIGPENDING counter leak
2021-07-08 11:43:24 -07:00
smp.c
smp: Fix smp_call_function_single_async prototype
2021-05-06 15:33:49 +02:00
smpboot.c
smpboot: fix duplicate and misplaced inlining directive
2021-07-25 11:06:37 -07:00
smpboot.h
softirq.c
sched: Introduce task_is_running()
2021-06-18 11:43:07 +02:00
stackleak.c
stacktrace.c
static_call.c
static_call: Fix static_call_text_reserved() vs __init
2021-07-05 10:46:33 +02:00
stop_machine.c
stop_machine: Add caller debug info to queue_stop_cpus_work
2021-03-23 16:01:58 +01:00
sys_ni.c
mm: introduce memfd_secret system call to create "secret" memory areas
2021-07-08 11:48:21 -07:00
sys.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
sysctl-test.c
kernel/sysctl-test: Remove some casts which are no-longer required
2021-06-23 16:41:24 -06:00
sysctl.c
Merge branch 'akpm' (patches from Andrew)
2021-07-02 12:08:10 -07:00
task_work.c
kasan: record task_work_add() call stack
2021-04-30 11:20:42 -07:00
taskstats.c
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
test_kprobes.c
torture.c
torture: Replace torture_init_begin string with %s
2021-03-08 14:22:28 -08:00
tracepoint.c
tracepoints: Update static_call before tp_funcs when adding a tracepoint
2021-07-23 08:46:22 -04:00
tsacct.c
ucount.c
ucounts: add missing data type changes
2021-08-09 15:45:02 -05:00
uid16.c
uid16.h
umh.c
kernel/umh.c: fix some spelling mistakes
2021-05-07 00:26:34 -07:00
up.c
Merge tag 'locking-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-05-09 13:07:03 -07:00
user_namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2021-06-28 20:39:26 -07:00
user-return-notifier.c
user.c
Reimplement RLIMIT_MEMLOCK on top of ucounts
2021-04-30 14:14:02 -05:00
usermode_driver.c
Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2021-07-03 11:41:14 -07:00
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: rectify kernel-doc for init_watch()
2021-01-26 11:16:34 +00:00
watchdog_hld.c
watchdog.c
kernel: watchdog: modify the explanation related to watchdog thread
2021-06-29 10:53:46 -07:00
workqueue_internal.h
workqueue.c
wq: handle VM suspension in stall detection
2021-05-20 12:58:30 -04:00