ext4-fix-potential-htree-index-checksum-corruption.patch
i40e-fix-flow-for-ipv6-next-header-extension-header.patch
i40e-fix-overwriting-flow-control-settings-during-dr.patch
-take-mmap-lock-in-cacheflush-syscall.patch
net-mlx4_core-add-missed-mlx4_free_cmd_mailbox.patch
ocfs2-fix-a-use-after-free-on-error.patch
mm-memory.c-fix-potential-pte_unmap_unlock-pte-error.patch
+++ /dev/null
-From 94c4e2a23429522082d63237493034d6a4435502 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 19 Feb 2021 14:59:35 +0800
-Subject: Take mmap lock in cacheflush syscall
-
-From: Jann Horn <jannh@google.com>
-
-[ Upstream commit c26958cb5a0d9053d1358258827638773f3d36ed ]
-
-We need to take the mmap lock around find_vma() and subsequent use of the
-VMA. Otherwise, we can race with concurrent operations like munmap(), which
-can lead to use-after-free accesses to freed VMAs.
-
-Fixes: 1000197d8013 ("nios2: System calls handling")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/nios2/kernel/sys_nios2.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/arch/nios2/kernel/sys_nios2.c b/arch/nios2/kernel/sys_nios2.c
-index cd390ec4f88bf..b1ca856999521 100644
---- a/arch/nios2/kernel/sys_nios2.c
-+++ b/arch/nios2/kernel/sys_nios2.c
-@@ -22,6 +22,7 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- unsigned int op)
- {
- struct vm_area_struct *vma;
-+ struct mm_struct *mm = current->mm;
-
- if (len == 0)
- return 0;
-@@ -34,16 +35,22 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- if (addr + len < addr)
- return -EFAULT;
-
-+ if (mmap_read_lock_killable(mm))
-+ return -EINTR;
-+
- /*
- * Verify that the specified address region actually belongs
- * to this process.
- */
-- vma = find_vma(current->mm, addr);
-- if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
-+ vma = find_vma(mm, addr);
-+ if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end) {
-+ mmap_read_unlock(mm);
- return -EFAULT;
-+ }
-
- flush_cache_range(vma, addr, addr + len);
-
-+ mmap_read_unlock(mm);
- return 0;
- }
-
---
-2.27.0
-
i40e-add-zero-initialization-of-aq-command-structure.patch
i40e-fix-overwriting-flow-control-settings-during-dr.patch
i40e-fix-vfs-not-created.patch
-take-mmap-lock-in-cacheflush-syscall.patch
i40e-fix-add-tc-filter-for-ipv6.patch
net-mlx4_core-add-missed-mlx4_free_cmd_mailbox.patch
vxlan-move-debug-check-after-netdev-unregister.patch
+++ /dev/null
-From 1ef2f917d29933eccf325fccea8fb641240ebb13 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 19 Feb 2021 14:59:35 +0800
-Subject: Take mmap lock in cacheflush syscall
-
-From: Jann Horn <jannh@google.com>
-
-[ Upstream commit c26958cb5a0d9053d1358258827638773f3d36ed ]
-
-We need to take the mmap lock around find_vma() and subsequent use of the
-VMA. Otherwise, we can race with concurrent operations like munmap(), which
-can lead to use-after-free accesses to freed VMAs.
-
-Fixes: 1000197d8013 ("nios2: System calls handling")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/nios2/kernel/sys_nios2.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/arch/nios2/kernel/sys_nios2.c b/arch/nios2/kernel/sys_nios2.c
-index cd390ec4f88bf..b1ca856999521 100644
---- a/arch/nios2/kernel/sys_nios2.c
-+++ b/arch/nios2/kernel/sys_nios2.c
-@@ -22,6 +22,7 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- unsigned int op)
- {
- struct vm_area_struct *vma;
-+ struct mm_struct *mm = current->mm;
-
- if (len == 0)
- return 0;
-@@ -34,16 +35,22 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- if (addr + len < addr)
- return -EFAULT;
-
-+ if (mmap_read_lock_killable(mm))
-+ return -EINTR;
-+
- /*
- * Verify that the specified address region actually belongs
- * to this process.
- */
-- vma = find_vma(current->mm, addr);
-- if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
-+ vma = find_vma(mm, addr);
-+ if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end) {
-+ mmap_read_unlock(mm);
- return -EFAULT;
-+ }
-
- flush_cache_range(vma, addr, addr + len);
-
-+ mmap_read_unlock(mm);
- return 0;
- }
-
---
-2.27.0
-
misc-eeprom_93xx46-add-module-alias-to-avoid-breakin.patch
vmci-use-set_page_dirty_lock-when-unregistering-gues.patch
pci-align-checking-of-syscall-user-config-accessors.patch
-take-mmap-lock-in-cacheflush-syscall.patch
mm-memory.c-fix-potential-pte_unmap_unlock-pte-error.patch
mm-hugetlb-fix-potential-double-free-in-hugetlb_regi.patch
i2c-brcmstb-fix-brcmstd_send_i2c_cmd-condition.patch
+++ /dev/null
-From 244758ba62fba26291ab05f76a696c10e5093eec Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 19 Feb 2021 14:59:35 +0800
-Subject: Take mmap lock in cacheflush syscall
-
-From: Jann Horn <jannh@google.com>
-
-[ Upstream commit c26958cb5a0d9053d1358258827638773f3d36ed ]
-
-We need to take the mmap lock around find_vma() and subsequent use of the
-VMA. Otherwise, we can race with concurrent operations like munmap(), which
-can lead to use-after-free accesses to freed VMAs.
-
-Fixes: 1000197d8013 ("nios2: System calls handling")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/nios2/kernel/sys_nios2.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/arch/nios2/kernel/sys_nios2.c b/arch/nios2/kernel/sys_nios2.c
-index cd390ec4f88bf..b1ca856999521 100644
---- a/arch/nios2/kernel/sys_nios2.c
-+++ b/arch/nios2/kernel/sys_nios2.c
-@@ -22,6 +22,7 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- unsigned int op)
- {
- struct vm_area_struct *vma;
-+ struct mm_struct *mm = current->mm;
-
- if (len == 0)
- return 0;
-@@ -34,16 +35,22 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- if (addr + len < addr)
- return -EFAULT;
-
-+ if (mmap_read_lock_killable(mm))
-+ return -EINTR;
-+
- /*
- * Verify that the specified address region actually belongs
- * to this process.
- */
-- vma = find_vma(current->mm, addr);
-- if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
-+ vma = find_vma(mm, addr);
-+ if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end) {
-+ mmap_read_unlock(mm);
- return -EFAULT;
-+ }
-
- flush_cache_range(vma, addr, addr + len);
-
-+ mmap_read_unlock(mm);
- return 0;
- }
-
---
-2.27.0
-
pci-align-checking-of-syscall-user-config-accessors.patch
drm-msm-dsi-correct-io_start-for-msm8994-20nm-phy.patch
i40e-fix-flow-for-ipv6-next-header-extension-header.patch
-take-mmap-lock-in-cacheflush-syscall.patch
net-mlx4_core-add-missed-mlx4_free_cmd_mailbox.patch
ocfs2-fix-a-use-after-free-on-error.patch
mm-memory.c-fix-potential-pte_unmap_unlock-pte-error.patch
+++ /dev/null
-From 9588a1bbc0fcc95b5fd6cddeb7e27c70fca6b662 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 19 Feb 2021 14:59:35 +0800
-Subject: Take mmap lock in cacheflush syscall
-
-From: Jann Horn <jannh@google.com>
-
-[ Upstream commit c26958cb5a0d9053d1358258827638773f3d36ed ]
-
-We need to take the mmap lock around find_vma() and subsequent use of the
-VMA. Otherwise, we can race with concurrent operations like munmap(), which
-can lead to use-after-free accesses to freed VMAs.
-
-Fixes: 1000197d8013 ("nios2: System calls handling")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/nios2/kernel/sys_nios2.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/arch/nios2/kernel/sys_nios2.c b/arch/nios2/kernel/sys_nios2.c
-index cd390ec4f88bf..b1ca856999521 100644
---- a/arch/nios2/kernel/sys_nios2.c
-+++ b/arch/nios2/kernel/sys_nios2.c
-@@ -22,6 +22,7 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- unsigned int op)
- {
- struct vm_area_struct *vma;
-+ struct mm_struct *mm = current->mm;
-
- if (len == 0)
- return 0;
-@@ -34,16 +35,22 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- if (addr + len < addr)
- return -EFAULT;
-
-+ if (mmap_read_lock_killable(mm))
-+ return -EINTR;
-+
- /*
- * Verify that the specified address region actually belongs
- * to this process.
- */
-- vma = find_vma(current->mm, addr);
-- if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
-+ vma = find_vma(mm, addr);
-+ if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end) {
-+ mmap_read_unlock(mm);
- return -EFAULT;
-+ }
-
- flush_cache_range(vma, addr, addr + len);
-
-+ mmap_read_unlock(mm);
- return 0;
- }
-
---
-2.27.0
-
i40e-fix-overwriting-flow-control-settings-during-dr.patch
i40e-fix-addition-of-rx-filters-after-enabling-fw-ll.patch
i40e-fix-vfs-not-created.patch
-take-mmap-lock-in-cacheflush-syscall.patch
i40e-fix-add-tc-filter-for-ipv6.patch
vfio-type1-use-follow_pte.patch
net-mlx4_core-add-missed-mlx4_free_cmd_mailbox.patch
+++ /dev/null
-From 3cc567f67f91469d57e4777720b585e4b8cd0f7a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 19 Feb 2021 14:59:35 +0800
-Subject: Take mmap lock in cacheflush syscall
-
-From: Jann Horn <jannh@google.com>
-
-[ Upstream commit c26958cb5a0d9053d1358258827638773f3d36ed ]
-
-We need to take the mmap lock around find_vma() and subsequent use of the
-VMA. Otherwise, we can race with concurrent operations like munmap(), which
-can lead to use-after-free accesses to freed VMAs.
-
-Fixes: 1000197d8013 ("nios2: System calls handling")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/nios2/kernel/sys_nios2.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/arch/nios2/kernel/sys_nios2.c b/arch/nios2/kernel/sys_nios2.c
-index cd390ec4f88bf..b1ca856999521 100644
---- a/arch/nios2/kernel/sys_nios2.c
-+++ b/arch/nios2/kernel/sys_nios2.c
-@@ -22,6 +22,7 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- unsigned int op)
- {
- struct vm_area_struct *vma;
-+ struct mm_struct *mm = current->mm;
-
- if (len == 0)
- return 0;
-@@ -34,16 +35,22 @@ asmlinkage int sys_cacheflush(unsigned long addr, unsigned long len,
- if (addr + len < addr)
- return -EFAULT;
-
-+ if (mmap_read_lock_killable(mm))
-+ return -EINTR;
-+
- /*
- * Verify that the specified address region actually belongs
- * to this process.
- */
-- vma = find_vma(current->mm, addr);
-- if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
-+ vma = find_vma(mm, addr);
-+ if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end) {
-+ mmap_read_unlock(mm);
- return -EFAULT;
-+ }
-
- flush_cache_range(vma, addr, addr + len);
-
-+ mmap_read_unlock(mm);
- return 0;
- }
-
---
-2.27.0
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
