Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

A few fixes for UML: 

* mark stack not executable to work on
    more modern systems with selinux
  * fix use-after-free in a virtio error path
  * fix stack buffer overflow in external
    unix socket FD receive function
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEpeA8sTs3M8SN2hR410qiO8sPaAAFAmjLwKMACgkQ10qiO8sP
 aABAJA//VR35MJLinN5x6m+9j65GJ0x9LV+Q6xhFv8W68d4tDAO7Plvxcyrvm4An
 BwCi61WoXdemDnsyNqlxIJAJ7KEq5mJDu71g9Q+DJCCSVwjhWyL4yT8oYXMi36xY
 uWY1/bFsnAC07cM4Rqg5dRTcn6R6HCwXXnG3N+1+ZawWGypyMVBA+8Wk68eNK1xl
 0OwGshlfu5krdYU7cOBtOInTNu/nhqRCmUs/YEsxUmePTvIthhi8dnUjWuf3ppBp
 bUKMirR5YX09I2m3dKtEhw63fdyFBye4U7Z4zUcDu/A9Ub9WBpvKVGKC0z2QElHm
 ibfTf2sTMaukVKXmt3Nx3r3zzAsVDaCvG7DKPfVagXani4Bsr70bRXJ6QkRM+fdc
 i3x1x5ZUJOZYwTl8NtILYdMA30fo4hAYd46RGUPao52KtDboj7tl34TBHkbM1WNT
 7kzY5cEgUDImR/GxkLgczTDxoV9R+ioN/CMfZjLJfe7fLxJ3FDiCkMuGKdPfyuWs
 l/n3kdrASt0dhqFNhIQwkiACbgFie22/CNUcLGcWX/y6sTbZWlDtcDsD2HrSCzno
 mzDp7T544UHpZFCyvgR+qp2sY4G0CzRFlwXzCTmJ/bVgNU4OWlIszU/zHND3KpGr
 /yiX3V8uyLLzmv3S7VNiaVMv4gXStujwPyUFXUFcVIlH50BbCoY=
 =I0px
 -----END PGP SIGNATURE-----

Merge tag 'uml-for-6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux

Pull UML fixes from Johannes Berg:
 "A few fixes for UML, which I'd meant to send earlier but then forgot.

  All of them are pretty long-standing issues that are either not really
  happening (the UAF), in rarely used code (the FD buffer issue), or an
  issue only for some host configurations (the executable stack):

   - mark stack not executable to work on more modern systems with
     selinux

   - fix use-after-free in a virtio error path

   - fix stack buffer overflow in external unix socket FD receive
     function"

* tag 'uml-for-6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux:
  um: Fix FD copy size in os_rcv_fd_msg()
  um: virtio_uml: Fix use-after-free after put_device in probe
  um: Don't mark stack executable
This commit is contained in:
Linus Torvalds 2025-09-18 09:18:27 -07:00
parent 8b789f2b76 df447a3b4a
commit f03e578c8a
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
arch/um/drivers/virtio_uml.c
View File

@ -1250,10 +1250,12 @@ static int virtio_uml_probe(struct platform_device *pdev)
device_set_wakeup_capable(&vu_dev->vdev.dev, true);
rc = register_virtio_device(&vu_dev->vdev);
if (rc)
if (rc) {
put_device(&vu_dev->vdev.dev);
vu_dev->registered = 1;
return rc;
}
vu_dev->registered = 1;
return 0;
error_init:
os_close_file(vu_dev->sock);

2
arch/um/os-Linux/file.c
View File

@ -535,7 +535,7 @@ ssize_t os_rcv_fd_msg(int fd, int *fds, unsigned int n_fds,
cmsg->cmsg_type != SCM_RIGHTS)
return n;
memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len);
memcpy(fds, CMSG_DATA(cmsg), cmsg->cmsg_len - CMSG_LEN(0));
return n;
}

3
arch/um/os-Linux/util.c
View File

@ -20,8 +20,7 @@
void stack_protections(unsigned long address)
{
if (mprotect((void *) address, UM_THREAD_SIZE,
PROT_READ | PROT_WRITE | PROT_EXEC) < 0)
if (mprotect((void *) address, UM_THREAD_SIZE, PROT_READ | PROT_WRITE) < 0)
panic("protecting stack failed, errno = %d", errno);
}