[PATCH v6 0/2] sched: Fix dup_user_cpus_ptr() & do_set_cpus_allowed() bugs

From: Waiman Long
Date: Fri Dec 30 2022 - 23:12:45 EST

Next message: Waiman Long: "[PATCH v6 1/2] sched: Fix use-after-free bug in dup_user_cpus_ptr()"
Previous message: Waiman Long: "[PATCH v6 2/2] sched: Use kfree_rcu() in do_set_cpus_allowed()"
Next in thread: Waiman Long: "[PATCH v6 2/2] sched: Use kfree_rcu() in do_set_cpus_allowed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

v6:
- Update patch 2 to fix build error with !CONFIG_SMP configs.

v5:
- Add an alloc_user_cpus_ptr() helper and use it in patch 2.

v4:
- Make sure user_cpus_ptr allocation size is large enough for
rcu_head.

This series fixes a UAF bug in dup_user_cpus_ptr() and uses kfree_rcu()
in do_set_cpus_allowed to avoid lockdep splats.

Waiman Long (2):
sched: Fix use-after-free bug in dup_user_cpus_ptr()
sched: Use kfree_rcu() in do_set_cpus_allowed()

kernel/sched/core.c | 65 +++++++++++++++++++++++++++++++++++++++------
1 file changed, 57 insertions(+), 8 deletions(-)

--
2.31.1

Next message: Waiman Long: "[PATCH v6 1/2] sched: Fix use-after-free bug in dup_user_cpus_ptr()"
Previous message: Waiman Long: "[PATCH v6 2/2] sched: Use kfree_rcu() in do_set_cpus_allowed()"
Next in thread: Waiman Long: "[PATCH v6 2/2] sched: Use kfree_rcu() in do_set_cpus_allowed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]