stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
1,236,932 Commits 99 Branches 5,402 Tags 8.3 GiB
add1ecc8f3
Go to file
Pei Xiao add1ecc8f3 tee: fix NULL pointer dereference in tee_shm_put 
[ Upstream commit e4a718a3a4 ]

tee_shm_put have NULL pointer dereference:

__optee_disable_shm_cache -->
	shm = reg_pair_to_ptr(...);//shm maybe return NULL
        tee_shm_free(shm); -->
		tee_shm_put(shm);//crash

Add check in tee_shm_put to fix it.

panic log:
Unable to handle kernel paging request at virtual address 0000000000100cca
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000
[0000000000100cca] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] SMP
CPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ----
6.6.0-39-generic #38
Source Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07
Hardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0
10/26/2022
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : tee_shm_put+0x24/0x188
lr : tee_shm_free+0x14/0x28
sp : ffff001f98f9faf0
x29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000
x26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048
x23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88
x20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff
x17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003
x14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101
x11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c
x8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca
Call trace:
tee_shm_put+0x24/0x188
tee_shm_free+0x14/0x28
__optee_disable_shm_cache+0xa8/0x108
optee_shutdown+0x28/0x38
platform_shutdown+0x28/0x40
device_shutdown+0x144/0x2b0
kernel_power_off+0x3c/0x80
hibernate+0x35c/0x388
state_store+0x64/0x80
kobj_attr_store+0x14/0x28
sysfs_kf_write+0x48/0x60
kernfs_fop_write_iter+0x128/0x1c0
vfs_write+0x270/0x370
ksys_write+0x6c/0x100
__arm64_sys_write+0x20/0x30
invoke_syscall+0x4c/0x120
el0_svc_common.constprop.0+0x44/0xf0
do_el0_svc+0x24/0x38
el0_svc+0x24/0x88
el0t_64_sync_handler+0x134/0x150
el0t_64_sync+0x14c/0x15

Fixes: dfd0743f1d ("tee: handle lookup of shm with reference count 0")
Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-09-09 18:56:20 +02:00
arch LoongArch: Save LBT before FPU in setup_sigcontext() 2025-09-09 18:56:19 +02:00
block block: reject invalid operation in submit_bio_noacct 2025-08-28 16:28:40 +02:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2025-04-25 10:45:58 +02:00
crypto crypto: jitter - fix intermediary handling 2025-08-28 16:28:26 +02:00
Documentation dt-bindings: display/msm: qcom,mdp5: drop lut clock 2025-09-04 15:30:22 +02:00
drivers tee: fix NULL pointer dereference in tee_shm_put 2025-09-09 18:56:20 +02:00
fs fs: writeback: fix use-after-free in __mark_inode_dirty() 2025-09-09 18:56:20 +02:00
include bpf: Fix oob access in cgroup local storage 2025-09-09 18:56:19 +02:00
init sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP 2025-05-02 07:50:57 +02:00
io_uring io_uring/net: commit partial buffers on retry 2025-08-28 16:28:11 +02:00
ipc ipc: fix to protect IPCS lookups using RCU 2025-06-27 11:08:49 +01:00
kernel bpf: Fix oob access in cgroup local storage 2025-09-09 18:56:19 +02:00
lib maple_tree: fix mt_destroy_walk() on root leaf node 2025-07-17 18:35:14 +02:00
LICENSES
mm mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn 2025-08-28 16:28:43 +02:00
net Bluetooth: hci_sync: Avoid adding default advertising on startup 2025-09-09 18:56:20 +02:00
rust rust: module: place cleanup_module() in .exit.text section 2025-07-06 11:00:06 +02:00
samples samples: mei: Fix building on musl libc 2025-08-15 12:08:43 +02:00
scripts kconfig: lxdialog: fix 'space' to (de)select options 2025-08-28 16:28:29 +02:00
security apparmor: use the condition in AA_BUG_FMT even with debug disabled 2025-08-28 16:28:28 +02:00
sound ASoC: codecs: tx-macro: correct tx_macro_component_drv name 2025-09-04 15:30:19 +02:00
tools cpupower: Fix a bug where the -t option of the set subcommand was not working. 2025-09-09 18:56:20 +02:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
.rustfmt.toml
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS sign-file,extract-cert: move common SSL helper functions to a header 2025-04-25 10:45:57 +02:00
Makefile Linux 6.6.104 2025-09-04 15:30:29 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.