e909cedf68
Fixes use-after-free in kunit debugfs when using kunit.filter when
the executor frees dynamically allocated resources after running
boot-time tests. This resulted in fatal hardware exception due to
invalidation of capability flags on the reclaimed memory on some
architectures such as CHERI RISC-V that support the feature, and
silent memory corruption on others.
Fix for this UAF couples the coupling the lifetime of the filtered
suite memory allocation to the lifetime of the kunit subsystem and its
associated VFS nodes. Ownership of the boot-time suite_set is now
transferred to a global tracker ('kunit_boot_suites'), and the memory
is cleanly released in kunit_exit() during module teardown.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAmoV6vEACgkQCwJExA0N
QxzyHBAA2POZWgHKwHip5nGp/Q+c3ttDYAnWno/ZZRARrC/bzDYxno4BLBw8oZK3
Zr9TsKYyu3JjIb6GEzS0WMNmRi/W/kfPlEELIoVFDh46EucErsoYPoyp0tNw1YgW
52lw+j9NiPHAaeev8duzOlSucCthcmw43F+cS2Ru6nsVszq8fi0LzCq9KCnrgnjT
3qzyCpzqzd7Kn/ex7DNXabJKB4jm4w3eGpyeYCYnH/02Q+pHAp8Rfftd7Mw9Q4b9
lhIlOXg1UisYfTpoTHNi960u8McbYu80jx9K6JJ6mXN4Nw/UXwoWhJsZPARYstN1
uI0TXzAaOsBOsiNSuLCkYQUSdXokqv/1eMLgL6/dMe93IqFgGYW4nqDL/RhOBiMM
e/40odgt+ep9LhAClEqHJXZtc+dtC33C6K9ZxYGzAJVk7jQ7MhVzkNh2Yk2Q6qOP
Ro+IwTWAWrVzN+l6PDltsZw6+r+2jKPB9Gcb/lSvW3XiUdNKzYL2aXiiYUqV+DgJ
U1SQhTeByN1xq0hbvCj/m7AQZp9k7T5S4OUGhuRFept5jCN2wueYWLSimRVM6wbN
rQq43XWx8z2AYeIARKFquE4SKrOb27eHHk4nDxFIk9ofNL7HQdEyScS/N4j+dN36
u5fNZOOU5pc73HU68uxK3e9wYf3cncN1RTo8fBwivOZFBn2meys=
=VKMy
-----END PGP SIGNATURE-----
Merge tag 'linux_kselftest-kunit-fixes-7.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Pull kunit fix from Shuah Khan:
"Fix a use-after-free in kunit debugfs when using kunit.filter when the
executor frees dynamically allocated resources after running boot-time
tests. This resulted in fatal hardware exception due to invalidation
of capability flags on the reclaimed memory on some architectures such
as CHERI RISC-V that support the feature, and silent memory corruption
on others.
The fix for this couples the lifetime of the filtered suite memory
allocation to the lifetime of the kunit subsystem and its associated
VFS nodes. Ownership of the boot-time suite_set is now transferred to
a global tracker ('kunit_boot_suites'), and the memory is cleanly
released in kunit_exit() during module teardown"
* tag 'linux_kselftest-kunit-fixes-7.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
kunit: fix use-after-free in debugfs when using kunit.filter
|
||
|---|---|---|
| .. | ||
| acpi | ||
| asm-generic | ||
| clocksource | ||
| crypto | ||
| cxl | ||
| drm | ||
| dt-bindings | ||
| hyperv | ||
| keys | ||
| kunit | ||
| kvm | ||
| linux | ||
| math-emu | ||
| media | ||
| memory | ||
| misc | ||
| net | ||
| pcmcia | ||
| ras | ||
| rdma | ||
| rv | ||
| scsi | ||
| soc | ||
| sound | ||
| target | ||
| trace | ||
| uapi | ||
| ufs | ||
| vdso | ||
| video | ||
| xen | ||
| Kbuild | ||