forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
784,477 commits 5 branches 3 tags 4.3 GiB
  • C 97.1%
  • Assembly 1.8%
  • Shell 0.4%
  • Makefile 0.3%
  • Python 0.2%
Find a file
Eric Biggers cf7de65800 HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 
commit 8c01db7619 upstream.

When a UHID_CREATE command is written to the uhid char device, a
copy_from_user() is done from a user pointer embedded in the command.
When the address limit is KERNEL_DS, e.g. as is the case during
sys_sendfile(), this can read from kernel memory.  Alternatively,
information can be leaked from a setuid binary that is tricked to write
to the file descriptor.  Therefore, forbid UHID_CREATE in these cases.

No other commands in uhid_char_write() are affected by this bug and
UHID_CREATE is marked as "obsolete", so apply the restriction to
UHID_CREATE only rather than to uhid_char_write() entirely.

Thanks to Dmitry Vyukov for adding uhid definitions to syzkaller and to
Jann Horn for commit 9da3f2b740 ("x86/fault: BUG() when uaccess
helpers fault on kernel addresses"), allowing this bug to be found.

Reported-by: syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com
Fixes: d365c6cfd3 ("HID: uhid: add UHID_CREATE and UHID_DESTROY events")
Cc: <stable@vger.kernel.org> # v3.6+
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-27 16:13:10 +01:00
arch RISC-V: Fix raw_copy_{to,from}_user() 2018-11-27 16:13:08 +01:00
block block: Clear kernel memory before copying to user 2018-11-27 16:13:05 +01:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: user - fix leaking uninitialized memory to userspace 2018-11-21 09:19:24 +01:00
Documentation USB: Wait for extra delay time after USB_PORT_FEAT_RESET for quirky hub 2018-11-27 16:13:09 +01:00
drivers HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 2018-11-27 16:13:10 +01:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs ceph: quota: fix null pointer dereference in quota check 2018-11-27 16:13:05 +01:00
include USB: Wait for extra delay time after USB_PORT_FEAT_RESET for quirky hub 2018-11-27 16:13:09 +01:00
init Kbuild updates for v4.19 (2nd) 2018-08-25 13:40:38 -07:00
ipc ipc/shm.c: use ERR_CAST() for shm_lock() error return 2018-10-05 16:32:04 -07:00
kernel sched/core: Take the hotplug lock in sched_init_smp() 2018-11-27 16:13:06 +01:00
lib lib/raid6: Fix arm64 test build 2018-11-27 16:13:05 +01:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mm/swapfile.c: use kvzalloc for swap_info_struct allocation 2018-11-21 09:19:24 +01:00
net SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() 2018-11-27 16:13:08 +01:00
samples samples: disable CONFIG_SAMPLES for UML 2018-10-11 02:15:46 +09:00
scripts Revert "scripts/setlocalversion: git: Make -dirty check more robust" 2018-11-27 16:13:08 +01:00
security apparmor: Fix uninitialized value in aa_split_fqname 2018-11-27 16:13:00 +01:00
sound ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() 2018-11-27 16:13:09 +01:00
tools perf tools: Do not zero sample_id_all for group members 2018-11-27 16:13:06 +01:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: arm64: Fix caching of host MDCR_EL2 value 2018-11-13 11:08:47 -08:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS MAINTAINERS: Add an entry for the code of conduct 2018-10-22 07:33:36 +01:00
Makefile Linux 4.19.4 2018-11-23 08:17:07 +01:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.