tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

Browse Source 
BugLink: https://bugs.launchpad.net/bugs/2085849

[ Upstream commit b2f11c6f3e1fc60742673b8675c95b78447f3dae ]

If we need to increase the tree depth, allocate a new node, and then
race with another thread that increased the tree depth before us, we'll
still have a preallocated node that might be used later.

If we then use that node for a new non-root node, it'll still have a
pointer to the old root instead of being zeroed - fix this by zeroing it
in the cmpxchg failure path.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
CVE-2024-47668
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
This commit is contained in:
Kent Overstreet
2024-08-10 21:04:35 -04:00
committed by Mehmet Basaran
parent 361da8ab86
commit 5da19471e8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/generic-radix-tree.c
+2
View File
@@ -132,6 +132,8 @@ void *__genradix_ptr_alloc(struct __genradix *radix, size_t offset,
if ((v = cmpxchg_release(&radix->root, r, new_root)) == r) {
v = new_root;
new_node = NULL;
} else {
new_node->children[0] = NULL;
}
}