[PATCH v6 0/3] coresight: prevent deactivate active config while enabling the config
Suzuki K Poulose
suzuki.poulose at arm.com
Tue May 20 08:41:56 PDT 2025
On Wed, 14 May 2025 17:19:48 +0100, Yeoreum Yun wrote:
> While enable active config via cscfg_csdev_enable_active_config(),
> active config could be deactivated via configfs' sysfs interface.
> This could make UAF issue in below scenario:
>
> CPU0 CPU1
> (sysfs enable) load module
> cscfg_load_config_sets()
> activate config. // sysfs
> (sys_active_cnt == 1)
> ...
> cscfg_csdev_enable_active_config()
> lock(csdev->cscfg_csdev_lock)
> // here load config activate by CPU1
> unlock(csdev->cscfg_csdev_lock)
>
> [...]
Applied, thanks!
[1/3] coresight/etm4: fix missing disable active config
https://git.kernel.org/coresight/c/895b12b7
[2/3] coresight: holding cscfg_csdev_lock while removing cscfg from csdev
https://git.kernel.org/coresight/c/53b9e265
[3/3] coresight: prevent deactivate active config while enabling the config
https://git.kernel.org/coresight/c/408c97c4
Best regards,
--
Suzuki K Poulose <suzuki.poulose at arm.com>
More information about the linux-arm-kernel
mailing list