From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
Chris Wright <chrisw@sous-sol.org>
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Hugh Dickins <hugh@veritas.com>
Subject: [patch 81/88] fs core fixes
Date: Thu, 30 Apr 2009 09:57:10 -0700 [thread overview]
Message-ID: <20090430165750.307931445@mini.kroah.org> (raw)
In-Reply-To: <20090430170122.GA16015@kroah.com>
[-- Attachment #1: fs-core-fixes.patch --]
[-- Type: text/plain, Size: 5178 bytes --]
2.6.28-stable review patch. If anyone has any objections, please let us know.
------------------
From: Hugh Dickins <hugh@veritas.com>
Please add the following 4 commits to 2.6.27-stable and 2.6.28-stable.
However, there has been a lot of change here between 2.6.28 and 2.6.29:
in particular, fs/exec.c's unsafe_exec() grew into the more complicated
check_unsafe_exec(). So applying the original patches gives too many
rejects: at the bottom is the diffstat and the combined patch required.
1
Commit: 53e9309e01277ec99c38e84e0ca16921287cf470
Author: Hugh Dickins <hugh@veritas.com>
Date: Sat, 28 Mar 2009 23:16:03 +0000 (+0000)
Subject: [patch 81/88] compat_do_execve should unshare_files
2
Commit: e426b64c412aaa3e9eb3e4b261dc5be0d5a83e78
Author: Hugh Dickins <hugh@veritas.com>
Date: Sat, 28 Mar 2009 23:20:19 +0000 (+0000)
Subject: [patch 81/88] fix setuid sometimes doesn't
3
Commit: 7c2c7d993044cddc5010f6f429b100c63bc7dffb
Author: Hugh Dickins <hugh@veritas.com>
Date: Sat, 28 Mar 2009 23:21:27 +0000 (+0000)
Subject: [patch 81/88] fix setuid sometimes wouldn't
4
Commit: f1191b50ec11c8e2ca766d6d99eb5bb9d2c084a3
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Mon, 30 Mar 2009 11:35:18 +0000 (-0400)
Subject: [patch 81/88] check_unsafe_exec() doesn't care about signal handlers sharing
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/compat.c | 12 +++++++++++-
fs/exec.c | 4 +---
fs/proc/base.c | 50 ++++++++++++++++----------------------------------
3 files changed, 28 insertions(+), 38 deletions(-)
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1386,12 +1386,17 @@ int compat_do_execve(char * filename,
{
struct linux_binprm *bprm;
struct file *file;
+ struct files_struct *displaced;
int retval;
+ retval = unshare_files(&displaced);
+ if (retval)
+ goto out_ret;
+
retval = -ENOMEM;
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
if (!bprm)
- goto out_ret;
+ goto out_files;
file = open_exec(filename);
retval = PTR_ERR(file);
@@ -1443,6 +1448,8 @@ int compat_do_execve(char * filename,
security_bprm_free(bprm);
acct_update_integrals(current);
free_bprm(bprm);
+ if (displaced)
+ put_files_struct(displaced);
return retval;
}
@@ -1463,6 +1470,9 @@ out_file:
out_kfree:
free_bprm(bprm);
+out_files:
+ if (displaced)
+ reset_files_struct(displaced);
out_ret:
return retval;
}
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1084,9 +1084,7 @@ static int unsafe_exec(struct task_struc
{
int unsafe = tracehook_unsafe_exec(p);
- if (atomic_read(&p->fs->count) > 1 ||
- atomic_read(&p->files->count) > 1 ||
- atomic_read(&p->sighand->count) > 1)
+ if (atomic_read(&p->fs->count) > 1)
unsafe |= LSM_UNSAFE_SHARE;
return unsafe;
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -148,15 +148,22 @@ static unsigned int pid_entry_count_dirs
return count;
}
-static struct fs_struct *get_fs_struct(struct task_struct *task)
+static int get_fs_path(struct task_struct *task, struct path *path, bool root)
{
struct fs_struct *fs;
+ int result = -ENOENT;
+
task_lock(task);
fs = task->fs;
- if(fs)
- atomic_inc(&fs->count);
+ if (fs) {
+ read_lock(&fs->lock);
+ *path = root ? fs->root : fs->pwd;
+ path_get(path);
+ read_unlock(&fs->lock);
+ result = 0;
+ }
task_unlock(task);
- return fs;
+ return result;
}
static int get_nr_threads(struct task_struct *tsk)
@@ -174,42 +181,24 @@ static int get_nr_threads(struct task_st
static int proc_cwd_link(struct inode *inode, struct path *path)
{
struct task_struct *task = get_proc_task(inode);
- struct fs_struct *fs = NULL;
int result = -ENOENT;
if (task) {
- fs = get_fs_struct(task);
+ result = get_fs_path(task, path, 0);
put_task_struct(task);
}
- if (fs) {
- read_lock(&fs->lock);
- *path = fs->pwd;
- path_get(&fs->pwd);
- read_unlock(&fs->lock);
- result = 0;
- put_fs_struct(fs);
- }
return result;
}
static int proc_root_link(struct inode *inode, struct path *path)
{
struct task_struct *task = get_proc_task(inode);
- struct fs_struct *fs = NULL;
int result = -ENOENT;
if (task) {
- fs = get_fs_struct(task);
+ result = get_fs_path(task, path, 1);
put_task_struct(task);
}
- if (fs) {
- read_lock(&fs->lock);
- *path = fs->root;
- path_get(&fs->root);
- read_unlock(&fs->lock);
- result = 0;
- put_fs_struct(fs);
- }
return result;
}
@@ -567,7 +556,6 @@ static int mounts_open_common(struct ino
struct task_struct *task = get_proc_task(inode);
struct nsproxy *nsp;
struct mnt_namespace *ns = NULL;
- struct fs_struct *fs = NULL;
struct path root;
struct proc_mounts *p;
int ret = -EINVAL;
@@ -581,22 +569,16 @@ static int mounts_open_common(struct ino
get_mnt_ns(ns);
}
rcu_read_unlock();
- if (ns)
- fs = get_fs_struct(task);
+ if (ns && get_fs_path(task, &root, 1) == 0)
+ ret = 0;
put_task_struct(task);
}
if (!ns)
goto err;
- if (!fs)
+ if (ret)
goto err_put_ns;
- read_lock(&fs->lock);
- root = fs->root;
- path_get(&root);
- read_unlock(&fs->lock);
- put_fs_struct(fs);
-
ret = -ENOMEM;
p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL);
if (!p)
next prev parent reply other threads:[~2009-04-30 17:45 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090430165549.117010404@mini.kroah.org>
2009-04-30 17:01 ` [patch 00/88] 2.6.28.10-stable review Greg KH
2009-04-30 16:55 ` [patch 01/88] bonding: Fix updating of speed/duplex changes Greg KH
2009-04-30 16:55 ` [patch 02/88] net: fix sctp breakage Greg KH
2009-04-30 16:55 ` [patch 03/88] ipv6: dont use tw net when accounting for recycled tw Greg KH
2009-04-30 16:55 ` [patch 04/88] ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c) Greg KH
2009-04-30 16:55 ` [patch 05/88] netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack Greg KH
2009-04-30 16:55 ` [patch 06/88] xfrm: spin_lock() should be spin_unlock() in xfrm_state.c Greg KH
2009-04-30 16:55 ` [patch 07/88] bridge: bad error handling when adding invalid ether address Greg KH
2009-04-30 16:55 ` [patch 08/88] bas_gigaset: correctly allocate USB interrupt transfer buffer Greg KH
2009-04-30 16:55 ` [patch 09/88] USB: EHCI: add software retry for transaction errors Greg KH
2009-04-30 16:55 ` [patch 10/88] USB: fix USB_STORAGE_CYPRESS_ATACB Greg KH
2009-04-30 16:56 ` [patch 11/88] USB: usb-storage: increase max_sectors for tape drives Greg KH
2009-04-30 16:56 ` [patch 12/88] USB: gadget: fix rndis regression Greg KH
2009-04-30 16:56 ` [patch 13/88] USB: add quirk to avoid config and interface strings Greg KH
2009-04-30 16:56 ` [patch 14/88] cifs: fix buffer format byte on NT Rename/hardlink Greg KH
2009-04-30 16:56 ` [patch 15/88] b43: fix b43_plcp_get_bitrate_idx_ofdm return type Greg KH
2009-04-30 16:56 ` [patch 16/88] CIFS: Fix memory overwrite when saving nativeFileSystem field during mount Greg KH
2009-04-30 16:56 ` [patch 17/88] Add a missing unlock_kernel() in raw_open() Greg KH
2009-04-30 16:56 ` [patch 18/88] x86, PAT, PCI: Change vma prot in pci_mmap to reflect inherited prot Greg KH
2009-04-30 16:56 ` [patch 19/88] x86: mtrr: dont modify RdDram/WrDram bits of fixed MTRRs Greg KH
2009-04-30 16:56 ` [patch 20/88] security/smack: fix oops when setting a size 0 SMACK64 xattr Greg KH
2009-04-30 16:56 ` [patch 21/88] x86, setup: mark %esi as clobbered in E820 BIOS call Greg KH
2009-04-30 16:56 ` [patch 22/88] dock: fix dereference after kfree() Greg KH
2009-04-30 16:56 ` [patch 23/88] mm: define a UNIQUE value for AS_UNEVICTABLE flag Greg KH
2009-04-30 16:56 ` [patch 24/88] mm: do_xip_mapping_read: fix length calculation Greg KH
2009-04-30 16:56 ` [patch 25/88] vfs: skip I_CLEAR state inodes Greg KH
2009-04-30 16:56 ` [patch 26/88] af_rose/x25: Sanity check the maximum user frame size Greg KH
2009-04-30 16:56 ` [patch 27/88] net/netrom: Fix socket locking Greg KH
2009-04-30 16:56 ` [patch 28/88] kprobes: Fix locking imbalance in kretprobes Greg KH
2009-04-30 16:56 ` [patch 29/88] netfilter: {ip, ip6, arp}_tables: fix incorrect loop detection Greg KH
2009-04-30 16:56 ` [patch 30/88] splice: fix deadlock in splicing to file Greg KH
2009-04-30 16:56 ` [patch 31/88] ALSA: hda - add missing comma in ad1884_slave_vols Greg KH
2009-04-30 16:56 ` [patch 32/88] SCSI: libiscsi: fix iscsi pool error path Greg KH
2009-04-30 16:56 ` [patch 33/88] SCSI: libiscsi: fix iscsi pool error path again Greg KH
2009-04-30 16:56 ` [patch 34/88] posixtimers, sched: Fix posix clock monotonicity Greg KH
2009-04-30 16:56 ` [patch 35/88] sched: do not count frozen tasks toward load Greg KH
2009-04-30 16:56 ` [patch 36/88] add some long-missing capabilities to fs_mask Greg KH
2009-04-30 16:56 ` [patch 37/88] spi: spi_write_then_read() bugfixes Greg KH
2009-04-30 16:56 ` [patch 38/88] powerpc: Fix data-corrupting bug in __futex_atomic_op Greg KH
2009-04-30 16:56 ` [patch 39/88] hpt366: fix HPT370 DMA timeouts Greg KH
2009-04-30 16:56 ` [patch 40/88] pata_hpt37x: " Greg KH
2009-04-30 16:56 ` [patch 41/88] mm: pass correct mm when growing stack Greg KH
2009-04-30 16:56 ` [patch 42/88] SCSI: sg: fix races during device removal Greg KH
2009-04-30 16:56 ` [patch 43/88] SCSI: sg: fix races with ioctl(SG_IO) Greg KH
2009-04-30 16:56 ` [patch 44/88] SCSI: sg: avoid blk_put_request/blk_rq_unmap_user in interrupt Greg KH
2009-04-30 16:56 ` [patch 45/88] usb gadget: fix ethernet link reports to ethtool Greg KH
2009-04-30 16:56 ` [patch 46/88] USB: ftdi_sio: add vendor/project id for JETI specbos 1201 spectrometer Greg KH
2009-04-30 16:56 ` [patch 47/88] USB: fix oops in cdc-wdm in case of malformed descriptors Greg KH
2009-04-30 16:56 ` [patch 48/88] USB: usb-storage: augment unusual_devs entry for Simple Tech/Datafab Greg KH
2009-04-30 16:56 ` [patch 49/88] Input: gameport - fix attach driver code Greg KH
2009-04-30 16:56 ` [patch 50/88] r8169: Reset IntrStatus after chip reset Greg KH
2009-04-30 16:56 ` [patch 51/88] agp: zero pages before sending to userspace Greg KH
2009-04-30 16:56 ` [patch 52/88] hugetlbfs: return negative error code for bad mount option Greg KH
2009-04-30 16:56 ` [patch 53/88] block: revert part of 18ce3751ccd488c78d3827e9f6bf54e6322676fb Greg KH
2009-04-30 16:56 ` [patch 54/88] anon_inodes: use fops->owner for module refcount Greg KH
2009-04-30 16:56 ` [patch 55/88] KVM: x86: Reset pending/inject NMI state on CPU reset Greg KH
2009-04-30 16:56 ` [patch 56/88] KVM: call kvm_arch_vcpu_reset() instead of the kvm_x86_ops callback Greg KH
2009-04-30 16:56 ` [patch 57/88] KVM: MMU: Extend kvm_mmu_page->slot_bitmap size Greg KH
2009-04-30 16:56 ` [patch 58/88] KVM: VMX: Move private memory slot position Greg KH
2009-04-30 16:56 ` [patch 59/88] KVM: SVM: Set the g bit of the cs selector for cross-vendor migration Greg KH
2009-04-30 16:56 ` [patch 60/88] KVM: SVM: Set the busy flag of the TR selector Greg KH
2009-04-30 16:56 ` [patch 61/88] KVM: MMU: Fix aliased gfns treated as unaliased Greg KH
2009-04-30 16:56 ` [patch 62/88] KVM: Fix cpuid leaf 0xb loop termination Greg KH
2009-04-30 16:56 ` [patch 63/88] KVM: Fix cpuid iteration on multiple leaves per eac Greg KH
2009-04-30 16:56 ` [patch 64/88] KVM: Prevent trace call into unloaded module text Greg KH
2009-04-30 16:56 ` [patch 65/88] KVM: Really remove a slot when a user ask us so Greg KH
2009-04-30 16:56 ` [patch 66/88] KVM: x86 emulator: Fix handling of VMMCALL instruction Greg KH
2009-04-30 16:56 ` [patch 67/88] KVM: set owner of cpu and vm file operations Greg KH
2009-04-30 16:56 ` [patch 68/88] KVM: Advertise the bug in memory region destruction as fixed Greg KH
2009-04-30 16:56 ` [patch 69/88] KVM: MMU: check for present pdptr shadow page in walk_shadow Greg KH
2009-04-30 16:56 ` [patch 70/88] KVM: MMU: handle large host sptes on invlpg/resync Greg KH
2009-04-30 16:57 ` [patch 71/88] KVM: mmu_notifiers release method Greg KH
2009-04-30 16:57 ` [patch 72/88] KVM: PIT: fix i8254 pending count read Greg KH
2009-04-30 16:57 ` [patch 73/88] KVM: x86: disable kvmclock on non constant TSC hosts Greg KH
2009-04-30 16:57 ` [patch 74/88] KVM: x86: fix LAPIC pending count calculation Greg KH
2009-04-30 16:57 ` [patch 75/88] KVM: VMX: Flush volatile msrs before emulating rdmsr Greg KH
2009-04-30 16:57 ` [patch 76/88] ath9k: implement IO serialization Greg KH
2009-04-30 16:57 ` [patch 77/88] ath9k: AR9280 PCI devices must serialize IO as well Greg KH
2009-04-30 16:57 ` [patch 78/88] md: fix deadlock when stopping arrays Greg KH
2009-04-30 16:57 ` [patch 79/88] block: include empty disks in /proc/diskstats Greg KH
2009-04-30 16:57 ` [patch 80/88] powerpc: Sanitize stack pointer in signal handling code Greg KH
2009-04-30 16:57 ` Greg KH [this message]
2009-04-30 16:57 ` [patch 82/88] fix ptrace slowness Greg KH
2009-04-30 16:57 ` [patch 83/88] crypto: ixp4xx - Fix handling of chained sg buffers Greg KH
2009-04-30 16:57 ` [patch 84/88] PCI: fix incorrect mask of PM No_Soft_Reset bit Greg KH
2009-04-30 16:57 ` [patch 85/88] exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337) Greg KH
2009-04-30 16:57 ` [patch 86/88] b44: Use kernel DMA addresses for the kernel DMA API Greg KH
2009-04-30 16:57 ` [patch 87/88] thinkpad-acpi: fix LED blinking through timer trigger Greg KH
2009-04-30 16:57 ` [patch 88/88] unreached code in selinux_ip_postroute_iptables_compat() (CVE-2009-1184) Greg KH
2009-04-30 21:44 ` [patch 00/88] 2.6.28.10-stable review Henrique de Moraes Holschuh
2009-04-30 21:54 ` Willy Tarreau
2009-05-02 15:38 ` Henrique de Moraes Holschuh
2009-04-30 22:32 ` Greg KH
2009-05-01 0:07 ` Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090430165750.307931445@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chrisw@sous-sol.org \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=hugh@veritas.com \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox