shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-02 03:03:00 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
16dbfc32a97b8403f6341bbbdfcea54c3da447bb
linux/fs
History
Kees Cook 16dbfc32a9 proc: Track /proc/$pid/attr/ opener mm_struct 
commit 591a22c14d upstream.

Commit bfb819ea20 ("proc: Check /proc/$pid/attr/ writes against file opener")
tried to make sure that there could not be a confusion between the opener of
a /proc/$pid/attr/ file and the writer. It used struct cred to make sure
the privileges didn't change. However, there were existing cases where a more
privileged thread was passing the opened fd to a differently privileged thread
(during container setup). Instead, use mm_struct to track whether the opener
and writer are still the same process. (This is what several other proc files
already do, though for different reasons.)

Reported-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Andrea Righi <andrea.righi@canonical.com>
Tested-by: Andrea Righi <andrea.righi@canonical.com>
Fixes: bfb819ea20 ("proc: Check /proc/$pid/attr/ writes against file opener")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-16 11:12:54 +09:00
..
9p
9P: Cast to loff_t before multiplying
2023-05-16 09:45:39 +09:00
adfs
fs/adfs: super: fix use-after-free bug
2023-05-15 14:09:05 +09:00
affs
affs: fix basic permission bits to actually work
2023-05-16 09:05:59 +09:00
afs
afs: Fix large file support
2023-05-15 16:47:08 +09:00
autofs4
autofs: fix a leak in autofs_expire_indirect()
2023-05-15 16:08:48 +09:00
befs
Merge tag 'befs-v4.9-rc1' of git://github.com/luisbg/linux-befs
2016-10-15 12:09:13 -07:00
bfs
bfs: add sanity check at bfs_fill_super()
2023-05-15 09:57:32 +09:00
btrfs
btrfs: fixup error handling in fixup_inode_link_counts
2023-05-16 11:12:10 +09:00
cachefiles
cachefiles: Handle readpage error correctly
2023-05-16 09:45:46 +09:00
ceph
ceph: fix fscache invalidation
2023-05-16 11:04:57 +09:00
cifs
cifs: fix memory leak in smb2_copychunk_range
2023-05-16 11:05:17 +09:00
coda
coda: add error handling for fget
2023-05-15 14:09:19 +09:00
configfs
configfs: fix a use-after-free in __configfs_open_file
2023-05-16 10:47:34 +09:00
cramfs
Cramfs: fix abad comparison when wrap-arounds occur
2023-05-15 09:23:12 +09:00
crypto
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
2023-05-16 09:44:26 +09:00
debugfs
debugfs: fix use-after-free on symlink traversal
2023-05-15 12:38:42 +09:00
devpts
fs/devpts: always delete dcache dentry-s in dput()
2023-05-15 12:05:59 +09:00
dlm
fs: dlm: fix debugfs dump
2023-05-16 11:03:31 +09:00
ecryptfs
Revert "ecryptfs: replace BUG_ON with error handling code"
2023-05-16 11:05:36 +09:00
efivarfs
efivarfs: revert "fix memory leak in efivarfs_create()"
2023-05-16 09:50:21 +09:00
efs
fs/efs/super.c: fix return value
2016-05-20 17:58:30 -07:00
exfat
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
exofs
fs/exofs: fix potential memory leak in mount option parsing
2023-05-15 09:51:17 +09:00
exportfs
exportfs: fix 'passing zero to ERR_PTR()' warning
2023-05-15 16:42:45 +09:00
ext2
ext2: fix missing percpu_counter_inc
2023-05-16 08:48:08 +09:00
ext4
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
2023-05-16 11:12:03 +09:00
f2fs
f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
2023-05-16 11:04:00 +09:00
fat
fat: don't allow to mount if the FAT length == 0
2023-05-15 17:33:02 +09:00
freevxfs
freevxfs: update Kconfig information
2016-06-13 10:20:39 +02:00
fscache
fscache: fix race between enablement and dropping of object
2023-05-15 10:31:45 +09:00
fuse
cuse: prevent clone
2023-05-16 11:03:45 +09:00
gfs2
gfs2: report "already frozen/thawed" errors
2023-05-16 10:52:18 +09:00
hfs
fs/hfs/extent.c: fix array out of bounds read of array extent
2023-05-15 15:18:29 +09:00
hfsplus
hfsplus: fix crash and filesystem corruption when deleting files
2023-05-15 17:14:59 +09:00
hostfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
hpfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
hugetlbfs
hugetlbfs: hugetlb_fault_mutex_hash() cleanup
2023-05-16 11:11:10 +09:00
isofs
isofs: release buffer head before return
2023-05-16 10:37:43 +09:00
jbd2
jbd2: abort journal if free a async write error metadata buffer
2023-05-16 08:57:16 +09:00
jffs2
jffs2: check the validity of dstlen in jffs2_zlib_compress()
2023-05-16 10:54:39 +09:00
jfs
JFS: more checks for invalid superblock
2023-05-16 10:39:51 +09:00
kernfs
kernfs: Fix range checks in kernfs_get_target_path
2023-05-15 15:09:25 +09:00
lockd
lockd: don't use interval-based rebinding over TCP
2023-05-16 09:57:34 +09:00
logfs
ANDROID: fs: logfs: fix filler function type
2018-03-02 13:27:29 -08:00
minix
fs/minix: reject too-large maximum file size
2023-05-16 08:47:27 +09:00
ncpfs
ncpfs: fix build warning of strncpy
2023-05-15 11:49:44 +09:00
nfs
NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
2023-05-16 11:10:21 +09:00
nfs_common
nfs_common: need lock during iterate through the list
2023-05-16 09:58:02 +09:00
nfsd
nfsd4: readdirplus shouldn't return parent of export
2023-05-16 10:26:47 +09:00
nilfs2
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
2023-05-15 17:32:23 +09:00
nls
notify
fanotify: fix handling of events on child sub-directory
2023-05-15 11:16:44 +09:00
ntfs
ntfs: check for valid standard information attribute
2023-05-16 10:36:36 +09:00
ocfs2
ocfs2: fix data corruption by fallocate
2023-05-16 11:12:06 +09:00
omfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
openpromfs
fs: Replace CURRENT_TIME with current_time() for inode timestamps
2016-09-27 21:06:21 -04:00
orangefs
help_next should increase position index
2023-05-15 16:59:58 +09:00
overlayfs
ovl: skip getxattr of security labels
2023-05-16 10:35:54 +09:00
proc
proc: Track /proc/$pid/attr/ opener mm_struct
2023-05-16 11:12:54 +09:00
pstore
pstore/ram: Write new dumps to start of recycled zones
2023-05-15 16:32:06 +09:00
qnx4
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
qnx6
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
quota
quota: Don't overflow quota file offsets
2023-05-16 10:00:31 +09:00
ramfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
reiserfs
reiserfs: update reiserfs_xattrs_initialized() condition
2023-05-16 10:50:04 +09:00
romfs
romfs: fix uninitialized memory leak in romfs_dev_read()
2023-05-16 08:54:39 +09:00
sdcardfs
sdcardfs: revert because compile fail [1/1]
2020-12-17 17:32:09 +09:00
squashfs
squashfs: fix divide error in calculate_skip()
2023-05-16 11:04:20 +09:00
sysfs
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
2023-05-16 10:40:14 +09:00
sysv
sysv: return 'err' instead of 0 in __sysv_write_inode
2023-05-15 10:31:02 +09:00
tracefs
fs: Replace CURRENT_TIME with current_time() for inode timestamps
2016-09-27 21:06:21 -04:00
ubifs
ubifs: wbuf: Don't leak kernel memory to flash
2023-05-16 10:26:05 +09:00
udf
udf: fix silent AED tagLocation corruption
2023-05-16 10:46:35 +09:00
ufs
fs/ufs: avoid potential u32 multiplication overflow
2023-05-16 08:48:37 +09:00
xfs
xfs: Fix assert failure in xfs_setattr_size()
2023-05-16 10:39:53 +09:00
aio.c
aio: fix spectre gadget in lookup_ioctx
2023-05-15 10:36:26 +09:00
anon_inodes.c
attr.c
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
2017-01-31 10:47:22 -08:00
bad_inode.c
bad_inode: add missing i_op initializers
2017-01-09 08:32:24 +01:00
binfmt_aout.c
fs: fix binfmt_aout.c build error
2016-05-28 16:34:59 -07:00
binfmt_elf_fdpic.c
elf_fdpic_transfer_args_to_stack(): make it generic
2016-07-25 16:51:49 +10:00
binfmt_elf.c
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
2023-05-15 17:30:19 +09:00
binfmt_em86.c
fs/binfmt_em86.c: fix incompatible pointer type
2016-08-02 19:35:15 -04:00
binfmt_flat.c
fs/binfmt_flat.c: make load_flat_shared_library() work
2023-05-15 13:55:59 +09:00
binfmt_misc.c
binfmt_misc: fix possible deadlock in bm_register_write
2023-05-16 10:47:44 +09:00
binfmt_script.c
exec: load_script: Do not exec truncated interpreter path
2023-05-15 14:54:58 +09:00
block_dev.c
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
2023-05-16 09:16:10 +09:00
buffer.c
fs: Don't invalidate page buffers in block_write_full_page()
2023-05-16 09:45:07 +09:00
char_dev.c
chardev: add helper function to register char devs with a struct device
2023-05-15 17:27:22 +09:00
compat_binfmt_elf.c
binfmt_elf: compat: avoid unused function warning
2018-02-25 11:05:55 +01:00
compat_ioctl.c
fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
2023-05-15 16:30:53 +09:00
compat.c
compat: remove compat_printk()
2016-09-27 21:20:53 -04:00
coredump.c
Merge 4.9.36 into android-4.9
2017-07-05 16:18:14 +02:00
dax.c
fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
2018-02-28 10:18:33 +01:00
dcache.c
Hang/soft lockup in d_invalidate with simultaneous calls
2023-05-15 12:07:04 +09:00
dcookies.c
direct-io.c
fs: direct-io: fix missing sdio->boundary
2023-05-16 10:51:34 +09:00
drop_caches.c
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
2023-05-15 11:50:41 +09:00
eventfd.c
eventfd: document lockless access in eventfd_poll
2016-03-22 15:36:02 -07:00
eventpoll.c
ep_create_wakeup_source(): dentry name can change under you...
2023-05-16 09:23:53 +09:00
exec.c
exit/exec: Seperate mm_release()
2023-05-16 10:33:11 +09:00
fcntl.c
fs/fcntl: f_setown, avoid undefined behaviour
2018-01-31 12:55:52 +01:00
fhandle.c
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
2016-03-22 15:36:02 -07:00
file_table.c
fs, file table: reinit files_stat.max_files after deferred memory initialisation
2015-08-07 04:39:40 +03:00
file.c
fix multiplication overflow in copy_fdtable()
2023-05-15 17:28:32 +09:00
filesystems.c
find_filesystem(): simplify comparison
2016-01-19 12:02:23 -05:00
fs_pin.c
fs_struct.c
ANDROID: fs: Export free_fs_struct and set_fs_pwd
2017-01-31 15:46:26 -08:00
fs-writeback.c
memcg: fix a crash in wb_workfn when a device disappears
2023-05-16 10:35:42 +09:00
inode.c
futex: Fix inode life-time issue
2023-05-15 17:11:10 +09:00
internal.h
Merge 4.9.51 into android-4.9
2017-09-20 09:59:51 +02:00
ioctl.c
vfs: cap dedupe request structure size at PAGE_SIZE
2016-09-15 13:29:52 -07:00
iomap.c
iomap: fix integer truncation issues in the zeroing and dirtying helpers
2017-09-20 08:19:59 +02:00
Kconfig
fs: add exfat file system support
2017-09-26 00:32:37 -07:00
Kconfig.binfmt
ARM: 8594/1: enable binfmt_flat on systems with an MMU
2016-08-12 16:47:05 +01:00
libfs.c
libfs: fix error cast of negative value in simple_attr_write()
2023-05-16 09:49:21 +09:00
locks.c
locks: print unsigned ino in /proc/locks
2023-05-15 16:30:25 +09:00
Makefile
fs: add exfat file system support
2017-09-26 00:32:37 -07:00
mbcache.c
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
2018-02-22 15:43:48 +01:00
mount.h
mnt: In propgate_umount handle visiting mounts in any order
2017-07-21 07:42:22 +02:00
mpage.c
mm: optimize stack usage for functions [1/1]
2018-12-17 17:21:59 +08:00
namei.c
namei: only return -ECHILD from follow_dotdot_rcu()
2023-05-15 17:02:00 +09:00
namespace.c
fs/namespace.c: fix mountpoint reference counter race
2023-05-15 17:23:05 +09:00
no-block.c
nsfs.c
nsfs: mark dentry with DCACHE_RCUACCESS
2018-02-17 13:21:15 +01:00
open.c
cifs_atomic_open(): fix double-put on late allocation failure
2023-05-15 17:09:26 +09:00
pipe.c
fs: prevent page refcount overflow in pipe_buf_get
2023-05-15 13:40:35 +09:00
pnode.c
propagate_one(): mnt_set_mountpoint() needs mount_lock
2023-05-15 17:24:29 +09:00
pnode.h
mnt: Tuck mounts under others instead of creating shadow/side mounts.
2017-03-15 02:21:16 +00:00
posix_acl.c
tmpfs: clear S_ISGID when setting posix ACLs
2017-01-26 08:24:37 +01:00
proc_namespace.c
ANDROID: vfs: Allow filesystems to access their private mount data
2017-01-31 10:47:20 -08:00
read_write.c
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
2023-05-15 13:41:13 +09:00
readdir.c
filldir[64]: remove WARN_ON_ONCE() for bad directory entries
2023-05-15 16:21:37 +09:00
select.c
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
2023-05-16 10:48:22 +09:00
seq_file.c
seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char
2016-10-07 18:46:30 -07:00
signalfd.c
signalfd: fix information leak in signalfd_copyinfo
2015-08-07 04:39:40 +03:00
splice.c
fs: prevent page refcount overflow in pipe_buf_get
2023-05-15 13:40:35 +09:00
stack.c
stat.c
ufs: restore maintaining ->i_blocks
2017-06-14 15:06:01 +02:00
statfs.c
super.c
vfs: remove lockdep bogosity in __sb_start_write
2023-05-16 09:49:08 +09:00
sync.c
ANDROID: sched: add a counter to track fsync
2017-03-14 13:16:06 -07:00
timerfd.c
timerfd: Protect the might cancel mechanism proper
2017-05-08 07:47:54 +02:00
userfaultfd.c
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
2023-05-15 14:21:05 +09:00
utimes.c
ANDROID: vfs: Add setattr2 for filesystems with per mount permissions
2017-01-31 10:47:21 -08:00
xattr.c
xattr: break delegations in {set,remove}xattr
2023-05-16 08:45:19 +09:00