shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 02:33:01 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
998f85133fd3067d715050826cf066efd59775f1
linux/kernel
History
Emese Revfy 998f85133f kernel/signal.c: stop info leak via the tkill and the tgkill syscalls 
commit b9e146d8eb upstream.

This fixes a kernel memory contents leak via the tkill and tgkill syscalls
for compat processes.

This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field
when handling signals delivered from tkill.

The place of the infoleak:

int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from)
{
        ...
        put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr);
        ...
}

Signed-off-by: Emese Revfy <re.emese@gmail.com>
Reviewed-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-04-25 12:51:10 -07:00
..
debug
module: add new state MODULE_STATE_UNFORMED.
2013-01-12 13:27:05 +10:30
events
perf: Fix event group context move
2013-02-03 12:01:29 +01:00
gcov
gcov: disable CONSTRUCTORS for UML
2011-07-26 16:49:45 -07:00
irq
genirq: Avoid deadlock in spurious handling
2013-02-28 05:38:28 -08:00
power
Merge branch 'for-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2012-12-12 08:18:24 -08:00
sched
sched_clock: Prevent 64bit inatomicity on 32bit systems
2013-04-16 21:48:29 -07:00
time
clockevents: Don't allow dummy broadcast timers
2013-03-28 12:18:01 -07:00
trace
ftrace: Move ftrace_filter_lseek out of CONFIG_DYNAMIC_FTRACE section
2013-04-16 21:48:29 -07:00
.gitignore
acct.c
vfs: make path_openat take a struct filename pointer
2012-10-12 20:15:09 -04:00
async.c
async: fix __lowest_in_progress()
2013-01-22 16:21:24 -08:00
audit_tree.c
audit: catch possible NULL audit buffers
2013-01-11 14:54:55 -08:00
audit_watch.c
audit: catch possible NULL audit buffers
2013-01-11 14:54:55 -08:00
audit.c
kernel/audit.c: avoid negative sleep durations
2013-01-11 14:54:56 -08:00
audit.h
audit: optimize audit_compare_dname_path
2012-10-12 00:32:02 -04:00
auditfilter.c
audit: fix auditfilter.c kernel-doc warnings
2013-01-10 14:35:23 -08:00
auditsc.c
audit: catch possible NULL audit buffers
2013-01-11 14:54:55 -08:00
backtracetest.c
bounds.c
memcg: remove direct page_cgroup-to-page pointer
2011-03-23 19:46:28 -07:00
capability.c
userns: Teach inode_capable to understand inodes whose uids map to other namespaces.
2012-05-15 14:59:24 -07:00
cgroup_freezer.c
cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free()
2012-11-19 08:13:38 -08:00
cgroup.c
cgroup: fix exit() vs rmdir() race
2013-03-04 06:03:38 +08:00
compat.c
x32: fix sigtimedwait
2012-12-26 01:15:03 -05:00
configs.c
kernel/configs.c: include MODULE_*() when CONFIG_IKCONFIG_PROC=n
2011-07-25 20:57:15 -07:00
context_tracking.c
context_tracking: New context tracking susbsystem
2012-11-30 11:40:07 -08:00
cpu_pm.c
kernel/cpu_pm.c: fix various typos
2012-05-31 17:49:27 -07:00
cpu.c
Merge branch 'x86-bsp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2012-12-11 19:56:33 -08:00
cpuset.c
cpuset: fix cpuset_print_task_mems_allowed() vs rename() race
2013-03-04 06:03:38 +08:00
crash_dump.c
Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
2011-11-06 19:44:47 -08:00
cred.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-12-18 10:55:28 -08:00
delayacct.c
KVM: Steal time implementation
2011-07-14 12:59:14 +03:00
dma.c
Remove all #inclusions of asm/system.h
2012-03-28 18:30:03 +01:00
elfcore.c
elf coredump: add extended numbering support
2010-03-06 11:26:46 -08:00
exec_domain.c
sys_personality: remove the bogus checks in sys_personality()->__set_personality() path
2010-08-09 20:45:05 -07:00
exit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-12-17 15:44:47 -08:00
extable.c
extable: Skip sorting if sorted at build time.
2012-04-19 15:06:55 -07:00
fork.c
userns: Don't allow CLONE_NEWUSER | CLONE_FS
2013-03-14 11:26:37 -07:00
freezer.c
freezer: change ptrace_stop/do_signal_stop to use freezable_schedule()
2012-10-26 14:27:49 -07:00
futex_compat.c
futex: Revert "futex: Mark get_robust_list as deprecated"
2013-02-28 05:38:31 -08:00
futex.c
futex: Revert "futex: Mark get_robust_list as deprecated"
2013-02-28 05:38:31 -08:00
groups.c
userns: Convert in_group_p and in_egroup_p to use kgid_t
2012-05-03 03:29:33 -07:00
hrtimer.c
hrtimer: Don't reinitialize a cpu_base lock on CPU_UP
2013-04-25 12:51:09 -07:00
hung_task.c
hung task debugging: Inject NMI when hung and going to panic
2012-04-25 12:39:25 +02:00
irq_work.c
irq_work: fix compile failure on tile from missing include
2012-04-13 13:15:16 -04:00
itimer.c
itimer: Use printk_once instead of WARN_ONCE
2012-04-10 11:00:30 +02:00
jump_label.c
jump_label: Export jump_label_rate_limit()
2012-08-06 19:00:35 +03:00
kallsyms.c
vsprintf: fix %ps on non symbols when using kallsyms
2012-05-29 16:22:32 -07:00
kcmp.c
kcmp: include linux/ptrace.h
2012-12-20 17:40:19 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking: Adjust spin lock inlining Kconfig options
2012-09-13 17:56:13 +02:00
Kconfig.preempt
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
kexec.c
kdump: remove unneeded include
2012-10-06 03:05:19 +09:00
kfifo.c
[media] kernel:kfifo: export __kfifo_max_r symbol
2012-04-11 18:24:37 -03:00
kmod.c
Bury the conditionals from kernel_thread/kernel_execve series
2012-12-19 18:07:38 -05:00
kprobes.c
kprobes/x86: Fix to support jprobes on ftrace-based kprobe
2012-09-13 22:52:11 -04:00
ksysfs.c
Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2012-12-11 18:10:49 -08:00
kthread.c
kthread: Prevent unpark race which puts threads on the wrong cpu
2013-04-25 12:51:09 -07:00
latencytop.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
lglock.c
brlocks/lglocks: turn into functions
2012-05-29 23:28:41 -04:00
lockdep_internals.h
lockdep: No need to disable preemption in debug atomic ops
2010-05-04 05:38:16 +02:00
lockdep_proc.c
lockdep: Use KSYM_NAME_LEN'ed buffer for __get_key_name()
2012-10-24 12:39:09 +02:00
lockdep_states.h
lockdep.c
lockdep: Check if nested lock is actually held
2012-09-13 17:00:44 +02:00
Makefile
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
2012-12-19 07:55:08 -08:00
modsign_certificate.S
MODSIGN: Avoid using .incbin in C source
2012-12-14 13:06:44 +10:30
modsign_pubkey.c
keys: use keyring_alloc() to create module signing keyring
2012-12-20 17:40:21 -08:00
module_signing.c
MODSIGN: Don't use enum-type bitfields in module signature info block
2012-12-05 11:27:24 +10:30
module-internal.h
MODSIGN: Move the magic string to the end of a module and eliminate the search
2012-10-19 17:30:40 -07:00
module.c
module: fix missing module_mutex unlock
2013-01-20 20:22:58 -08:00
mutex-debug.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
mutex-debug.h
mutex: Use p->on_cpu for the adaptive spin
2011-04-14 08:52:33 +02:00
mutex.c
sched/rt: Use schedule_preempt_disabled()
2012-03-01 10:28:03 +01:00
mutex.h
mutex: Use p->on_cpu for the adaptive spin
2011-04-14 08:52:33 +02:00
notifier.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
nsproxy.c
userns: Implement unshare of the user namespace
2012-11-20 04:18:14 -08:00
padata.c
padata: use __this_cpu_read per-cpu helper
2012-12-06 17:16:23 +08:00
panic.c
panic: fix a possible deadlock in panic()
2012-07-30 17:25:13 -07:00
params.c
params: replace printk(KERN_<LVL>...) with pr_<lvl>(...)
2012-05-04 17:28:18 -07:00
pid_namespace.c
pid: Handle the exit of a multi-threaded init.
2013-04-05 09:26:01 -07:00
pid.c
kernel/pid.c: reenable interrupts when alloc_pid() fails because init has exited
2013-02-12 14:34:00 -08:00
posix-cpu-timers.c
posix-cpu-timers: Fix nanosleep task_struct leak
2013-02-28 05:38:28 -08:00
posix-timers.c
posix-timer: Don't call idr_find() with out-of-range ID
2013-03-04 06:03:33 +08:00
printk.c
Revert "console: implement lockdep support for console_lock"
2013-01-31 15:46:56 +11:00
profile.c
propagate name change to comments in kernel source
2012-12-06 10:39:54 +01:00
ptrace.c
ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
2013-01-22 10:08:00 -08:00
range.c
range: fix bogus misuse of module.h to get printk()
2011-10-31 09:20:11 -04:00
rcu.h
rcu: Add a module parameter to force use of expedited RCU primitives
2012-10-23 14:54:08 -07:00
rcupdate.c
rcu: Add a module parameter to force use of expedited RCU primitives
2012-10-23 14:54:08 -07:00
rcutiny_plugin.h
rcu: Add a module parameter to force use of expedited RCU primitives
2012-10-23 14:54:08 -07:00
rcutiny.c
rcu: Fix TINY_RCU rcu_is_cpu_rrupt_from_idle check
2012-11-13 14:08:34 -08:00
rcutorture.c
Merge branches 'urgent.2012.10.27a', 'doc.2012.11.16a', 'fixes.2012.11.13a', 'srcu.2012.10.27a', 'stall.2012.11.13a', 'tracing.2012.11.08a' and 'idle.2012.10.24a' into HEAD
2012-11-16 09:59:58 -08:00
rcutree_plugin.h
rcu: Make rcu_nocb_poll an early_param instead of module_param
2013-01-08 14:12:19 -08:00
rcutree_trace.c
rcu: Separate accounting of callbacks from callback-free CPUs
2012-11-16 10:05:57 -08:00
rcutree.c
context_tracking: New context tracking susbsystem
2012-11-30 11:40:07 -08:00
rcutree.h
rcu: Separate accounting of callbacks from callback-free CPUs
2012-11-16 10:05:57 -08:00
relay.c
splice: fix racy pipe->buffers uses
2012-06-13 21:16:42 +02:00
res_counter.c
res_counter: return amount of charges after res_counter_uncharge()
2012-12-18 15:02:12 -08:00
resource.c
kernel/resource.c: fix stack overflow in __reserve_region_with_split()
2012-10-06 03:05:31 +09:00
rtmutex_common.h
rtmutex: Simplify PI algorithm and make highest prio task get lock
2011-01-27 21:13:51 -05:00
rtmutex-debug.c
lockdep, rtmutex, bug: Show taint flags on error
2011-12-06 08:16:49 +01:00
rtmutex-debug.h
rtmutex-tester.c
rtmutex-tester: convert sysdev_class to a regular subsystem
2011-12-14 14:54:22 -08:00
rtmutex.c
Revert "rcu: Permit rt_mutex_unlock() with irqs disabled"
2011-12-11 10:33:18 -08:00
rtmutex.h
rwsem.c
lockdep, rwsem: provide down_write_nest_lock()
2013-01-11 14:54:55 -08:00
seccomp.c
seccomp: Make syscall skipping and nr changes more consistent
2012-10-02 21:14:29 +10:00
semaphore.c
semaphore: fix improper comment reference to mutex
2012-04-05 17:15:55 -07:00
signal.c
kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
2013-04-25 12:51:10 -07:00
smp.c
smp: Fix SMP function call empty cpu mask race
2013-01-28 11:21:57 +01:00
smpboot.c
hotplug: Fix UP bug in smpboot hotplug code
2012-08-13 17:01:07 +02:00
smpboot.h
smpboot: Provide infrastructure for percpu hotplug threads
2012-08-13 17:01:07 +02:00
softirq.c
cputime: Specialize irq vtime hooks
2012-10-29 21:31:32 +01:00
spinlock.c
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
srcu.c
Merge branches 'urgent.2012.10.27a', 'doc.2012.11.16a', 'fixes.2012.11.13a', 'srcu.2012.10.27a', 'stall.2012.11.13a', 'tracing.2012.11.08a' and 'idle.2012.10.24a' into HEAD
2012-11-16 09:59:58 -08:00
stacktrace.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
stop_machine.c
Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
2011-11-06 19:44:47 -08:00
sys_ni.c
module: add syscall to load module from fd
2012-12-14 13:05:22 +10:30
sys.c
PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()
2013-04-16 21:48:28 -07:00
sysctl_binary.c
sysctl: fix null checking in bin_dn_node_address()
2013-03-04 06:03:36 +08:00
sysctl.c
Merge tag 'balancenuma-v11' of git://git.kernel.org/pub/scm/linux/kernel/git/mel/linux-balancenuma
2012-12-16 15:18:08 -08:00
task_work.c
task_work: task_work_add() should not succeed after exit_task_work()
2012-09-13 16:47:34 +02:00
taskstats.c
taskstats: cgroupstats_user_cmd() may leak on error
2012-10-06 03:05:31 +09:00
test_kprobes.c
kprobes: Fix selftest to clear flags field for reusing probes
2010-10-14 08:55:27 +02:00
time.c
time: Move update_vsyscall definitions to timekeeper_internal.h
2012-09-24 12:38:06 -04:00
timeconst.pl
timeconst.pl: Eliminate Perl warning
2013-02-28 05:38:28 -08:00
timer.c
timers: Fix endless looping between cascade() and internal_add_timer()
2012-10-09 21:27:14 +02:00
tracepoint.c
static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]()
2012-02-24 10:05:59 +01:00
tsacct.c
userns: Convert taskstats to handle the user and pid namespaces.
2012-09-18 01:01:32 -07:00
uid16.c
userns: Convert setting and getting uid and gid system calls to use kuid and kgid
2012-05-03 03:28:41 -07:00
up.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
user_namespace.c
userns: Restrict when proc and sysfs can be mounted
2013-04-05 09:26:02 -07:00
user-return-notifier.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
user.c
userns: Restrict when proc and sysfs can be mounted
2013-04-05 09:26:02 -07:00
utsname_sysctl.c
Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
2011-11-06 19:44:47 -08:00
utsname.c
userns: Require CAP_SYS_ADMIN for most uses of setns.
2012-12-14 16:12:03 -08:00
wait.c
propagate name change to comments in kernel source
2012-12-06 10:39:54 +01:00
watchdog.c
watchdog: Fix disable/enable regression
2012-12-19 12:10:33 -08:00
workqueue_sched.h
workqueue: implement concurrency managed dynamic worker pool
2010-06-29 10:07:14 +02:00
workqueue.c
workqueue: consider work function when searching for busy work items
2013-03-04 06:03:38 +08:00