Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.2.44 2013-03-20T15:03:18Z 2013-03-20T15:03:18Z Kees Cook keescook@chromium.org 2013-02-25T21:32:25Z urn:sha1:7c4bf08d3fa22613b628fc967953f581564a13ad commit e70ab977991964a5a7ad1182799451d067e62669 upstream. While PROC_CN_MCAST_LISTEN/IGNORE is entirely advisory, it was possible for an unprivileged user to turn off notifications for all listeners by sending PROC_CN_MCAST_IGNORE. Instead, require the same privileges as required for a multicast bind. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Evgeniy Polyakov <zbr@ioremap.net> Cc: Matt Helsley <matthltc@us.ibm.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Acked-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2011-09-28T17:41:50Z Vladimir Zapolskiy vzapolskiy@gmail.com 2011-09-21T09:26:44Z urn:sha1:f786ecba4158880f8cdc0ebb93e7d78e6c125449 Add an event to monitor comm value changes of tasks. Such an event becomes vital, if someone desires to control threads of a process in different manner. A natural characteristic of threads is its comm value, and helpfully application developers have an opportunity to change it in runtime. Reporting about such events via proc connector allows to fine-grain monitoring and control potentials, for instance a process control daemon listening to proc connector and following comm value policies can place specific threads to assigned cgroup partitions. It might be possible to achieve a pale partial one-shot likeness without this update, if an application changes comm value of a thread generator task beforehand, then a new thread is cloned, and after that proc connector listener gets the fork event and reads new thread's comm value from procfs stat file, but this change visibly simplifies and extends the matter. Signed-off-by: Vladimir Zapolskiy <vzapolskiy@gmail.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-07-29T01:26:32Z Oleg Nesterov oleg@redhat.com 2011-07-29T01:26:32Z urn:sha1:9e8f90dfe58eb19140bc66655170c7aef9eadbf2 proc_fork_connector() uses ->real_parent lockless. This is not safe if copy_process() was called with CLONE_THREAD or CLONE_PARENT, in this case the parent != current can go away at any moment. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Vladimir Zapolskiy <vzapolskiy@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Evgeniy Polyakov <zbr@ioremap.net> Cc: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-07-26T23:49:47Z Arun Sharma asharma@fb.com 2011-07-26T23:09:06Z urn:sha1:60063497a95e716c9a689af3be2687d261f115b4 This allows us to move duplicated code in <asm/atomic.h> (atomic_inc_not_zero() for now) to <linux/atomic.h> Signed-off-by: Arun Sharma <asharma@fb.com> Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: David Miller <davem@davemloft.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-07-26T03:57:17Z Andrew Morton akpm@linux-foundation.org 2011-07-26T00:13:39Z urn:sha1:f19da2ce8ef5e49b8b8ea199c3601dd45d71b262 Fix the warning drivers/connector/cn_proc.c: In function 'proc_ptrace_connector': drivers/connector/cn_proc.c:176: warning: unused variable 'tracer' Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-07-22T22:06:50Z Linus Torvalds torvalds@linux-foundation.org 2011-07-22T22:06:50Z urn:sha1:8209f53d79444747782a28520187abaf689761f2 * 'ptrace' of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc: (39 commits) ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever ptrace: fix ptrace_signal() && STOP_DEQUEUED interaction connector: add an event for monitoring process tracers ptrace: dont send SIGSTOP on auto-attach if PT_SEIZED ptrace: mv send-SIGSTOP from do_fork() to ptrace_init_task() ptrace_init_task: initialize child->jobctl explicitly has_stopped_jobs: s/task_is_stopped/SIGNAL_STOP_STOPPED/ ptrace: make former thread ID available via PTRACE_GETEVENTMSG after PTRACE_EVENT_EXEC stop ptrace: wait_consider_task: s/same_thread_group/ptrace_reparented/ ptrace: kill real_parent_is_ptracer() in in favor of ptrace_reparented() ptrace: ptrace_reparented() should check same_thread_group() redefine thread_group_leader() as exit_signal >= 0 do not change dead_task->exit_signal kill task_detached() reparent_leader: check EXIT_DEAD instead of task_detached() make do_notify_parent() __must_check, update the callers __ptrace_detach: avoid task_detached(), check do_notify_parent() kill tracehook_notify_death() make do_notify_parent() return bool ptrace: s/tracehook_tracer_task()/ptrace_parent()/ ... 2011-07-18T19:38:33Z Vladimir Zapolskiy vzapolskiy@gmail.com 2011-07-15T17:45:18Z urn:sha1:f701e5b73a1a79ea62ffd45d9e2bed4c7d5c1fd2 This change adds a procfs connector event, which is emitted on every successful process tracer attach or detach. If some process connects to other one, kernelspace connector reports process id and thread group id of both these involved processes. On disconnection null process id is returned. Such an event allows to create a simple automated userspace mechanism to be aware about processes connecting to others, therefore predefined process policies can be applied to them if needed. Note, a detach signal is emitted only in case, if a tracer process explicitly executes PTRACE_DETACH request. In other cases like tracee or tracer exit detach event from proc connector is not reported. Signed-off-by: Vladimir Zapolskiy <vzapolskiy@gmail.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Oleg Nesterov <oleg@redhat.com> 2011-06-07T19:02:00Z K. Y. Srinivasan kys@microsoft.com 2011-05-17T22:25:38Z urn:sha1:663dd6dcaf7e95526e469e91f41972a9c0cca30c The recent changes to the connector code introduced this bug where even when a callback was invoked, we would return an error resulting in double freeing of the skb. This patch fixes this bug. Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Cc: stable <stable@kernel.org> [.39] Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2011-04-12T21:38:57Z Patrick McHardy kaber@trash.net 2011-04-12T05:39:51Z urn:sha1:0e08785845093ef4ed220463a739bc8d0db95de7 When a skb is delivered to a registered callback, cn_call_callback() incorrectly returns -ENODEV after freeing the skb, causing cn_rx_skb() to free the skb a second time. Reported-by: Eric B Munson <emunson@mgebm.net> Signed-off-by: Patrick McHardy <kaber@trash.net> Tested-by: Eric B Munson <emunson@mgebm.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-03-31T00:14:33Z Patrick McHardy kaber@trash.net 2011-03-28T08:39:36Z urn:sha1:04f482faf50535229a5a5c8d629cf963899f857c Commits 01a16b21 (netlink: kill eff_cap from struct netlink_skb_parms) and c53fa1ed (netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms) removed some members from struct netlink_skb_parms that depend on the current context, all netlink users are now required to do synchronous message processing. connector however queues received messages and processes them in a work queue, which is not valid anymore. This patch converts connector to do synchronous message processing by invoking the registered callback handler directly from the netlink receive function. In order to avoid invoking the callback with connector locks held, a reference count is added to struct cn_callback_entry, the reference is taken when finding a matching callback entry on the device's queue_list and released after the callback handler has been invoked. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: David S. Miller <davem@davemloft.net>