Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.18.2 2015-01-08T18:30:27Z 2015-01-08T18:30:27Z Richard Guy Briggs rgb@redhat.com 2014-12-23T18:02:04Z urn:sha1:3d7c0c1f6092ae814a5c7190cc382daa3543033a commit 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 upstream. A regression was caused by commit 780a7654cee8: audit: Make testing for a valid loginuid explicit. (which in turn attempted to fix a regression caused by e1760bd) When audit_krule_to_data() fills in the rules to get a listing, there was a missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. This broke userspace by not returning the same information that was sent and expected. The rule: auditctl -a exit,never -F auid=-1 gives: auditctl -l LIST_RULES: exit,never f24=0 syscall=all when it should give: LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all Tag it so that it is reported the same way it was set. Create a new private flags audit_krule field (pflags) to store it that won't interact with the public one from the API. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-01-08T18:30:26Z Eric W. Biederman ebiederm@xmission.com 2014-12-02T18:27:26Z urn:sha1:4a7215f13452bf2e8d271b2b9f09fddd990b4c04 commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 upstream. - Expose the knob to user space through a proc file /proc/<pid>/setgroups A value of "deny" means the setgroups system call is disabled in the current processes user namespace and can not be enabled in the future in this user namespace. A value of "allow" means the segtoups system call is enabled. - Descendant user namespaces inherit the value of setgroups from their parents. - A proc file is used (instead of a sysctl) as sysctls currently do not allow checking the permissions at open time. - Writing to the proc file is restricted to before the gid_map for the user namespace is set. This ensures that disabling setgroups at a user namespace level will never remove the ability to call setgroups from a process that already has that ability. A process may opt in to the setgroups disable for itself by creating, entering and configuring a user namespace or by calling setns on an existing user namespace with setgroups disabled. Processes without privileges already can not call setgroups so this is a noop. Prodcess with privilege become processes without privilege when entering a user namespace and as with any other path to dropping privilege they would not have the ability to call setgroups. So this remains within the bounds of what is possible without a knob to disable setgroups permanently in a user namespace. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-01-08T18:30:25Z Eric W. Biederman ebiederm@xmission.com 2014-12-06T00:01:11Z urn:sha1:d5c3ebc43923644c61155b6b71f9b1a36d570343 commit 273d2c67c3e179adb1e74f403d1e9a06e3f841b5 upstream. setgroups is unique in not needing a valid mapping before it can be called, in the case of setgroups(0, NULL) which drops all supplemental groups. The design of the user namespace assumes that CAP_SETGID can not actually be used until a gid mapping is established. Therefore add a helper function to see if the user namespace gid mapping has been established and call that function in the setgroups permission check. This is part of the fix for CVE-2014-8989, being able to drop groups without privilege using user namespaces. Reviewed-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-01-08T18:30:25Z Eric W. Biederman ebiederm@xmission.com 2014-12-05T23:19:27Z urn:sha1:e726c9a0a24b1381b2714dbeca322ab446fccb4a commit 7ff4d90b4c24a03666f296c3d4878cd39001e81e upstream. Today there are 3 instances of setgroups and due to an oversight their permission checking has diverged. Add a common function so that they may all share the same permission checking code. This corrects the current oversight in the current permission checks and adds a helper to avoid this in the future. A user namespace security fix will update this new helper, shortly. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-12-16T17:39:06Z Al Viro viro@zeniv.linux.org.uk 2014-10-26T23:19:16Z urn:sha1:679829c2e50332832c2e85b12ec851a423ad9892 commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-12-04T23:28:40Z Masahiro Yamada yamada.m@jp.panasonic.com 2014-12-04T22:42:25Z urn:sha1:d0747f10ed5fec3d1f40c4b350dc9673011fc8e2 A typo "header=y" was introduced by commit 7071cf7fc435 ("uapi: add missing network related headers to kbuild"). Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Cc: Stephen Hemminger <stephen@networkplumber.org> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2014-11-29T00:08:09Z Linus Torvalds torvalds@linux-foundation.org 2014-11-29T00:08:09Z urn:sha1:88910638717dd195cff1dd1ea74772b159632bba Pull staging/IIO driver fixes from Greg KH: "Here are some staging and IIO driver fixes for 3.18-rc7 that resolve a number of reported issues, and a new device id for a staging wireless driver. All of these have been in linux-next" * tag 'staging-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: r8188eu: Add new device ID for DLink GO-USB-N150 staging: r8188eu: Fix scheduling while atomic error introduced in commit fadbe0cd iio: accel: bmc150: set low default thresholds iio: accel: bmc150: Fix iio_event_spec direction iio: accel: bmc150: Send x, y and z motion separately iio: accel: bmc150: Error handling when mode set fails iio: gyro: bmg160: Fix iio_event_spec direction iio: gyro: bmg160: Send x, y and z motion separately iio: gyro: bmg160: Don't let interrupt mode to be open drain iio: gyro: bmg160: Error handling when mode set fails iio: adc: men_z188_adc: Add terminating entry for men_z188_ids iio: accel: kxcjk-1013: Fix kxcjk10013_set_range iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask 2014-11-28T21:54:53Z Linus Torvalds torvalds@linux-foundation.org 2014-11-28T21:54:53Z urn:sha1:16cf45c09ce275c6f75d26392d132fd8f08bd6ba Pull sound fixes from Takashi Iwai: "No excitement, here are only minor fixes: an endian fix for the new DSD format we added in 3.18, a fix for HP mute LED, and a fix for Native Instrument quirk" * tag 'sound-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: pcm: Add big-endian DSD sample formats and fix XMOS DSD sample format ALSA: hda - One more HP machine needs to change mute led quirk ALSA: usb-audio: Use snd_usb_ctl_msg() for Native Instruments quirk 2014-11-28T02:05:05Z Linus Torvalds torvalds@linux-foundation.org 2014-11-28T02:05:05Z urn:sha1:8e8459719cd129e6a91ebfcd46f68f8396f8f735 Pull networking fixes from David Miller: "Several small fixes here: 1) Don't crash in tg3 driver when the number of tx queues has been configured to be different from the number of rx queues. From Thadeu Lima de Souza Cascardo. 2) VLAN filter not disabled properly in promisc mode in ixgbe driver, from Vlad Yasevich. 3) Fix OOPS on dellink op in VTI tunnel driver, from Xin Long. 4) IPV6 GRE driver WCCP code checks skb->protocol for ETH_P_IP instead of ETH_P_IPV6, whoops. From Yuri Chislov. 5) Socket matching in ping driver is buggy when packet AF does not match socket's AF. Fix from Jane Zhou. 6) Fix checksum calculation errors in VXLAN due to where the udp_tunnel6_xmit_skb() helper gets it's saddr/daddr from. From Alexander Duyck. 7) Fix 5G detection problem in rtlwifi driver, from Larry Finger. 8) Fix NULL deref in tcp_v{4,6}_send_reset, from Eric Dumazet. 9) Various missing netlink attribute verifications in bridging code, from Thomas Graf. 10) tcp_recvmsg() unconditionally calls ipv4 ip_recv_error even for ipv6 sockets, whoops. Fix from Willem de Bruijn" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits) net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK bridge: Add missing policy entry for IFLA_BRPORT_FAST_LEAVE net: Check for presence of IFLA_AF_SPEC net: Validate IFLA_BRIDGE_MODE attribute length bridge: Validate IFLA_BRIDGE_FLAGS attribute length stmmac: platform: fix default values of the filter bins setting net/mlx4_core: Limit count field to 24 bits in qp_alloc_res net: dsa: bcm_sf2: reset switch prior to initialization net: dsa: bcm_sf2: fix unmapping registers in case of errors tg3: fix ring init when there are more TX than RX channels tcp: fix possible NULL dereference in tcp_vX_send_reset() rtlwifi: Change order in device startup rtlwifi: rtl8821ae: Fix 5G detection problem Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse" vxlan: Fix boolean flip in VXLAN_F_UDP_ZERO_CSUM6_[TX|RX] ip6_udp_tunnel: Fix checksum calculation net-timestamp: Fix a documentation typo net/ping: handle protocol mismatching scenario af_packet: fix sparse warning ... 2014-11-26T20:45:04Z Willem de Bruijn willemb@google.com 2014-11-26T19:53:02Z urn:sha1:f4713a3dfad045d46afcb9c2a7d0bba288920ed4 TCP timestamping introduced MSG_ERRQUEUE handling for TCP sockets. If the socket is of family AF_INET6, call ipv6_recv_error instead of ip_recv_error. This change is more complex than a single branch due to the loadable ipv6 module. It reuses a pre-existing indirect function call from ping. The ping code is safe to call, because it is part of the core ipv6 module and always present when AF_INET6 sockets are active. Fixes: 4ed2d765 (net-timestamp: TCP timestamping) Signed-off-by: Willem de Bruijn <willemb@google.com> ---- It may also be worthwhile to add WARN_ON_ONCE(sk->family == AF_INET6) to ip_recv_error. Signed-off-by: David S. Miller <davem@davemloft.net>