Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.2.78 2014-01-03T04:33:20Z 2014-01-03T04:33:20Z Ryan Mallon rmallon@gmail.com 2013-11-12T23:08:51Z urn:sha1:373dcf178f11e09037edea51478f8340dcb583e3 commit 312b4e226951f707e120b95b118cbc14f3d162b2 upstream. Some setuid binaries will allow reading of files which have read permission by the real user id. This is problematic with files which use %pK because the file access permission is checked at open() time, but the kptr_restrict setting is checked at read() time. If a setuid binary opens a %pK file as an unprivileged user, and then elevates permissions before reading the file, then kernel pointer values may be leaked. This happens for example with the setuid pppd application on Ubuntu 12.04: $ head -1 /proc/kallsyms 00000000 T startup_32 $ pppd file /proc/kallsyms pppd: In file /proc/kallsyms: unrecognized option 'c1000000' This will only leak the pointer value from the first line, but other setuid binaries may leak more information. Fix this by adding a check that in addition to the current process having CAP_SYSLOG, that effective user and group ids are equal to the real ids. If a setuid binary reads the contents of a file which uses %pK then the pointer values will be printed as NULL if the real user is unprivileged. Update the sysctl documentation to reflect the changes, and also correct the documentation to state the kptr_restrict=0 is the default. This is a only temporary solution to the issue. The correct solution is to do the permission check at open() time on files, and to replace %pK with a function which checks the open() time permission. %pK uses in printk should be removed since no sane permission check can be done, and instead protected by using dmesg_restrict. Signed-off-by: Ryan Mallon <rmallon@gmail.com> Cc: Kees Cook <keescook@chromium.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Joe Perches <joe@perches.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [bwh: Backported to 3.2: - Adjust context - Compare ids directly instead of using {uid,gid}_eq()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2012-08-09T23:25:01Z Dan Rosenberg drosenberg@vsecurity.com 2012-07-30T21:40:26Z urn:sha1:1b772a147a183c09462f0d23e041b077f158fa0f commit 3715c5309f6d175c3053672b73fd4f73be16fd07 upstream. When using ALT+SysRq+Q all the pointers are replaced with "pK-error" like this: [23153.208033] .base: pK-error with echo h > /proc/sysrq-trigger it works: [23107.776363] .base: ffff88023e60d540 The intent behind this behavior was to return "pK-error" in cases where the %pK format specifier was used in interrupt context, because the CAP_SYSLOG check wouldn't be meaningful. Clearly this should only apply when kptr_restrict is actually enabled though. Reported-by: Stevie Trujillo <stevie.trujillo@gmail.com> Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2011-11-01T00:30:56Z Andy Shevchenko andriy.shevchenko@linux.intel.com 2011-11-01T00:12:41Z urn:sha1:55036ba76b2d2fd53b5c00993fcec5ed56e83922 As suggested by Andrew Morton in [1] there is better to have most significant part first in the function name. [1] https://lkml.org/lkml/2011/9/20/22 There is no functional change. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: David Howells <dhowells@redhat.com> Cc: Koichi Yasutake <yasutake.koichi@jp.panasonic.com> Cc: Jason Wessel <jason.wessel@windriver.com> Cc: Mimi Zohar <zohar@us.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: "John W. Linville" <linville@tuxdriver.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-11-01T00:30:56Z Alexey Dobriyan adobriyan@gmail.com 2011-11-01T00:12:28Z urn:sha1:1dff46d6987484eaa31f2fb1425216ba06418be3 Currently termination logic (\0 or \n\0) is hardcoded in _kstrtoull(), avoid that for code reuse between kstrto*() and simple_strtoull(). Essentially, make them different only in termination logic. simple_strtoull() (and scanf(), BTW) ignores integer overflow, that's a bug we currently don't have guts to fix, making KSTRTOX_OVERFLOW hack necessary. Almost forgot: patch shrinks code size by about ~80 bytes on x86_64. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-07-26T04:00:19Z Linus Torvalds torvalds@linux-foundation.org 2011-07-26T04:00:19Z urn:sha1:45b583b10a8b438b970e95a7d1d4db22c9e35004 * Merge akpm patch series: (122 commits) drivers/connector/cn_proc.c: remove unused local Documentation/SubmitChecklist: add RCU debug config options reiserfs: use hweight_long() reiserfs: use proper little-endian bitops pnpacpi: register disabled resources drivers/rtc/rtc-tegra.c: properly initialize spinlock drivers/rtc/rtc-twl.c: check return value of twl_rtc_write_u8() in twl_rtc_set_time() drivers/rtc: add support for Qualcomm PMIC8xxx RTC drivers/rtc/rtc-s3c.c: support clock gating drivers/rtc/rtc-mpc5121.c: add support for RTC on MPC5200 init: skip calibration delay if previously done misc/eeprom: add eeprom access driver for digsy_mtc board misc/eeprom: add driver for microwire 93xx46 EEPROMs checkpatch.pl: update $logFunctions checkpatch: make utf-8 test --strict checkpatch.pl: add ability to ignore various messages checkpatch: add a "prefer __aligned" check checkpatch: validate signature styles and To: and Cc: lines checkpatch: add __rcu as a sparse modifier checkpatch: suggest using min_t or max_t ... Did this as a merge because of (trivial) conflicts in - Documentation/feature-removal-schedule.txt - arch/xtensa/include/asm/uaccess.h that were just easier to fix up in the merge than in the patch series. 2011-07-26T03:57:16Z Andy Shevchenko andriy.shevchenko@linux.intel.com 2011-07-26T00:13:20Z urn:sha1:75fb8f269305fc066c4c6ec6e7232df0c92f434d This function is required by *printf and kstrto* functions that are located in the different modules. This patch makes _tolower() public. However, it's good idea to not use the helper outside of mentioned functions. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-07-14T18:51:40Z Jan Engelhardt jengelh@medozas.de 2011-07-14T16:48:56Z urn:sha1:f996f2081276c37da4dbd7b2e6310fbc8f0034f6 The draft has evolved to RFC 5952. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 2011-06-09T19:51:15Z Joe Perches joe@perches.com 2011-06-09T18:23:37Z urn:sha1:29cf519ee086686e5f0fc91cbb2d601dd1190f9c RFC 5952 (http://tools.ietf.org/html/rfc5952) mandates that 2 or more consecutive 0's are required before using :: compression. Update ip6_compressed_string to match the RFC and update the http reference as well. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-05-25T15:39:47Z Jan Beulich JBeulich@novell.com 2011-05-25T00:13:18Z urn:sha1:d9be9b90d6dc5e712ca5d6109691a8de753ce7f1 Otherwise, the warning at the top of vsnprintf() gets triggered by kvasprintf()'s first invocation (with NULL buffer and zero size) of vsnprintf(). Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-05-23T16:12:26Z Linus Torvalds torvalds@linux-foundation.org 2011-05-23T16:12:26Z urn:sha1:57d19e80f459dd845fb3cfeba8e6df8471bac142 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits) b43: fix comment typo reqest -> request Haavard Skinnemoen has left Atmel cris: typo in mach-fs Makefile Kconfig: fix copy/paste-ism for dell-wmi-aio driver doc: timers-howto: fix a typo ("unsgined") perf: Only include annotate.h once in tools/perf/util/ui/browsers/annotate.c md, raid5: Fix spelling error in comment ('Ofcourse' --> 'Of course'). treewide: fix a few typos in comments regulator: change debug statement be consistent with the style of the rest Revert "arm: mach-u300/gpio: Fix mem_region resource size miscalculations" audit: acquire creds selectively to reduce atomic op overhead rtlwifi: don't touch with treewide double semicolon removal treewide: cleanup continuations and remove logging message whitespace ath9k_hw: don't touch with treewide double semicolon removal include/linux/leds-regulator.h: fix syntax in example code tty: fix typo in descripton of tty_termios_encode_baud_rate xtensa: remove obsolete BKL kernel option from defconfig m68k: fix comment typo 'occcured' arch:Kconfig.locks Remove unused config option. treewide: remove extra semicolons ...