All of those are rw-r--r-- and all are broken for suid - if you open
a file before the target does suid-root exec, you'll be still able
to access it. For personality it's not a big deal, but for syscall
and stack it's a real problem.
Fix: check that task is tracable for you at the time of read().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
With recent changes there is no longer a security hazard with writing to
/proc/pid/mem. Remove the #ifdef.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This change allows us to take advantage of access_remote_vm(), which in turn
eliminates a security issue with the mem_write() implementation.
The previous implementation of mem_write() was insecure since the target task
could exec a setuid-root binary between the permission check and the actual
write. Holding a reference to the target mm_struct eliminates this
vulnerability.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Avoid a potential race when task exec's and we get a new ->mm but check against
the old credentials in ptrace_may_access().
Holding of the mutex is implemented by factoring out the body of the code into a
helper function __check_mem_permission(). Performing this factorization now
simplifies upcoming changes and minimizes churn in the diff's.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This change makes mem_write() observe the same constraints as mem_read(). This
is particularly important for mem_write as an accidental leak of the fd across
an exec could result in arbitrary modification of the target process' memory.
IOW, /proc/pid/mem is implicitly close-on-exec.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Provide an alternative to access_process_vm that allows the caller to obtain a
reference to the supplied mm_struct.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Introduce an internal helper __access_remote_vm and base access_process_vm on
top of it. This new method may be called with a NULL task_struct if page fault
accounting is not desired. This code will be shared with a new address space
accessor that is independent of task_struct.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
We now check if a requested user page overlaps a gate vma using the supplied mm
instead of the supplied task. The given task is now used solely for accounting
purposes and may be NULL.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Now that gate vma's are referenced with respect to a particular mm and not a
particular task it only makes sense to propagate the change to this predicate as
well.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Reviewed-by: Michel Lespinasse <walken@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Morally, the question of whether an address lies in a gate vma should be asked
with respect to an mm, not a particular task. Moreover, dropping the dependency
on task_struct will help make existing and future operations on mm's more
flexible and convenient.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Reviewed-by: Michel Lespinasse <walken@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Morally, the presence of a gate vma is more an attribute of a particular mm than
a particular task. Moreover, dropping the dependency on task_struct will help
make both existing and future operations on mm's more flexible and convenient.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Reviewed-by: Michel Lespinasse <walken@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This patch simply follows the same practice as for setting the TIF_IA32 flag.
In particular, an mm is marked as holding 32-bit tasks when a 32-bit binary is
exec'ed. Both ELF and a.out formats are updated.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Reviewed-by: Michel Lespinasse <walken@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This tag is intended to mirror the thread info TIF_IA32 flag. Will be used to
identify mm's which support 32 bit tasks running in compatibility mode without
requiring a reference to the task itself.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Reviewed-by: Michel Lespinasse <walken@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
kbuild: Make DEBUG_SECTION_MISMATCH selectable, but not on by default
genksyms: Regenerate lexer and parser
genksyms: Track changes to enum constants
genksyms: simplify usage of find_symbol()
genksyms: Add helpers for building string lists
genksyms: Simplify printing of symbol types
genksyms: Simplify lexer
genksyms: Do not paste the bison header file to lex.c
modpost: fix trailing comma
KBuild: silence "'scripts/unifdef' is up to date."
kbuild: Add extra gcc checks
kbuild: reenable section mismatch analysis
unifdef: update to upstream version 2.5
This patch reduces the number of sequential pointer derefs in
drivers/scsi/scsi_error.c
This has been submitted a number of times over a couple of years. I
believe this version adresses all comments it has gathered over time.
Please apply or reject with a reason.
The benefits are:
- makes the code easier to read. Lots of sequential derefs of the same
pointers is not easy on the eye.
- theoretically at least, just dereferencing the pointers once can
allow the compiler to generally slightly faster code, so in theory
this could also be a micro speed optimization.
- reduces size of object file (tiny effect: on x86-64, in at least one
configuration, the text size decreased from 9439 bytes to 9400)
- removes some pointless (mostly trailing) whitespace.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Remove incorrect Matrox G200eV support that was previously added by
commit e3a1938805
A serious issue with the incorrect G200eV support that reproduces on the
Matrox G200eV equipped IBM x3650 M2 is the total lack of text (login
banner, login prompt, etc) on the console when X is not running and
total lack of text on all of the virtual consoles after X is started.
Any concerns that the incorrect code (upstream since October 2008) has
been successfully used on non-IBM G200eV equipped system(s) appear to be
unwarranted. In addition to the serious/non-intermittent nature of
issues that have been spotted on IBM systems, complete removal of the
incorrect code is clearly supported by the following Matrox (Yannick
Heneault) provided input:
"It impossible that this patch should have work on a system.
The patch only declare the G200eV as a regular G200 which is
not case. Many registers are different, including at least the
PLL programming sequence. If the G200eV is programmed like a
regular G200, it will not display anything."
v1 - Initial patch that removed the incorrect code for _all_
G200eV equipped systems.
v2 - Darrick Wong provided patch that blacklisted the incorrect
code on G200eV equipped IBM systems leaving it enabled on
all G200eV equipped non-IBM systems.
v3 - Same code changes included with v1 plus additional
justification for complete removal of the incorrect code.
Signed-off-by: Gary Hade <garyhade@us.ibm.com>
Cc: Darrick J. Wong <djwong@us.ibm.com>
Cc: Krzysztof Helt <krzysztof.h1@wp.pl>
Cc: Petr Vandrovec <vandrove@vc.cvut.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Yannick Heneault <yannick_heneault@matrox.com>
Cc: Christian Toutant <ctoutant@matrox.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://oss.sgi.com/xfs/xfs: (23 commits)
xfs: don't name variables "panic"
xfs: factor agf counter updates into a helper
xfs: clean up the xfs_alloc_compute_aligned calling convention
xfs: kill support/debug.[ch]
xfs: Convert remaining cmn_err() callers to new API
xfs: convert the quota debug prints to new API
xfs: rename xfs_cmn_err_fsblock_zero()
xfs: convert xfs_fs_cmn_err to new error logging API
xfs: kill xfs_fs_mount_cmn_err() macro
xfs: kill xfs_fs_repair_cmn_err() macro
xfs: convert xfs_cmn_err to xfs_alert_tag
xfs: Convert xlog_warn to new logging interface
xfs: Convert linux-2.6/ files to new logging interface
xfs: introduce new logging API.
xfs: zero proper structure size for geometry calls
xfs: enable delaylog by default
xfs: more sensible inode refcounting for ialloc
xfs: stop using xfs_trans_iget in the RT allocator
xfs: check if device support discard in xfs_ioc_trim()
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
...
Userland should be able to trust the pid and uid of the sender of a
signal if the si_code is SI_TKILL.
Unfortunately, the kernel has historically allowed sigqueueinfo() to
send any si_code at all (as long as it was negative - to distinguish it
from kernel-generated signals like SIGILL etc), so it could spoof a
SI_TKILL with incorrect siginfo values.
Happily, it looks like glibc has always set si_code to the appropriate
SI_QUEUE, so there are probably no actual user code that ever uses
anything but the appropriate SI_QUEUE flag.
So just tighten the check for si_code (we used to allow any negative
value), and add a (one-time) warning in case there are binaries out
there that might depend on using other si_code values.
Signed-off-by: Julien Tinnes <jln@google.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-2.6-ktest:
ktest: Add STOP_TEST_AFTER to stop the test after a period of time
ktest: Monitor kernel while running of user tests
ktest: Fix bug where the test would not end after failure
ktest: Add BISECT_FILES to run git bisect on paths
ktest: Add BISECT_SKIP
ktest: Add manual bisect
ktest: Handle kernels before make oldnoconfig
ktest: Start failure timeout on panic too
ktest: Print logfile name on failure
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
hwmon: (ads1015) Make gain and datarate configurable
hwmon: (ads1015) Drop dynamic attribute group
hwmon: Add support for Texas Instruments ADS1015
hwmon: New driver for SMSC SCH5627
hwmon: (abituguru*) Update my email address
hwmon: (lm75) Speed up detection
hwmon: (lm75) Add detection of the National Semiconductor LM75A
hp_accel: Fix driver name
Move lis3lv02d drivers to drivers/misc
Move hp_accel to drivers/platform/x86
Let Kconfig handle lis3lv02d dependencies
hwmon: (sht15) Fix integer overflow in humidity calculation
hwmon: (sht15) Spelling fix
hwmon: (w83795) Document pin mapping
/sys/fs is a somewhat strange way to tweak what could more
obviously be tuned with a mount option.
Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
FS: lookup_mnt() is only used in the core fs routines now
bfs: fix bitmap size argument to find_first_zero_bit()
fs: Use BUG_ON(!mnt) at dentry_open().
fs: devpts_pty_new() return -ENOMEM if dentry allocation failed
nfs: lock() vs unlock() typo
pstore: fix leaking ->i_private
introduce sys_syncfs to sync a single file system
Small typo fix...
Filesystem: fifo: Fixed coding style issue.
fs/inode: Fix kernel-doc format for inode_init_owner
select: remove unused MAX_SELECT_SECONDS
vfs: cleanup do_vfs_ioctl()
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: core: ignore link-active bit of new nodes, fix device recognition
firewire: sbp2: revert obsolete 'fix stall with "Unsolicited response"'
firewire: core: increase default SPLIT_TIMEOUT value
firewire: ohci: Misleading kfree in ohci.c::pci_probe/remove
firewire: ohci: omit IntEvent.busReset check rom AT queueing
firewire: ohci: prevent starting of iso contexts with empty queue
firewire: ohci: prevent iso completion callbacks after context stop
firewire: core: rename some variables
firewire: nosy: should work on Power Mac G4 PCI too
firewire: core: fix card->reset_jiffies overflow
firewire: cdev: remove unneeded reference
firewire: cdev: always wait for outbound transactions to complete
firewire: cdev: remove unneeded idr_find() from complete_transaction()
firewire: ohci: log dead DMA contexts
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6:
[PARISC] Convert to new irq_chip functions
[PARISC] fix per-cpu flag problem in the cpu affinity checkers
[PARISC] fix vmap flush/invalidate
eliminate special FLUSH flag from page table
parisc: flush pages through tmpalias space
Configuration for ads1015 gain and datarate is possible via
devicetree or platform data.
This is a followup patch to previous ads1015 patches on Jean Delvares
tree.
Signed-off-by: Dirk Eibach <eibach@gdsys.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
SMSC SCH5627 Super I/O chips include complete hardware monitoring
capabilities. They can monitor up to 5 voltages, 4 fans and 8
temperatures.
The hardware monitoring part of the SMSC SCH5627 is accessed by talking
through an embedded microcontroller. An application note describing the
protocol for communicating with the microcontroller is available upon
request. Please mail me if you want a copy.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Make the LM75/LM75A device detection faster:
* Don't read the current temperature value when we don't use it.
* Check for unused bits in the configuration register as soon as we
have read its value.
* Don't use word reads, not all devices support this, and some which
don't misbehave when you try.
* Check for cycling register values every 40 register addresses
instead of every 8, it's 5 times faster and just as efficient.
Some of these improvements come straight from the user-space
sensors-detect script, so both detection routines are in line now.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Add support for detection of the National Semiconductor LM75A using the ID
register value.
Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
I suspect that the "lis3lv02d" driver name is a legacy from before
the split into several modules. Use a specific name for the hp_accel
driver, for better error messages and easier investigation of issues.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Eric Piel <eric.piel@tremplin-utc.net>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Tested-by: Eric Piel <eric.piel@tremplin-utc.net>
Tested-by: Takashi Iwai <tiwai@suse.de>
The lis3lv02d drivers aren't hardware monitoring drivers, so the don't
belong to drivers/hwmon. Move them to drivers/misc, short of a better
home.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Eric Piel <eric.piel@tremplin-utc.net>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Tested-by: Eric Piel <eric.piel@tremplin-utc.net>
Tested-by: Takashi Iwai <tiwai@suse.de>
The hp_accel driver isn't a hardware monitoring driver, so it doesn't
belong to drivers/hwmon. Move it to drivers/platform/x86, assuming HP
doesn't ship non-x86 laptops.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Eric Piel <eric.piel@tremplin-utc.net>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Tested-by: Eric Piel <eric.piel@tremplin-utc.net>
Tested-by: Takashi Iwai <tiwai@suse.de>
The dependencies between the various lis3lv02d drivers make it
impossible to split them to different directories, while we really
want to do this. Move handling of dependencies from Makefile to
Kconfig, to make the move possible at all.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Eric Piel <eric.piel@tremplin-utc.net>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Tested-by: Eric Piel <eric.piel@tremplin-utc.net>
Tested-by: Takashi Iwai <tiwai@suse.de>
An integer overflow occurs in the calculation of RHlinear when the
relative humidity is greater than around 30%. The consequence is a subtle
(but noticeable) error in the resulting humidity measurement.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Apparently users are interested in this information, so let's provide
it.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/ptrace: Remove BUG_ON when full register set not available
powerpc: Factoring mpic cpu id fetching into a function
powerpc: Make MPIC honor the "pic-no-reset" device tree property
powerpc: Document the Open PIC device tree binding
powerpc/pci: Fix crash in PCI code on ppc64 when matching device nodes
lookup_mnt() is only used in the core fs routines now, so it doesn't need to
be globally declared anymore. It isn't exported to modules at the moment, so
nothing that can be modularised seems to be using it.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The usage of find_first_zero_bit() in bfs_create() is wrong for two
reasons.
The bitmap size argument to find_first_zero_bit() is info->si_lasti but
the correct bitmap size is info->si_lasti + 1 as info->si_lasti is the
last valid index in info->si_imap bitmap.
Another problem is that it is impossible to detect that info->si_imap
bitmap is full because there is an off-by-one bug in the return value
check for find_first_zero_bit(). If no zero bits exist in info->si_imap,
find_first_zero_bit() returns info->si_lasti. But the check can't catch
it due to the off-by-one.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Acked-by: "Tigran A. Aivazian" <tigran@aivazian.fsnet.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
CONFIG_DEBUG_SECTION_MISMATCH has also runtime effects due to the
-fno-inline-functions-called-once compiler flag, so forcing it on
everyone is not a good idea.
Signed-off-by: Michal Marek <mmarek@suse.cz>