From 27e4e4362756a78b15e83ef104c8bbe257f40f90 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 8 Aug 2011 15:54:53 +0100 Subject: CRED: Restore const to current_cred() Commit 3295514841c2 ("fix rcu annotations noise in cred.h") accidentally dropped the const of current->cred inside current_cred() by the insertion of a cast to deal with an RCU annotation loss warning from sparce. Use an appropriate RCU wrapper instead so as not to lose the const. Signed-off-by: David Howells Reviewed-by: Paul E. McKenney cc: Al Viro Signed-off-by: Linus Torvalds --- include/linux/cred.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/cred.h b/include/linux/cred.h index 98f46efbe2d2..8e2fd44eb160 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -269,7 +269,7 @@ static inline void put_cred(const struct cred *_cred) * since nobody else can modify it. */ #define current_cred() \ - (*(__force struct cred **)¤t->cred) + rcu_dereference_protected(current->cred, 1) /** * __task_cred - Access a task's objective credentials -- cgit v1.2.3 From 638a8439096c582bdb523fcea9d875d3e1fed38a Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Mon, 8 Aug 2011 11:33:23 -0700 Subject: cred: use 'const' in get_current_{user,groups} Avoid annoying warnings from these functions ("discards qualifiers") because they assign 'current_cred()' to a non-const pointer. Signed-off-by: Linus Torvalds --- include/linux/cred.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/cred.h b/include/linux/cred.h index 8e2fd44eb160..40308969ed00 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -307,7 +307,7 @@ static inline void put_cred(const struct cred *_cred) #define get_current_user() \ ({ \ struct user_struct *__u; \ - struct cred *__cred; \ + const struct cred *__cred; \ __cred = current_cred(); \ __u = get_uid(__cred->user); \ __u; \ @@ -322,7 +322,7 @@ static inline void put_cred(const struct cred *_cred) #define get_current_groups() \ ({ \ struct group_info *__groups; \ - struct cred *__cred; \ + const struct cred *__cred; \ __cred = current_cred(); \ __groups = get_group_info(__cred->group_info); \ __groups; \ -- cgit v1.2.3 From 5c723ba5b7886909b2e430f2eae454c33f7fe5c6 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra Date: Wed, 27 Jul 2011 12:17:11 +0200 Subject: mm: Fix fixup_user_fault() for MMU=n In commit 2efaca927f5c ("mm/futex: fix futex writes on archs with SW tracking of dirty & young") we forgot about MMU=n. This patch fixes that. Signed-off-by: Peter Zijlstra Acked-by: Benjamin Herrenschmidt Acked-by: David Howells Link: http://lkml.kernel.org/r/1311761831.24752.413.camel@twins Signed-off-by: Linus Torvalds --- include/linux/mm.h | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/mm.h b/include/linux/mm.h index f2690cf49827..fd599f4bb846 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -962,6 +962,8 @@ int invalidate_inode_page(struct page *page); #ifdef CONFIG_MMU extern int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, unsigned int flags); +extern int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, + unsigned long address, unsigned int fault_flags); #else static inline int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, @@ -971,6 +973,14 @@ static inline int handle_mm_fault(struct mm_struct *mm, BUG(); return VM_FAULT_SIGBUS; } +static inline int fixup_user_fault(struct task_struct *tsk, + struct mm_struct *mm, unsigned long address, + unsigned int fault_flags) +{ + /* should never happen if there's no MMU */ + BUG(); + return -EFAULT; +} #endif extern int make_pages_present(unsigned long addr, unsigned long end); @@ -988,8 +998,6 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int get_user_pages_fast(unsigned long start, int nr_pages, int write, struct page **pages); struct page *get_dump_page(unsigned long addr); -extern int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, - unsigned long address, unsigned int fault_flags); extern int try_to_release_page(struct page * page, gfp_t gfp_mask); extern void do_invalidatepage(struct page *page, unsigned long offset); -- cgit v1.2.3 From 89272b8c0d427021bed70b1b83e1a16be375ccf5 Mon Sep 17 00:00:00 2001 From: Stephen Warren Date: Fri, 5 Aug 2011 16:50:30 -0600 Subject: dt: add empty of_get_property for non-dt The patch adds empty function of_get_property for non-dt build, so that drivers migrating to dt can save some '#ifdef CONFIG_OF'. This also fixes the current Tegra compile problem in linux-next. Signed-off-by: Stephen Warren Signed-off-by: Grant Likely --- include/linux/of.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include/linux') diff --git a/include/linux/of.h b/include/linux/of.h index 0085bb01c041..9180dc5cb00b 100644 --- a/include/linux/of.h +++ b/include/linux/of.h @@ -256,6 +256,13 @@ static inline int of_property_read_string(struct device_node *np, return -ENOSYS; } +static inline const void *of_get_property(const struct device_node *node, + const char *name, + int *lenp) +{ + return NULL; +} + #endif /* CONFIG_OF */ static inline int of_property_read_u32(const struct device_node *np, -- cgit v1.2.3 From 72fa59970f8698023045ab0713d66f3f4f96945c Mon Sep 17 00:00:00 2001 From: Vasiliy Kulikov Date: Mon, 8 Aug 2011 19:02:04 +0400 Subject: move RLIMIT_NPROC check from set_user() to do_execve_common() The patch http://lkml.org/lkml/2003/7/13/226 introduced an RLIMIT_NPROC check in set_user() to check for NPROC exceeding via setuid() and similar functions. Before the check there was a possibility to greatly exceed the allowed number of processes by an unprivileged user if the program relied on rlimit only. But the check created new security threat: many poorly written programs simply don't check setuid() return code and believe it cannot fail if executed with root privileges. So, the check is removed in this patch because of too often privilege escalations related to buggy programs. The NPROC can still be enforced in the common code flow of daemons spawning user processes. Most of daemons do fork()+setuid()+execve(). The check introduced in execve() (1) enforces the same limit as in setuid() and (2) doesn't create similar security issues. Neil Brown suggested to track what specific process has exceeded the limit by setting PF_NPROC_EXCEEDED process flag. With the change only this process would fail on execve(), and other processes' execve() behaviour is not changed. Solar Designer suggested to re-check whether NPROC limit is still exceeded at the moment of execve(). If the process was sleeping for days between set*uid() and execve(), and the NPROC counter step down under the limit, the defered execve() failure because NPROC limit was exceeded days ago would be unexpected. If the limit is not exceeded anymore, we clear the flag on successful calls to execve() and fork(). The flag is also cleared on successful calls to set_user() as the limit was exceeded for the previous user, not the current one. Similar check was introduced in -ow patches (without the process flag). v3 - clear PF_NPROC_EXCEEDED on successful calls to set_user(). Reviewed-by: James Morris Signed-off-by: Vasiliy Kulikov Acked-by: NeilBrown Signed-off-by: Linus Torvalds --- include/linux/sched.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/sched.h b/include/linux/sched.h index 20b03bf94748..4ac2c0578e0f 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1767,6 +1767,7 @@ extern void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t * #define PF_DUMPCORE 0x00000200 /* dumped core */ #define PF_SIGNALED 0x00000400 /* killed by a signal */ #define PF_MEMALLOC 0x00000800 /* Allocating memory */ +#define PF_NPROC_EXCEEDED 0x00001000 /* set_user noticed that RLIMIT_NPROC was exceeded */ #define PF_USED_MATH 0x00002000 /* if unset the fpu must be initialized before use */ #define PF_FREEZING 0x00004000 /* freeze in progress. do not account to load */ #define PF_NOFREEZE 0x00008000 /* this thread should not be frozen */ -- cgit v1.2.3