Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull core locking updates from Thomas Gleixner.

* 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
futex: Mark get_robust_list as deprecated
futex: Do not leak robust list to unprivileged process

+42 -48
+10
Documentation/feature-removal-schedule.txt
··· 529 529 Why: The old kmap_atomic() with two arguments is deprecated, we only 530 530 keep it for backward compatibility for few cycles and then drop it. 531 531 Who: Cong Wang <amwang@redhat.com> 532 + 533 + ---------------------------- 534 + 535 + What: get_robust_list syscall 536 + When: 2013 537 + Why: There appear to be no production users of the get_robust_list syscall, 538 + and it runs the risk of leaking address locations, allowing the bypass 539 + of ASLR. It was only ever intended for debugging, so it should be 540 + removed. 541 + Who: Kees Cook <keescook@chromium.org>
+16 -24
kernel/futex.c
··· 59 59 #include <linux/magic.h> 60 60 #include <linux/pid.h> 61 61 #include <linux/nsproxy.h> 62 + #include <linux/ptrace.h> 62 63 63 64 #include <asm/futex.h> 64 65 ··· 2444 2443 { 2445 2444 struct robust_list_head __user *head; 2446 2445 unsigned long ret; 2447 - const struct cred *cred = current_cred(), *pcred; 2446 + struct task_struct *p; 2448 2447 2449 2448 if (!futex_cmpxchg_enabled) 2450 2449 return -ENOSYS; 2451 2450 2452 - if (!pid) 2453 - head = current->robust_list; 2454 - else { 2455 - struct task_struct *p; 2451 + WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n"); 2456 2452 2457 - ret = -ESRCH; 2458 - rcu_read_lock(); 2453 + rcu_read_lock(); 2454 + 2455 + ret = -ESRCH; 2456 + if (!pid) 2457 + p = current; 2458 + else { 2459 2459 p = find_task_by_vpid(pid); 2460 2460 if (!p) 2461 2461 goto err_unlock; 2462 - ret = -EPERM; 2463 - pcred = __task_cred(p); 2464 - /* If victim is in different user_ns, then uids are not 2465 - comparable, so we must have CAP_SYS_PTRACE */ 2466 - if (cred->user->user_ns != pcred->user->user_ns) { 2467 - if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) 2468 - goto err_unlock; 2469 - goto ok; 2470 - } 2471 - /* If victim is in same user_ns, then uids are comparable */ 2472 - if (cred->euid != pcred->euid && 2473 - cred->euid != pcred->uid && 2474 - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) 2475 - goto err_unlock; 2476 - ok: 2477 - head = p->robust_list; 2478 - rcu_read_unlock(); 2479 2462 } 2463 + 2464 + ret = -EPERM; 2465 + if (!ptrace_may_access(p, PTRACE_MODE_READ)) 2466 + goto err_unlock; 2467 + 2468 + head = p->robust_list; 2469 + rcu_read_unlock(); 2480 2470 2481 2471 if (put_user(sizeof(*head), len_ptr)) 2482 2472 return -EFAULT;
+16 -24
kernel/futex_compat.c
··· 10 10 #include <linux/compat.h> 11 11 #include <linux/nsproxy.h> 12 12 #include <linux/futex.h> 13 + #include <linux/ptrace.h> 13 14 14 15 #include <asm/uaccess.h> 15 16 ··· 137 136 { 138 137 struct compat_robust_list_head __user *head; 139 138 unsigned long ret; 140 - const struct cred *cred = current_cred(), *pcred; 139 + struct task_struct *p; 141 140 142 141 if (!futex_cmpxchg_enabled) 143 142 return -ENOSYS; 144 143 145 - if (!pid) 146 - head = current->compat_robust_list; 147 - else { 148 - struct task_struct *p; 144 + WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n"); 149 145 150 - ret = -ESRCH; 151 - rcu_read_lock(); 146 + rcu_read_lock(); 147 + 148 + ret = -ESRCH; 149 + if (!pid) 150 + p = current; 151 + else { 152 152 p = find_task_by_vpid(pid); 153 153 if (!p) 154 154 goto err_unlock; 155 - ret = -EPERM; 156 - pcred = __task_cred(p); 157 - /* If victim is in different user_ns, then uids are not 158 - comparable, so we must have CAP_SYS_PTRACE */ 159 - if (cred->user->user_ns != pcred->user->user_ns) { 160 - if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) 161 - goto err_unlock; 162 - goto ok; 163 - } 164 - /* If victim is in same user_ns, then uids are comparable */ 165 - if (cred->euid != pcred->euid && 166 - cred->euid != pcred->uid && 167 - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) 168 - goto err_unlock; 169 - ok: 170 - head = p->compat_robust_list; 171 - rcu_read_unlock(); 172 155 } 156 + 157 + ret = -EPERM; 158 + if (!ptrace_may_access(p, PTRACE_MODE_READ)) 159 + goto err_unlock; 160 + 161 + head = p->compat_robust_list; 162 + rcu_read_unlock(); 173 163 174 164 if (put_user(sizeof(*head), len_ptr)) 175 165 return -EFAULT;