1. 18 Aug, 2010 3 commits
    • David Miller's avatar
      a7c8962b
    • Daniel J Blueman's avatar
      Fix unprotected access to task credentials in waitid() · f362b732
      Daniel J Blueman authored
      Using a program like the following:
      
      	#include <stdlib.h>
      	#include <unistd.h>
      	#include <sys/types.h>
      	#include <sys/wait.h>
      
      	int main() {
      		id_t id;
      		siginfo_t infop;
      		pid_t res;
      
      		id = fork();
      		if (id == 0) { sleep(1); exit(0); }
      		kill(id, SIGSTOP);
      		alarm(1);
      		waitid(P_PID, id, &infop, WCONTINUED);
      		return 0;
      	}
      
      to call waitid() on a stopped process results in access to the child task's
      credentials without the RCU read lock being held - which may be replaced in the
      meantime - eliciting the following warning:
      
      	===================================================
      	[ INFO: suspicious rcu_dereference_check() usage. ]
      	---------------------------------------------------
      	kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
      
      	other info that might help us debug this:
      
      	rcu_scheduler_active = 1, debug_locks = 1
      	2 locks held by waitid02/22252:
      	 #0:  (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
      	 #1:  (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
      	wait_consider_task+0x19a/0xbe0
      
      	stack backtrace:
      	Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
      	Call Trace:
      	 [<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
      	 [<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
      	 [<ffffffff81061d15>] do_wait+0xf5/0x310
      	 [<ffffffff810620b6>] sys_waitid+0x86/0x1f0
      	 [<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
      	 [<ffffffff81003282>] system_call_fastpath+0x16/0x1b
      
      This is fixed by holding the RCU read lock in wait_task_continued() to ensure
      that the task's current credentials aren't destroyed between us reading the
      cred pointer and us reading the UID from those credentials.
      
      Furthermore, protect wait_task_stopped() in the same way.
      
      We don't need to keep holding the RCU read lock once we've read the UID from
      the credentials as holding the RCU read lock doesn't stop the target task from
      changing its creds under us - so the credentials may be outdated immediately
      after we've read the pointer, lock or no lock.
      Signed-off-by: default avatarDaniel J Blueman <daniel.blueman@gmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Acked-by: default avatarOleg Nesterov <oleg@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f362b732
    • David Howells's avatar
      Make do_execve() take a const filename pointer · d7627467
      David Howells authored
      Make do_execve() take a const filename pointer so that kernel_execve() compiles
      correctly on ARM:
      
      arch/arm/kernel/sys_arm.c:88: warning: passing argument 1 of 'do_execve' discards qualifiers from pointer target type
      
      This also requires the argv and envp arguments to be consted twice, once for
      the pointer array and once for the strings the array points to.  This is
      because do_execve() passes a pointer to the filename (now const) to
      copy_strings_kernel().  A simpler alternative would be to cast the filename
      pointer in do_execve() when it's passed to copy_strings_kernel().
      
      do_execve() may not change any of the strings it is passed as part of the argv
      or envp lists as they are some of them in .rodata, so marking these strings as
      const should be fine.
      
      Further kernel_execve() and sys_execve() need to be changed to match.
      
      This has been test built on x86_64, frv, arm and mips.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Acked-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d7627467
  2. 16 Aug, 2010 5 commits
    • Linus Torvalds's avatar
      Linux 2.6.36-rc1 · da5cabf8
      Linus Torvalds authored
      da5cabf8
    • Linus Torvalds's avatar
      Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 · 2245ba2a
      Linus Torvalds authored
      * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
        gcc-4.6: ACPI: fix unused but set variables in ACPI
        ACPI thermal: make procfs I/F depend on CONFIG_ACPI_PROCFS
        ACPI video: make procfs I/F depend on CONFIG_ACPI_PROCFS
        ACPI processor: remove deprecated ACPI procfs I/F
        ACPI power_resource: remove unused procfs I/F
        ACPI: remove deprecated ACPI procfs I/F
        ACPI: introduce drivers/acpi/sysfs.c
        ACPI: introduce module parameter acpi.aml_debug_output
        ACPI: introduce drivers/acpi/debugfs.c
        ACPI, APEI, ERST debug support
        ACPI, APEI, Manage GHES as platform devices
        ACPI, APEI, Rename CPER and GHES severity constants
        ACPI, APEI, Fix a typo of error path of apei_resources_request
        ACPI / ACPICA: Fix reference counting problems with GPE handlers
        ACPI: Add the check of ADR flag in course of finding ACPI handle for PCI device
        ACPI / Sleep: Drop acpi_suspend_finish()
        ACPI / Sleep: Consolidate suspend and hibernation routines
        ACPI / Wakeup: Simplify enabling of wakeup devices
        ACPI / Sleep: Rework enabling wakeup devices
        ACPI / Sleep: Free NVS copy if suspending of devices fails
      
      Fixed up totally buggered "ACPI: fix unused but set variables in ACPI"
      patch that doesn't even compile in the merge.
      
      Thanks to Sedat Dilek <sedat.dilek@googlemail.com> for noticing the
      breakage before I even pulled.  And a big "Grrr.." at Len for not even
      bothering to compile the tree before asking me to pull.
      2245ba2a
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/iommu-2.6 · e2e96c66
      Linus Torvalds authored
      * git://git.infradead.org/iommu-2.6:
        intel-iommu: Fix 32-bit build warning with __cmpxchg()
        intr-remap: allow disabling source id checking
      e2e96c66
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/mtd-2.6 · 7355a5a6
      Linus Torvalds authored
      * git://git.infradead.org/mtd-2.6:
        mtd/nand_ids: Fix buswidth
        mtd/m25p80: fix test for end of loop
        mtd/m25p80: retlen is never NULL
        MIPS: Fix gen_nand probe structures contents
        gen_nand: Test if nr_chips field is valid
        BFIN: Fix gen_nand probe structures contents
        nand/denali: move all hardware initialization work to denali_hw_init
        nand/denali: Add a page check in denali_read_page & denali_read_page_raw
        nand/denali: use cpu_relax() while waiting for hardware interrupt
        nand/denali: change read_status function method
        nand/denali: Fixed check patch warnings
        ARM: Fix gen_nand probe structures contents
        mtd/nand_base: fix kernel-doc warnings & typos
        nand/denali: use dev_xx debug function to replace nand_dbg_print and some printk
        nand/denali: Fixed handle ECC error bugs
        nand/denali: use iowrite32() to replace denali_write32()
        nand/denali: Fixed probe function bugs
      7355a5a6
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 7a1b29a8
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
        arch/tile: don't validate CROSS_COMPILE needlessly
        arch/tile: export only COMMAND_LINE_SIZE to userspace.
        arch/tile: rename ARCH_KMALLOC_MINALIGN to ARCH_DMA_MINALIGN
        arch/tile: Rename the hweight() implementations to __arch_hweight()
        arch/tile: extend syscall ABI to set r1 on return as well.
        arch/tile: Various cleanups.
        arch/tile: support backtracing on TILE-Gx
        arch/tile: Fix a couple of issues with the COMPAT code for TILE-Gx.
        arch/tile: Use separate, better minsec values for clocksource and sched_clock.
        arch/tile: correct a bug in freeing bootmem by VA for the optional second initrd.
        arch: tile: mm: pgtable.c: Removed duplicated #include
        arch: tile: kernel/proc.c Removed duplicated #include
        Add fanotify syscalls to <asm-generic/unistd.h>.
        arch/tile: support new kunmap_atomic() naming convention.
        tile: remove unused ISA_DMA_THRESHOLD define
      
      Conflicts in arch/tile/configs/tile_defconfig (pick the mainline version
      with the reduced defconfig).
      7a1b29a8
  3. 15 Aug, 2010 26 commits
  4. 14 Aug, 2010 6 commits