| 1 |
Author: mpagano |
| 2 |
Date: 2012-02-07 13:43:37 +0000 (Tue, 07 Feb 2012) |
| 3 |
New Revision: 2081 |
| 4 |
|
| 5 |
Removed: |
| 6 |
genpatches-2.6/trunk/3.0/2100_proc-mem-handling-fix.patch |
| 7 |
Modified: |
| 8 |
genpatches-2.6/trunk/3.0/0000_README |
| 9 |
Log: |
| 10 |
Linux patches 3.0.18, 3.0.19 and 3.0.20. Removal of redundant patch |
| 11 |
|
| 12 |
Modified: genpatches-2.6/trunk/3.0/0000_README |
| 13 |
=================================================================== |
| 14 |
--- genpatches-2.6/trunk/3.0/0000_README 2012-02-07 13:19:19 UTC (rev 2080) |
| 15 |
+++ genpatches-2.6/trunk/3.0/0000_README 2012-02-07 13:43:37 UTC (rev 2081) |
| 16 |
@@ -107,14 +107,22 @@ |
| 17 |
From: http://www.kernel.org |
| 18 |
Desc: Linux 3.0.17 |
| 19 |
|
| 20 |
+Patch: 1017_linux-3.0.18.patch |
| 21 |
+From: http://www.kernel.org |
| 22 |
+Desc: Linux 3.0.18 |
| 23 |
+ |
| 24 |
+Patch: 1018_linux-3.0.19.patch |
| 25 |
+From: http://www.kernel.org |
| 26 |
+Desc: Linux 3.0.19 |
| 27 |
+ |
| 28 |
+Patch: 1019_linux-3.0.20.patch |
| 29 |
+From: http://www.kernel.org |
| 30 |
+Desc: Linux 3.0.20 |
| 31 |
+ |
| 32 |
Patch: 1800_fix-zcache-build.patch |
| 33 |
From: http://bugs.gentoo.org/show_bug.cgi?id=376325 |
| 34 |
Desc: Fix zcache build error |
| 35 |
|
| 36 |
-Patch: 2100_proc-mem-handling-fix.patch |
| 37 |
-From: http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git |
| 38 |
-Desc: Clean up and fix /proc/<pid>/mem handling, prevent local privilege escalation |
| 39 |
- |
| 40 |
Patch: 2600_Input-ALPS-Move-protocol-information-to-Documentation.patch |
| 41 |
From: http://bugs.gentoo.org/show_bug.cgi?id=318567 |
| 42 |
Desc: ALPS Touchpad - Move protocol information to Documentation |
| 43 |
|
| 44 |
Deleted: genpatches-2.6/trunk/3.0/2100_proc-mem-handling-fix.patch |
| 45 |
=================================================================== |
| 46 |
--- genpatches-2.6/trunk/3.0/2100_proc-mem-handling-fix.patch 2012-02-07 13:19:19 UTC (rev 2080) |
| 47 |
+++ genpatches-2.6/trunk/3.0/2100_proc-mem-handling-fix.patch 2012-02-07 13:43:37 UTC (rev 2081) |
| 48 |
@@ -1,226 +0,0 @@ |
| 49 |
---- a/fs/proc/base.c 2012-01-24 09:59:44.851331187 -0500 |
| 50 |
-+++ b/fs/proc/base.c 2012-01-24 10:05:15.530851282 -0500 |
| 51 |
-@@ -194,65 +194,7 @@ static int proc_root_link(struct inode * |
| 52 |
- return result; |
| 53 |
- } |
| 54 |
- |
| 55 |
--static struct mm_struct *__check_mem_permission(struct task_struct *task) |
| 56 |
--{ |
| 57 |
-- struct mm_struct *mm; |
| 58 |
-- |
| 59 |
-- mm = get_task_mm(task); |
| 60 |
-- if (!mm) |
| 61 |
-- return ERR_PTR(-EINVAL); |
| 62 |
-- |
| 63 |
-- /* |
| 64 |
-- * A task can always look at itself, in case it chooses |
| 65 |
-- * to use system calls instead of load instructions. |
| 66 |
-- */ |
| 67 |
-- if (task == current) |
| 68 |
-- return mm; |
| 69 |
-- |
| 70 |
-- /* |
| 71 |
-- * If current is actively ptrace'ing, and would also be |
| 72 |
-- * permitted to freshly attach with ptrace now, permit it. |
| 73 |
-- */ |
| 74 |
-- if (task_is_stopped_or_traced(task)) { |
| 75 |
-- int match; |
| 76 |
-- rcu_read_lock(); |
| 77 |
-- match = (tracehook_tracer_task(task) == current); |
| 78 |
-- rcu_read_unlock(); |
| 79 |
-- if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH)) |
| 80 |
-- return mm; |
| 81 |
-- } |
| 82 |
-- |
| 83 |
-- /* |
| 84 |
-- * No one else is allowed. |
| 85 |
-- */ |
| 86 |
-- mmput(mm); |
| 87 |
-- return ERR_PTR(-EPERM); |
| 88 |
--} |
| 89 |
-- |
| 90 |
--/* |
| 91 |
-- * If current may access user memory in @task return a reference to the |
| 92 |
-- * corresponding mm, otherwise ERR_PTR. |
| 93 |
-- */ |
| 94 |
--static struct mm_struct *check_mem_permission(struct task_struct *task) |
| 95 |
--{ |
| 96 |
-- struct mm_struct *mm; |
| 97 |
-- int err; |
| 98 |
-- |
| 99 |
-- /* |
| 100 |
-- * Avoid racing if task exec's as we might get a new mm but validate |
| 101 |
-- * against old credentials. |
| 102 |
-- */ |
| 103 |
-- err = mutex_lock_killable(&task->signal->cred_guard_mutex); |
| 104 |
-- if (err) |
| 105 |
-- return ERR_PTR(err); |
| 106 |
-- |
| 107 |
-- mm = __check_mem_permission(task); |
| 108 |
-- mutex_unlock(&task->signal->cred_guard_mutex); |
| 109 |
-- |
| 110 |
-- return mm; |
| 111 |
--} |
| 112 |
-- |
| 113 |
--struct mm_struct *mm_for_maps(struct task_struct *task) |
| 114 |
-+static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) |
| 115 |
- { |
| 116 |
- struct mm_struct *mm; |
| 117 |
- int err; |
| 118 |
-@@ -263,7 +205,7 @@ struct mm_struct *mm_for_maps(struct tas |
| 119 |
- |
| 120 |
- mm = get_task_mm(task); |
| 121 |
- if (mm && mm != current->mm && |
| 122 |
-- !ptrace_may_access(task, PTRACE_MODE_READ)) { |
| 123 |
-+ !ptrace_may_access(task, mode)) { |
| 124 |
- mmput(mm); |
| 125 |
- mm = ERR_PTR(-EACCES); |
| 126 |
- } |
| 127 |
-@@ -272,6 +214,11 @@ struct mm_struct *mm_for_maps(struct tas |
| 128 |
- return mm; |
| 129 |
- } |
| 130 |
- |
| 131 |
-+struct mm_struct *mm_for_maps(struct task_struct *task) |
| 132 |
-+{ |
| 133 |
-+ return mm_access(task, PTRACE_MODE_READ); |
| 134 |
-+} |
| 135 |
-+ |
| 136 |
- static int proc_pid_cmdline(struct task_struct *task, char * buffer) |
| 137 |
- { |
| 138 |
- int res = 0; |
| 139 |
-@@ -816,38 +763,39 @@ static const struct file_operations proc |
| 140 |
- |
| 141 |
- static int mem_open(struct inode* inode, struct file* file) |
| 142 |
- { |
| 143 |
-- file->private_data = (void*)((long)current->self_exec_id); |
| 144 |
-+ struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); |
| 145 |
-+ struct mm_struct *mm; |
| 146 |
-+ |
| 147 |
-+ if (!task) |
| 148 |
-+ return -ESRCH; |
| 149 |
-+ |
| 150 |
-+ mm = mm_access(task, PTRACE_MODE_ATTACH); |
| 151 |
-+ put_task_struct(task); |
| 152 |
-+ |
| 153 |
-+ if (IS_ERR(mm)) |
| 154 |
-+ return PTR_ERR(mm); |
| 155 |
-+ |
| 156 |
- /* OK to pass negative loff_t, we can catch out-of-range */ |
| 157 |
- file->f_mode |= FMODE_UNSIGNED_OFFSET; |
| 158 |
-+ file->private_data = mm; |
| 159 |
- return 0; |
| 160 |
- } |
| 161 |
- |
| 162 |
- static ssize_t mem_read(struct file * file, char __user * buf, |
| 163 |
- size_t count, loff_t *ppos) |
| 164 |
- { |
| 165 |
-- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); |
| 166 |
-+ int ret; |
| 167 |
- char *page; |
| 168 |
- unsigned long src = *ppos; |
| 169 |
-- int ret = -ESRCH; |
| 170 |
-- struct mm_struct *mm; |
| 171 |
-+ struct mm_struct *mm = file->private_data; |
| 172 |
- |
| 173 |
-- if (!task) |
| 174 |
-- goto out_no_task; |
| 175 |
-+ if (!mm) |
| 176 |
-+ return 0; |
| 177 |
- |
| 178 |
- ret = -ENOMEM; |
| 179 |
- page = (char *)__get_free_page(GFP_TEMPORARY); |
| 180 |
- if (!page) |
| 181 |
-- goto out; |
| 182 |
-- |
| 183 |
-- mm = check_mem_permission(task); |
| 184 |
-- ret = PTR_ERR(mm); |
| 185 |
-- if (IS_ERR(mm)) |
| 186 |
-- goto out_free; |
| 187 |
-- |
| 188 |
-- ret = -EIO; |
| 189 |
-- |
| 190 |
-- if (file->private_data != (void*)((long)current->self_exec_id)) |
| 191 |
-- goto out_put; |
| 192 |
-+ return -ENOMEM; |
| 193 |
- |
| 194 |
- ret = 0; |
| 195 |
- |
| 196 |
-@@ -874,13 +822,7 @@ static ssize_t mem_read(struct file * fi |
| 197 |
- } |
| 198 |
- *ppos = src; |
| 199 |
- |
| 200 |
--out_put: |
| 201 |
-- mmput(mm); |
| 202 |
--out_free: |
| 203 |
- free_page((unsigned long) page); |
| 204 |
--out: |
| 205 |
-- put_task_struct(task); |
| 206 |
--out_no_task: |
| 207 |
- return ret; |
| 208 |
- } |
| 209 |
- |
| 210 |
-@@ -889,27 +831,15 @@ static ssize_t mem_write(struct file * f |
| 211 |
- { |
| 212 |
- int copied; |
| 213 |
- char *page; |
| 214 |
-- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); |
| 215 |
- unsigned long dst = *ppos; |
| 216 |
-- struct mm_struct *mm; |
| 217 |
-+ struct mm_struct *mm = file->private_data; |
| 218 |
- |
| 219 |
-- copied = -ESRCH; |
| 220 |
-- if (!task) |
| 221 |
-- goto out_no_task; |
| 222 |
-+ if (!mm) |
| 223 |
-+ return 0; |
| 224 |
- |
| 225 |
-- copied = -ENOMEM; |
| 226 |
- page = (char *)__get_free_page(GFP_TEMPORARY); |
| 227 |
- if (!page) |
| 228 |
-- goto out_task; |
| 229 |
-- |
| 230 |
-- mm = check_mem_permission(task); |
| 231 |
-- copied = PTR_ERR(mm); |
| 232 |
-- if (IS_ERR(mm)) |
| 233 |
-- goto out_free; |
| 234 |
-- |
| 235 |
-- copied = -EIO; |
| 236 |
-- if (file->private_data != (void *)((long)current->self_exec_id)) |
| 237 |
-- goto out_mm; |
| 238 |
-+ return -ENOMEM; |
| 239 |
- |
| 240 |
- copied = 0; |
| 241 |
- while (count > 0) { |
| 242 |
-@@ -933,16 +863,18 @@ static ssize_t mem_write(struct file * f |
| 243 |
- } |
| 244 |
- *ppos = dst; |
| 245 |
- |
| 246 |
--out_mm: |
| 247 |
-- mmput(mm); |
| 248 |
--out_free: |
| 249 |
- free_page((unsigned long) page); |
| 250 |
--out_task: |
| 251 |
-- put_task_struct(task); |
| 252 |
--out_no_task: |
| 253 |
- return copied; |
| 254 |
- } |
| 255 |
- |
| 256 |
-+static int mem_release(struct inode *inode, struct file *file) |
| 257 |
-+{ |
| 258 |
-+ struct mm_struct *mm = file->private_data; |
| 259 |
-+ |
| 260 |
-+ mmput(mm); |
| 261 |
-+ return 0; |
| 262 |
-+} |
| 263 |
-+ |
| 264 |
- loff_t mem_lseek(struct file *file, loff_t offset, int orig) |
| 265 |
- { |
| 266 |
- switch (orig) { |
| 267 |
-@@ -964,6 +896,7 @@ static const struct file_operations proc |
| 268 |
- .read = mem_read, |
| 269 |
- .write = mem_write, |
| 270 |
- .open = mem_open, |
| 271 |
-+ .release = mem_release, |
| 272 |
- }; |
| 273 |
- |
| 274 |
- static ssize_t environ_read(struct file *file, char __user *buf, |
Archives