dump_emit() has a retry loop, but there seems to be no way for that retry
logic to actually be used; and it was also buggy, writing the same data
repeatedly after a short write.
Let's just bail out on a short write.
Suggested-by: Linus Torvalds
Signed-off-by: Jann Horn
---
fs/coredump.c | 22
the FDPIC ELF case at all; but 40 bytes per VMA shouldn't
be terribly bad.
Signed-off-by: Jann Horn
---
fs/binfmt_elf.c | 129 +--
fs/binfmt_elf_fdpic.c| 86 +-
fs/coredump.c| 69 +
include/lin
-by: Jann Horn
---
mm/gup.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 92519e5a44b3..bd0f7311c5c6 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1552,19 +1552,23 @@ static long __get_user_pages_locked(struct mm_struct
*mm, unsigned
-by: Jann Horn
---
fs/binfmt_elf_fdpic.c | 8 --
mm/gup.c | 57 +--
2 files changed, 28 insertions(+), 37 deletions(-)
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 50f845702b92..a53f83830986 100644
--- a/fs/binfmt_elf_fdpic.c
cutable mappings at offset !=0.
- NOMMU 32-bit ARM can still generate plausible-looking core dumps
through the FDPIC implementation. (I can't test this with GDB because
GDB is missing some structure definition for nommu ARM, but I've
poked around in the hexdump and it loo
ome of the LSM folks
might disagree with my opinion that that check is silly and should be
removed.)
But for now, I guess it might be fine to leave things as-is and not do
the extra credential switching.
> On Thu, Aug 13, 2020 at 08:30:21PM +0200, 'Jann Horn' via kernel-team wrote:
>
On Tue, Aug 18, 2020 at 3:40 PM Oleg Nesterov wrote:
> On 08/18, Jann Horn wrote:
> >
> > + if (dump_interrupted())
> > + return 0;
> > + n = __kernel_write(file, addr, nr, );
> > + if (n != nr)
> > + return 0;
> &
On Tue, Aug 18, 2020 at 10:18 AM Linus Torvalds
wrote:
> On Mon, Aug 17, 2020 at 11:13 PM Jann Horn wrote:
> >
> > /*
> > * If this looks like the beginning of a DSO or executable mapping,
> > +* we'll check for an ELF header. If we find one
sible.
- NOMMU 32-bit ARM can still generate plausible-looking core dumps
through the FDPIC implementation. (I can't test this with GDB because
GDB is missing some structure definition for nommu ARM, but I've
poked around in the hexdump and it looked decent.)
Jann Horn (5):
binfmt_elf_f
Both fs/binfmt_elf.c and fs/binfmt_elf_fdpic.c need to dump ranges of pages
into the coredump file. Extract that logic into a common helper.
Signed-off-by: Jann Horn
---
fs/binfmt_elf.c | 22 ++
fs/binfmt_elf_fdpic.c| 18 +++---
fs/coredump.c
dump_emit() has a retry loop, but there seems to be no way for that retry
logic to actually be used; and it was also buggy, writing the same data
repeatedly after a short write.
Let's just bail out on a short write.
Suggested-by: Linus Torvalds
Signed-off-by: Jann Horn
---
fs/coredump.c | 22
the FDPIC ELF case at all; but 40 bytes per VMA shouldn't
be terribly bad.
Signed-off-by: Jann Horn
---
fs/binfmt_elf.c | 166 ---
fs/binfmt_elf_fdpic.c| 86 ++--
fs/coredump.c| 69
include/linux/cor
-by: Jann Horn
---
fs/binfmt_elf_fdpic.c | 8 --
mm/gup.c | 57 +--
2 files changed, 28 insertions(+), 37 deletions(-)
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 50f845702b92..a53f83830986 100644
--- a/fs/binfmt_elf_fdpic.c
-by: Jann Horn
---
mm/gup.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 92519e5a44b3..bd0f7311c5c6 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1552,19 +1552,23 @@ static long __get_user_pages_locked(struct mm_struct
*mm, unsigned
tem.
Cc: sta...@vger.kernel.org
Fixes: da4458bda237 ("NOMMU: Make it possible for RomFS to use MTD devices
directly")
Signed-off-by: Jann Horn
---
fs/romfs/storage.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/romfs/storage.c b/fs/romfs/storage.c
index
On Fri, Aug 14, 2020 at 9:03 PM Andy Lutomirski wrote:
> > On Aug 14, 2020, at 11:16 AM, Eric Dumazet wrote:
> >
> > syzbot found its way in 86_fsgsbase_read_task() [1]
> >
> > Fix is to make sure ldt pointer is not NULL
>
> Acked-by: Andy Lutomirski
>
> Maybe add something like this to the
On Thu, Aug 13, 2020 at 3:28 PM Alessio Balsini wrote:
> On Wed, Aug 12, 2020 at 08:29:58PM +0200, 'Jann Horn' via kernel-team wrote:
[...]
> > On Wed, Aug 12, 2020 at 6:15 PM Alessio Balsini wrote:
> > > Add support for filesystem passthrough read/write of files when enabled
On Thu, Aug 13, 2020 at 12:57 AM wrote:
> The rcu_preempt_deferred_qs_irqrestore() function is invoked at
> the end of an RCU read-side critical section (for example, directly
> from rcu_read_unlock()) and, if .need_qs is set, invokes rcu_qs() to
> report the new quiescent state. This works,
[+Jens: can you have a look at that ->ki_filp switcheroo in
fuse_passthrough_read_write_iter() and help figure out whether that's
fine? This seems like your area of expertise.]
On Wed, Aug 12, 2020 at 6:15 PM Alessio Balsini wrote:
> Add support for filesystem passthrough read/write of files
On Tue, Aug 11, 2020 at 10:29 PM Miklos Szeredi wrote:
> On Tue, Aug 11, 2020 at 6:17 PM Casey Schaufler
> wrote:
> > Since ab has known meaning, and lots of applications
> > play loose with '/', its really dangerous to treat the string as
> > special. We only get away with '.' and '..'
On Tue, Aug 11, 2020 at 10:03 PM Peter Xu wrote:
> On Tue, Aug 11, 2020 at 09:07:17PM +0200, Jann Horn wrote:
> > On Tue, Aug 11, 2020 at 8:39 PM Peter Xu wrote:
> > > Starting from commit 17839856fd58 ("gup: document and work around "COW can
> > > break eith
On Tue, Aug 11, 2020 at 8:39 PM Peter Xu wrote:
> Starting from commit 17839856fd58 ("gup: document and work around "COW can
> break either way" issue", 2020-06-02), explicit copy-on-write behavior is
> enforced for private gup pages even if it's a read-only. It is achieved by
> always passing
On Tue, May 5, 2020 at 2:15 PM Christoph Hellwig wrote:
> On Tue, May 05, 2020 at 01:42:12PM +0200, Jann Horn wrote:
> > On Tue, May 5, 2020 at 12:48 PM Christoph Hellwig wrote:
> > > On Wed, Apr 29, 2020 at 11:49:50PM +0200, Jann Horn wrote:
> > > > dump_emit() is
On Tue, Aug 11, 2020 at 1:19 AM Linus Torvalds
wrote:
> On Mon, Aug 10, 2020 at 2:57 PM Peter Xu wrote:
> >
> > Yeah, that's why I totally agree we need to do enforced COW even for a read
> > gup
> > as long as the page can be further referenced (GET|PIN). However frankly
> > speaking I didn't
On Tue, Aug 11, 2020 at 12:43 AM Mickaël Salaün wrote:
> On 10/08/2020 22:21, Al Viro wrote:
> > On Mon, Aug 10, 2020 at 10:11:53PM +0200, Mickaël Salaün wrote:
> >> It seems that there is no more complains nor questions. Do you want me
> >> to send another series to fix the order of the S-o-b in
)
Reported-by: syzbot+e113a0b970b7b3f39...@syzkaller.appspotmail.com
Signed-off-by: Jann Horn
---
drivers/android/binder.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index f936530a19b0..5b0376344dbe 100644
--- a/drivers/android/binder.c
+++
On Thu, Aug 6, 2020 at 1:19 PM syzbot
wrote:
> syzbot suspects this issue was fixed by commit:
>
> commit 4b836a1426cb0f1ef2a6e211d7e553221594f8fc
> Author: Jann Horn
> Date: Mon Jul 27 12:04:24 2020 +
>
> binder: Prevent context manager from incrementing ref 0
[
On Tue, Jul 28, 2020 at 3:50 PM Martijn Coenen wrote:
> On Mon, Jul 27, 2020 at 2:04 PM Jann Horn wrote:
> > - task B opens /dev/binder once, creating binder_proc instance P3
> > - P3 calls P2 (via magic handle 0) with (void*)1 as argument (two-way
> >transactio
itionally, print a warning if someone manages to find another way to
trigger a transaction-to-self bug in the future.
Cc: sta...@vger.kernel.org
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Acked-by: Todd Kjos
Signed-off-by: Jann Horn
---
fixed that broken binder_user_erro
On Tue, Jul 14, 2020 at 6:16 PM Christian Brauner
wrote:
> Changing mount options always ends up taking lock_mount_hash() but when
> MNT_READONLY is requested and neither the mount nor the superblock are
> not already MNT_READONLY we end up taking the lock, dropping it, and
> retaking it to
On Fri, Jul 10, 2020 at 8:54 AM Greg Kroah-Hartman
wrote:
> On Fri, Jul 10, 2020 at 12:39:48AM +0200, Jann Horn wrote:
> > Binder is designed such that a binder_proc never has references to
> > itself. If this rule is violated, memory corruption can occur when a
> > proces
itionally, print a warning if someone manages to find another way to
trigger a transaction-to-self bug in the future.
Cc: sta...@vger.kernel.org
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Signed-off-by: Jann Horn
---
sending again because I forgot to CC LKML the first ti
On Thu, Jul 9, 2020 at 8:26 PM Kees Cook wrote:
> The sock counting (sock_update_netprioidx() and sock_update_classid())
> was missing from pidfd's implementation of received fd installation. Add
> a call to the new __receive_sock() helper.
[...]
> diff --git a/kernel/pid.c b/kernel/pid.c
[...]
>
> 653 | int __init early_xdbc_setup_hardware(void)
> | ^
> drivers/usb/early/xhci-dbc.c:910:13: warning: no previous prototype for
> ‘early_xdbc_register_console’ [-Wmissing-prototypes]
> 910 | void __init early_xdbc_register_console(void)
> | ^~
On Tue, Jun 23, 2020 at 7:26 PM Kristen Carlson Accardi
wrote:
> This patch makes /proc/kallsyms display alphabetically by symbol
> name rather than sorted by address in order to hide the newly
> randomized address layout.
[...]
> +static int sorted_show(struct seq_file *m, void *p)
> +{
> +
On Tue, Jun 23, 2020 at 6:30 PM Dmitry Safonov wrote:
> show_trace_log_lvl() provides x86 platform-specific way to unwind
> backtrace with a given log level. Unfortunately, registers dump(s) are
> not printed with the same log level - instead, KERN_DEFAULT is always
> used.
>
> Arista's switches
On Mon, Jun 22, 2020 at 11:30 PM Kees Cook wrote:
> On Mon, Jun 22, 2020 at 10:07:37PM +0200, Jann Horn wrote:
> > On Mon, Jun 22, 2020 at 9:31 PM Kees Cook wrote:
> > > This provides the ability for architectures to enable kernel stack base
> > > address offset
On Mon, Jun 22, 2020 at 9:31 PM Kees Cook wrote:
> This provides the ability for architectures to enable kernel stack base
> address offset randomization. This feature is controlled by the boot
> param "randomize_kstack_offset=on/off", with its default value set by
>
On Thu, Jun 18, 2020 at 6:42 PM Steven Rostedt wrote:
>
> On Thu, 18 Jun 2020 01:12:37 +0200
> Jann Horn wrote:
>
> > static ftrace_func_t ftrace_ops_get_list_func(struct ftrace_ops *ops)
> > +static ftrace_asm_func_t ftrace_ops_get_list_fun
On Thu, Jun 18, 2020 at 3:50 PM Adrian Reber wrote:
> The current process is authorized to change its /proc/self/exe link via
> two policies:
> 1) The current user can do checkpoint/restore In other words is
>CAP_SYS_ADMIN or CAP_CHECKPOINT_RESTORE capable.
> 2) The current user can use
On Thu, Jun 18, 2020 at 12:36 AM Steven Rostedt wrote:
> On Wed, 17 Jun 2020 23:30:07 +0200
> Jann Horn wrote:
> > [...]
> > > +/* Defined by vmlinux.lds.h see the commment above
> > > arch_ftrace_ops_list_func for details */
> > > +void ftrace_ops_li
On Wed, Jun 17, 2020 at 10:56 PM Steven Rostedt wrote:
> In an effort to enable -Wcast-function-type in the top-level Makefile to
> support Control Flow Integrity builds, all function casts need to be
> removed.
>
> This means that ftrace_ops_list_func() can no longer be defined as
>
On Wed, Jun 17, 2020 at 5:30 PM Andy Lutomirski wrote:
>
> On Wed, Jun 17, 2020 at 8:25 AM Jann Horn wrote:
> >
> > On Tue, Jun 16, 2020 at 9:49 AM Kees Cook wrote:
> > > For systems that provide multiple syscall maps based on architectures
> > > (e.g. AUDIT
On Tue, Jun 16, 2020 at 9:49 AM Kees Cook wrote:
> For systems that provide multiple syscall maps based on architectures
> (e.g. AUDIT_ARCH_X86_64 and AUDIT_ARCH_I386 via CONFIG_COMPAT), allow
> a fast way to pin the process to a specific syscall mapping, instead of
> needing to generate all
On Tue, Jun 16, 2020 at 5:49 PM Kees Cook wrote:
> On Tue, Jun 16, 2020 at 02:14:47PM +0200, Jann Horn wrote:
> > Wouldn't it be simpler to use a function that can run a subset of
> > seccomp cBPF and bails out on anything that indicates that a syscall's
> > handling is compl
On Tue, Jun 16, 2020 at 9:49 AM Kees Cook wrote:
> One of the most common pain points with seccomp filters has been dealing
> with the overhead of processing the filters, especially for "always allow"
> or "always reject" cases. While BPF is extremely fast[1], it will always
> have overhead
On Tue, Jun 16, 2020 at 11:13 AM Stefano Garzarella wrote:
> On Mon, Jun 15, 2020 at 11:00:25AM -0600, Jens Axboe wrote:
> > On 6/15/20 7:33 AM, Stefano Garzarella wrote:
> > > On Mon, Jun 15, 2020 at 11:04:06AM +0200, Jann Horn wrote:
> > >> +Kees, Christian, Sa
On Tue, Jun 16, 2020 at 12:01 AM Christian Brauner
wrote:
>
> On Mon, Jun 15, 2020 at 11:04:06AM +0200, Jann Horn wrote:
> > +Kees, Christian, Sargun, Aleksa, kernel-hardening for their opinions
> > on seccomp-related aspects
>
> Just fyi, I'm on holiday this week so my r
On Sat, Jun 13, 2020 at 9:26 AM Sargun Dhillon wrote:
> This introduces an extensibility mechanism to receive seccomp
> notifications. It uses read(2), as opposed to using an ioctl. The listener
> must be first configured to write the notification via the
> SECCOMP_IOCTL_NOTIF_CONFIG ioctl with
+Kees, Christian, Sargun, Aleksa, kernel-hardening for their opinions
on seccomp-related aspects
On Tue, Jun 9, 2020 at 4:24 PM Stefano Garzarella wrote:
> Hi Jens,
> Stefan and I have a proposal to share with io_uring community.
> Before implementing it we would like to discuss it to receive
On Sun, Jun 14, 2020 at 10:03 AM Dmitry Vyukov wrote:
> On Tue, Mar 10, 2020 at 9:10 AM Dmitry Vyukov wrote:
> > On Tue, Mar 10, 2020 at 7:15 AM Nathan Chancellor
> > wrote:
> > >
> > > On Mon, Mar 09, 2020 at 09:20:58AM +0100, Dmitry Vyukov wrote:
> > &
On Thu, Jun 11, 2020 at 10:24 PM Linus Torvalds
wrote:
>
> On Wed, Jun 10, 2020 at 9:05 PM kernel test robot
> wrote:
> >
> > FYI, we noticed a 2158.6% improvement of stress-ng.vm-splice.ops_per_sec
> > due to commit:
> >
> > commit: 17839856fd588f4ab6b789f482ed3ffd7c403e1f ("gup: document and
On Mon, Mar 2, 2020 at 8:36 PM Minchan Kim wrote:
> From: Oleksandr Natalenko
>
> It all began with the fact that KSM works only on memory that is marked
> by madvise(). And the only way to get around that is to either:
[...]
> To overcome this restriction, lets employ a new remote madvise API.
On Thu, Jun 4, 2020 at 4:21 PM Alexander Popov wrote:
> On 04.06.2020 17:14, Jann Horn wrote:
> > Maybe at some point we should replace exclusions based on
> > GCC_PLUGINS_CFLAGS and KASAN_SANITIZE and UBSAN_SANITIZE and
> > OBJECT_FILES_NON_STANDARD and so on with s
On Thu, Jun 4, 2020 at 3:58 PM Will Deacon wrote:
> On Thu, Jun 04, 2020 at 04:49:57PM +0300, Alexander Popov wrote:
> > Don't try instrumenting functions in arch/arm64/kernel/vdso/vgettimeofday.c.
> > Otherwise that can cause issues if the cleanup pass of stackleak gcc plugin
> > is disabled.
>
On Thu, Jun 4, 2020 at 3:51 PM Alexander Popov wrote:
> Some time ago Variable Length Arrays (VLA) were removed from the kernel.
> The kernel is built with '-Wvla'. Let's exclude alloca() from the
> instrumentation logic and make it simpler. The build-time assertion
> against alloca() is added
On Sat, May 30, 2020 at 4:43 AM Kees Cook wrote:
> I mean, yes, that's certainly better, but it just seems a shame that
> everyone has to do the get_unused/put_unused dance just because of how
> SCM_RIGHTS does this weird put_user() in the middle.
>
> Can anyone clarify the expected failure mode
On Fri, May 29, 2020 at 1:11 AM Kees Cook wrote:
> On Thu, May 28, 2020 at 05:14:11PM +0200, Christian Brauner wrote:
> > * @usage: reference count to manage the object lifetime.
> > * get/put helpers should be used when accessing an instance
> > * outside of a
On Thu, May 28, 2020 at 3:59 AM Kees Cook wrote:
> On Thu, May 28, 2020 at 01:16:46AM +0200, Christian Brauner wrote:
> > I'm also starting to think this isn't even possible or currently doable
> > safely.
> > The fdtable in the kernel would end up with a dangling pointer, I would
> > think.
On Wed, May 27, 2020 at 1:19 PM Christian Brauner
wrote:
> We've been making heavy use of the seccomp notifier to intercept and
> handle certain syscalls for containers. This patch allows a syscall
> supervisor listening on a given notifier to be notified when a seccomp
> filter has become
On Tue, May 26, 2020 at 9:01 PM Christine Flood wrote:
> Java applications suffer from slow startup times due to dynamic class loading
> and warming up the Just In Time compilers. Not all Java users have root
> access on their machines. Enabling CRIU in user mode solves this problem for
>
On Fri, May 22, 2020 at 7:55 AM Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
>
> Over the last years CRIU upstream has been asked a couple of time if it
> is possible to checkpoint and restore a process as non-root. The answer
> usually was: 'almost'.
>
On Mon, May 18, 2020 at 11:05 PM Kees Cook wrote:
> ## deep argument inspection
>
> Background: seccomp users would like to write filters that traverse
> the user pointers passed into many syscalls, but seccomp can't do this
> dereference for a variety of reasons (mostly involving race conditions
On Mon, May 18, 2020 at 3:03 PM Christian Brauner
wrote:
> Also - gulp (puts on flame proof suit) - may I suggest we check if there
> are any distros out there that still set CONFIG_USELIB=y
Debian seems to have it enabled on x86...
the entire file uses four spaces to
indent, so I don't think there's anything I can reasonably do about that.)
Signed-off-by: Jann Horn
---
lib/zlib_inflate/inffast.c | 91 +++---
1 file changed, 35 insertions(+), 56 deletions(-)
diff --git a/lib/zlib_inflate/inffast.
On Tue, May 5, 2020 at 1:04 PM Christoph Hellwig wrote:
> On Wed, Apr 29, 2020 at 11:49:53PM +0200, Jann Horn wrote:
> > In both binfmt_elf and binfmt_elf_fdpic, use a new helper
> > dump_vma_snapshot() to take a snapshot of the VMA list (including the gate
> > VMA,
On Tue, May 5, 2020 at 12:50 PM Christoph Hellwig wrote:
> On Wed, Apr 29, 2020 at 11:49:52PM +0200, Jann Horn wrote:
> > Both fs/binfmt_elf.c and fs/binfmt_elf_fdpic.c need to dump ranges of pages
> > into the coredump file. Extract that logic into a common helper.
> >
On Tue, May 5, 2020 at 12:48 PM Christoph Hellwig wrote:
> On Wed, Apr 29, 2020 at 11:49:50PM +0200, Jann Horn wrote:
> > dump_emit() is for kernel pointers, and VMAs describe userspace memory.
> > Let's be tidy here and avoid accessing userspace pointers under KERNEL_DS,
> >
On Mon, May 4, 2020 at 11:18 PM Mimi Zohar wrote:
> Files can be mmap'ed read/write and later changed to execute to circumvent
> IMA's mmap appraise policy rules. Due to locking issues (mmap semaphore
> would be taken prior to i_mutex), files can not be measured or appraised at
> this point.
On Mon, May 4, 2020 at 6:52 PM Will Deacon wrote:
> On Mon, Apr 27, 2020 at 01:45:46PM -0700, Sami Tolvanen wrote:
> > On Fri, Apr 24, 2020 at 12:21:14PM +0100, Will Deacon wrote:
> > > Also, since you mentioned the lack of redzoning, isn't it a bit dodgy
> > > allocating blindly out of the
On Sat, May 2, 2020 at 2:10 PM Pavel Begunkov wrote:
> export do_tee() for use in io_uring
[...]
> diff --git a/fs/splice.c b/fs/splice.c
[...]
> * The 'flags' used are the SPLICE_F_* variants, currently the only
> * applicable one is SPLICE_F_NONBLOCK.
> */
> -static long do_tee(struct
The following commit has been merged into the sched/core branch of tip:
Commit-ID: 586b58cac8b4683eb58a1446fbc399de18974e40
Gitweb:
https://git.kernel.org/tip/586b58cac8b4683eb58a1446fbc399de18974e40
Author:Jann Horn
AuthorDate:Thu, 05 Mar 2020 23:06:57 +01:00
Committer
On Thu, Apr 30, 2020 at 5:26 AM Linus Torvalds
wrote:
> On Wed, Apr 29, 2020 at 8:00 PM Jann Horn wrote:
> >
> > But if we go with Bernd's approach together with your restart
> > suggestion,
>
> So repeat after me: Bernd's approach _without_ the restart is unaccept
On Thu, Apr 30, 2020 at 4:20 AM Linus Torvalds
wrote:
> On Wed, Apr 29, 2020 at 6:08 PM Bernd Edlinger
> wrote:
> >
> > I added the BIG FAT WARNNIG comments as a mitigation for that.
> > Did you like those comments?
>
> No.
>
> What's the point olf saying "THIS CODE IS GARBAGE" and then
On Thu, Apr 30, 2020 at 1:22 AM Linus Torvalds
wrote:
> On Wed, Apr 29, 2020 at 3:38 PM Linus Torvalds
> wrote:
> >
> > If you do it properly, with a helper function instead of repeating
> > that fragile nasty thing, maybe it will look better to me.
>
> Side note: if it has a special helper
-by: Jann Horn
---
mm/gup.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 9a7e83772f1fe..03f659ddd830a 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1548,19 +1548,23 @@ static long __get_user_pages_locked(struct task_struct
*tsk
.
Signed-off-by: Jann Horn
---
fs/binfmt_elf.c | 22 ++
fs/binfmt_elf_fdpic.c| 18 +++---
fs/coredump.c| 33 +
include/linux/coredump.h | 2 ++
mm/gup.c | 2 --
5 files changed, 40 insertions
DPIC ELF case at all; but 40 bytes per VMA shouldn't
be terribly bad.
Signed-off-by: Jann Horn
---
fs/binfmt_elf.c | 152 +--
fs/binfmt_elf_fdpic.c| 86 ++
fs/coredump.c| 68 ++
include/linux/cor
move it out of the CONFIG_MMU block.
Signed-off-by: Jann Horn
---
fs/binfmt_elf_fdpic.c | 8 --
mm/gup.c | 58 +--
2 files changed, 29 insertions(+), 37 deletions(-)
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index
dump_emit() has a retry loop, but there seems to be no way for that retry
logic to actually be used; and it was also buggy, writing the same data
repeatedly after a short write.
Let's just bail out on a short write.
Suggested-by: Linus Torvalds
Signed-off-by: Jann Horn
---
fs/coredump.c | 22
icated cache flushing in
"Take mmap_sem in get_dump_page()" (Linus)
Jann Horn (5):
binfmt_elf_fdpic: Stop using dump_emit() on user pointers on !MMU
coredump: Let dump_emit() bail out on short writes
coredump: Refactor page range dumping into common helper
binfmt_elf, binfmt_elf_fd
On Wed, Apr 29, 2020 at 10:20 PM Bernd Edlinger
wrote:
> On 4/29/20 9:26 PM, Jann Horn wrote:
> > On Wed, Apr 29, 2020 at 9:23 PM Bernd Edlinger
> > wrote:
> >> On 4/29/20 7:58 PM, Linus Torvalds wrote:
> >>> On Tue, Apr 28, 2020 at 4:36 PM Jann Horn wrote
On Wed, Apr 29, 2020 at 9:23 PM Bernd Edlinger
wrote:
> On 4/29/20 7:58 PM, Linus Torvalds wrote:
> > On Tue, Apr 28, 2020 at 4:36 PM Jann Horn wrote:
> >>
> >> On Wed, Apr 29, 2020 at 12:14 AM Linus Torvalds
> >> wrote:
> >>>
> >>&g
On Wed, Apr 29, 2020 at 7:58 PM Linus Torvalds
wrote:
> On Tue, Apr 28, 2020 at 4:36 PM Jann Horn wrote:
> >
> > On Wed, Apr 29, 2020 at 12:14 AM Linus Torvalds
> > wrote:
> > >
> > > - we move check_unsafe_exec() down. As far as I can tell, there's no
&
On Wed, Apr 29, 2020 at 4:46 AM Al Viro wrote:
> On Wed, Apr 29, 2020 at 04:31:04AM +0200, Jann Horn wrote:
> > I'm guessing this will go through akpm's tree?
> >
> > fs/eventpoll.c | 7 ---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
>
ep_take_care_of_epollwakeup() is a kernel-internal function (it calls
capable()) and therefore does not belong in a UAPI header.
Since nothing outside fs/eventpoll.c uses it, move it over there.
Signed-off-by: Jann Horn
---
fs/eventpoll.c | 13 +
include/uapi/linux
for
pre-v4.13? (Sorry, I wasn't sure how to properly express this as a "Fixes:"
tag.)
Cc: sta...@vger.kernel.org
Fixes: 4d7e30d98939 ("epoll: Add a flag, EPOLLWAKEUP, to prevent suspend while
epoll events are ready")
Signed-off-by: Jann Horn
---
I'm guessing this will go thro
On Wed, Apr 29, 2020 at 12:14 AM Linus Torvalds
wrote:
> On Tue, Apr 28, 2020 at 2:53 PM Jann Horn wrote:
> >
> > You don't need LSM_UNSAFE_PTRACE if the tracer has already passed a
> > ptrace_may_access() check against the post-execve creds of the target
> > - that
On Tue, Apr 28, 2020 at 11:21 PM Florian Weimer wrote:
> * Jann Horn:
>
> > Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
> > the dynamic linker.
>
> Absolutely. In typical configurations, the kernel does not enforce
> that executable mappi
On Tue, Apr 28, 2020 at 11:37 PM Linus Torvalds
wrote:
> On Tue, Apr 28, 2020 at 2:06 PM Jann Horn wrote:
> > In execve:
> >
> > - After the point of no return, but before we start waiting for the
> >other threads to go away, finish calculating our post-execve
On Tue, Apr 28, 2020 at 10:36 PM Linus Torvalds
wrote:
> On Tue, Apr 28, 2020 at 12:08 PM Oleg Nesterov wrote:
> >
> > Oops. I can update that old patch but somehow I thought there is a better
> > plan which I don't yet understand...
>
> I don't think any plan survived reality.
>
> Unless we
On Tue, Apr 28, 2020 at 7:51 PM Mickaël Salaün wrote:
> The goal of this patch series is to enable to control script execution
> with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
> openat2(2), is added to enable userspace script interpreter to delegate
> to the kernel (and thus
ernel vm_area for buffer space")
Cc: sta...@vger.kernel.org
Signed-off-by: Jann Horn
---
drivers/android/binder_alloc.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 21952dfa147d..539385634151
.
And the up_read()+mmput() shouldn't be duplicated like that.
Cc: sta...@vger.kernel.org
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Signed-off-by: Jann Horn
---
drivers/android/binder_alloc.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drive
droid: binder: Add page usage in binder stats")
Cc: sta...@vger.kernel.org
Signed-off-by: Jann Horn
---
drivers/android/binder_alloc.c | 22 ++
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index
On Fri, Oct 18, 2019 at 6:14 PM Sami Tolvanen wrote:
> This change adds generic support for Clang's Shadow Call Stack, which
> uses a shadow stack to protect return addresses from being overwritten
> by an attacker. Details are available here:
>
>
On Fri, Oct 18, 2019 at 6:16 PM Sami Tolvanen wrote:
> This change implements shadow stack switching, initial SCS set-up,
> and interrupt shadow stacks for arm64.
[...]
> +static inline void scs_save(struct task_struct *tsk)
> +{
> + void *s;
> +
> + asm volatile("mov %0, x18" : "=r"
vm_insert_page() does increment the page refcount, and just to be sure,
I've confirmed it by printing page_count(page[0].page_ptr) before and after
vm_insert_page(). It's 1 before, 2 afterwards, as expected.
Signed-off-by: Jann Horn
---
drivers/android/binder_alloc.c | 1 -
1 file changed, 1
SZ_1K has been defined in include/linux/sizes.h since v3.6. Get rid of the
duplicate definition.
Signed-off-by: Jann Horn
---
drivers/android/binder.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 265d9dd46a5e
40UL, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
if (data_mapping == MAP_FAILED) err(1, "mmap data");
munmap(binder_mapping, 0x80UL);
*(char*)data_mapping = 1;
return 0;
}
Cc: sta...@vger.kernel.org
Signed-off-by: Jann Horn
---
drivers/android/binder.c | 7 ---
301 - 400 of 1477 matches
Mail list logo