+++ /dev/null
-From 47b47fc59d25cad965dabdcc10a9261e63d168cf Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index 2e4f017f7c5a..03fc0152cc54 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -2005,7 +2005,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
configfs-fix-a-use-after-free-in-__configfs_open_fil.patch
stop_machine-mark-helpers-__always_inline.patch
include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
powerpc-64s-fix-instruction-encoding-for-lis-in-ppc_function_entry.patch
binfmt_misc-fix-possible-deadlock-in-bm_register_write.patch
hwmon-lm90-fix-max6658-sporadic-wrong-temperature-reading.patch
+++ /dev/null
-From a1fd7d2e22b7f94b9bc2e83180d2880a0974b89a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index baf60a3aa34b..81ed6023d01b 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -2069,7 +2069,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
hrtimer-update-softirq_expires_next-correctly-after-.patch
stop_machine-mark-helpers-__always_inline.patch
include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
powerpc-64s-fix-instruction-encoding-for-lis-in-ppc_function_entry.patch
binfmt_misc-fix-possible-deadlock-in-bm_register_write.patch
x86-unwind-orc-disable-kasan-checking-in-the-orc-unwinder-part-2.patch
+++ /dev/null
-From 6c68e2f8d2f09af655f81c176bf6e5100a34a8da Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index e98664039cb2..8ac977df4dd4 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -1910,7 +1910,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
staging-comedi-pcl818-fix-endian-problem-for-ai-command-data.patch
nfsv4.2-fix-return-value-of-_nfs4_get_security_label.patch
block-rsxx-fix-error-return-code-of-rsxx_pci_probe.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
alpha-add-src-rather-than-obj-to-make-source-file-path.patch
alpha-merge-build-rules-of-division-routines.patch
alpha-make-short-build-log-available-for-division-routines.patch
+++ /dev/null
-From 941b8d3cf860169527e80a665fb4320460bec106 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index 546cdc911dad..76b3d9262644 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -1910,7 +1910,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
nfsv4.2-fix-return-value-of-_nfs4_get_security_label.patch
block-rsxx-fix-error-return-code-of-rsxx_pci_probe.patch
configfs-fix-a-use-after-free-in-__configfs_open_fil.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
alpha-add-src-rather-than-obj-to-make-source-file-path.patch
alpha-merge-build-rules-of-division-routines.patch
alpha-make-short-build-log-available-for-division-routines.patch
+++ /dev/null
-From c82294f7036c82b48b3fe96460ae73a437474eb2 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index a730c03ee607..2603280b97be 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -2079,7 +2079,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
seqlock-lockdep-fix-seqcount_latch_init.patch
stop_machine-mark-helpers-__always_inline.patch
include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
zram-fix-return-value-on-writeback_store.patch
linux-compiler-clang.h-define-have_builtin_bswap.patch
sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch
+++ /dev/null
-From 4c2dea371361044b4b321e251f65fbaa9bda03ff Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index 51f00fe20e4d..7cf21c947649 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -2080,7 +2080,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
memblock-fix-section-mismatch-warning.patch
stop_machine-mark-helpers-__always_inline.patch
include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
zram-fix-return-value-on-writeback_store.patch
zram-fix-broken-page-writeback.patch
linux-compiler-clang.h-define-have_builtin_bswap.patch
+++ /dev/null
-From 00ed686852c3c89957a82274bd1cae70422dc256 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Mar 2021 23:51:14 +0300
-Subject: prctl: fix PR_SET_MM_AUXV kernel stack leak
-
-From: Alexey Dobriyan <adobriyan@gmail.com>
-
-[ Upstream commit c995f12ad8842dbf5cfed113fb52cdd083f5afd1 ]
-
-Doing a
-
- prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
-
-will copy 1 byte from userspace to (quite big) on-stack array
-and then stash everything to mm->saved_auxv.
-AT_NULL terminator will be inserted at the very end.
-
-/proc/*/auxv handler will find that AT_NULL terminator
-and copy original stack contents to userspace.
-
-This devious scheme requires CAP_SYS_RESOURCE.
-
-Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- kernel/sys.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/sys.c b/kernel/sys.c
-index 3459a5ce0da0..867ec3e003fd 100644
---- a/kernel/sys.c
-+++ b/kernel/sys.c
-@@ -2062,7 +2062,7 @@ static int prctl_set_auxv(struct mm_struct *mm, unsigned long addr,
- * up to the caller to provide sane values here, otherwise userspace
- * tools which use this vector might be unhappy.
- */
-- unsigned long user_auxv[AT_VECTOR_SIZE];
-+ unsigned long user_auxv[AT_VECTOR_SIZE] = {};
-
- if (len > sizeof(user_auxv))
- return -EINVAL;
---
-2.30.1
-
hrtimer-update-softirq_expires_next-correctly-after-.patch
stop_machine-mark-helpers-__always_inline.patch
include-linux-sched-mm.h-use-rcu_dereference-in-in_v.patch
-prctl-fix-pr_set_mm_auxv-kernel-stack-leak.patch
zram-fix-return-value-on-writeback_store.patch
sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch
powerpc-64s-fix-instruction-encoding-for-lis-in-ppc_function_entry.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
