--- /dev/null
+From 46d01d63221c3508421dd72ff9c879f61053cffc Mon Sep 17 00:00:00 2001
+From: Chad Hanson <chanson@trustedcs.com>
+Date: Mon, 23 Dec 2013 17:45:01 -0500
+Subject: selinux: fix broken peer recv check
+
+From: Chad Hanson <chanson@trustedcs.com>
+
+commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream.
+
+Fix a broken networking check. Return an error if peer recv fails. If
+secmark is active and the packet recv succeeds the peer recv error is
+ignored.
+
+Signed-off-by: Chad Hanson <chanson@trustedcs.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/hooks.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -4240,8 +4240,10 @@ static int selinux_socket_sock_rcv_skb(s
+ }
+ err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
+ PEER__RECV, &ad);
+- if (err)
++ if (err) {
+ selinux_netlbl_err(skb, err, 0);
++ return err;
++ }
+ }
+
+ if (secmark_active) {
--- /dev/null
+From c0c1439541f5305b57a83d599af32b74182933fe Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Mon, 23 Dec 2013 17:45:01 -0500
+Subject: selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit c0c1439541f5305b57a83d599af32b74182933fe upstream.
+
+selinux_setprocattr() does ptrace_parent(p) under task_lock(p),
+but task_struct->alloc_lock doesn't pin ->parent or ->ptrace,
+this looks confusing and triggers the "suspicious RCU usage"
+warning because ptrace_parent() does rcu_dereference_check().
+
+And in theory this is wrong, spin_lock()->preempt_disable()
+doesn't necessarily imply rcu_read_lock() we need to access
+the ->parent.
+
+Reported-by: Evan McNabb <emcnabb@redhat.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/hooks.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -5445,11 +5445,11 @@ static int selinux_setprocattr(struct ta
+ /* Check for ptracing, and update the task SID if ok.
+ Otherwise, leave SID unchanged and fail. */
+ ptsid = 0;
+- task_lock(p);
++ rcu_read_lock();
+ tracer = ptrace_parent(p);
+ if (tracer)
+ ptsid = task_sid(tracer);
+- task_unlock(p);
++ rcu_read_unlock();
+
+ if (tracer) {
+ error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
asoc-wm8904-fix-dsp-mode-b-configuration.patch
alsa-add-sndrv_pcm_state_paused-case-in-wait_for_avail-function.patch
usb-cdc-wdm-manage_power-should-always-set-needs_remote_wakeup.patch
+selinux-fix-broken-peer-recv-check.patch
+selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
