]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aab1775)
5.11-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 8 Mar 2021 11:27:01 +0000 (12:27 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 8 Mar 2021 11:27:01 +0000 (12:27 +0100)
added patches:
tomoyo-recognize-kernel-threads-correctly.patch

queue-5.11/series patch | blob | blame | history
queue-5.11/tomoyo-recognize-kernel-threads-correctly.patch [new file with mode: 0644] patch | blob

diff --git a/queue-5.11/series b/queue-5.11/series
index 5598408fd344eb703b02867640f0781d0866522d..556015f9c69995f79cfc7efbfb80a4e51a713dda 100644 (file)
--- a/queue-5.11/series
+++ b/queue-5.11/series
@@ -40,3 +40,4 @@ iommu-tegra-smmu-fix-mc-errors-on-tegra124-nyan.patch
 iommu-don-t-use-lazy-flush-for-untrusted-device.patch
 iommu-vt-d-fix-status-code-for-allocate-free-pasid-c.patch
 btrfs-zoned-use-sector_t-for-zone-sectors.patch
+tomoyo-recognize-kernel-threads-correctly.patch
diff --git a/queue-5.11/tomoyo-recognize-kernel-threads-correctly.patch b/queue-5.11/tomoyo-recognize-kernel-threads-correctly.patch
new file mode 100644 (file)
index 0000000..975c894
--- /dev/null
+++ b/queue-5.11/tomoyo-recognize-kernel-threads-correctly.patch
@@ -0,0 +1,34 @@
+From 9c83465f3245c2faa82ffeb7016f40f02bfaa0ad Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Mon, 1 Feb 2021 11:53:05 +0900
+Subject: tomoyo: recognize kernel threads correctly
+
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+
+commit 9c83465f3245c2faa82ffeb7016f40f02bfaa0ad upstream.
+
+Commit db68ce10c4f0a27c ("new helper: uaccess_kernel()") replaced
+segment_eq(get_fs(), KERNEL_DS) with uaccess_kernel(). But the correct
+method for tomoyo to check whether current is a kernel thread in order
+to assume that kernel threads are privileged for socket operations was
+(current->flags & PF_KTHREAD). Now that uaccess_kernel() became 0 on x86,
+tomoyo has to fix this problem. Do like commit 942cb357ae7d9249 ("Smack:
+Handle io_uring kernel thread privileges") does.
+
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/tomoyo/network.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/tomoyo/network.c
++++ b/security/tomoyo/network.c
+@@ -613,7 +613,7 @@ static int tomoyo_check_unix_address(str
+ static bool tomoyo_kernel_service(void)
+ {
+       /* Nothing to do if I am a kernel service. */
+-      return uaccess_kernel();
++      return (current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD;
+ }
+ /**
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git