From: Greg Kroah-Hartman Date: Tue, 31 Dec 2013 06:00:56 +0000 (-0800) Subject: 3.4-stable patches X-Git-Tag: v3.4.76~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c27514e1f42e406bf03eb9205209ac45090dee1;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: selinux-fix-broken-peer-recv-check.patch selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch xfs-fix-infinite-loop-by-detaching-the-group-project-hints-from-user-dquot.patch --- diff --git a/queue-3.4/selinux-fix-broken-peer-recv-check.patch b/queue-3.4/selinux-fix-broken-peer-recv-check.patch new file mode 100644 index 00000000000..93026e9dc0a --- /dev/null +++ b/queue-3.4/selinux-fix-broken-peer-recv-check.patch @@ -0,0 +1,35 @@ +From 46d01d63221c3508421dd72ff9c879f61053cffc Mon Sep 17 00:00:00 2001 +From: Chad Hanson +Date: Mon, 23 Dec 2013 17:45:01 -0500 +Subject: selinux: fix broken peer recv check + +From: Chad Hanson + +commit 46d01d63221c3508421dd72ff9c879f61053cffc upstream. + +Fix a broken networking check. Return an error if peer recv fails. If +secmark is active and the packet recv succeeds the peer recv error is +ignored. + +Signed-off-by: Chad Hanson +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/hooks.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -4240,8 +4240,10 @@ static int selinux_socket_sock_rcv_skb(s + } + err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, + PEER__RECV, &ad); +- if (err) ++ if (err) { + selinux_netlbl_err(skb, err, 0); ++ return err; ++ } + } + + if (secmark_active) { diff --git a/queue-3.4/selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch b/queue-3.4/selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch new file mode 100644 index 00000000000..eec4817f8ab --- /dev/null +++ b/queue-3.4/selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch @@ -0,0 +1,43 @@ +From c0c1439541f5305b57a83d599af32b74182933fe Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Mon, 23 Dec 2013 17:45:01 -0500 +Subject: selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock() + +From: Oleg Nesterov + +commit c0c1439541f5305b57a83d599af32b74182933fe upstream. + +selinux_setprocattr() does ptrace_parent(p) under task_lock(p), +but task_struct->alloc_lock doesn't pin ->parent or ->ptrace, +this looks confusing and triggers the "suspicious RCU usage" +warning because ptrace_parent() does rcu_dereference_check(). + +And in theory this is wrong, spin_lock()->preempt_disable() +doesn't necessarily imply rcu_read_lock() we need to access +the ->parent. + +Reported-by: Evan McNabb +Signed-off-by: Oleg Nesterov +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/hooks.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -5445,11 +5445,11 @@ static int selinux_setprocattr(struct ta + /* Check for ptracing, and update the task SID if ok. + Otherwise, leave SID unchanged and fail. */ + ptsid = 0; +- task_lock(p); ++ rcu_read_lock(); + tracer = ptrace_parent(p); + if (tracer) + ptsid = task_sid(tracer); +- task_unlock(p); ++ rcu_read_unlock(); + + if (tracer) { + error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, diff --git a/queue-3.4/series b/queue-3.4/series index 36f7fa2c4d5..ff886e9e129 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -6,3 +6,5 @@ tty-pmac_zilog-check-existence-of-ports-in-pmz_console_init.patch asoc-wm8904-fix-dsp-mode-b-configuration.patch alsa-add-sndrv_pcm_state_paused-case-in-wait_for_avail-function.patch usb-cdc-wdm-manage_power-should-always-set-needs_remote_wakeup.patch +selinux-fix-broken-peer-recv-check.patch +selinux-selinux_setprocattr-ptrace_parent-needs-rcu_read_lock.patch