From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 4 Apr 2019 06:35:24 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.9.168~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e1676b55d874a43646e8b2c46d87f2f3e45516ff;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch
---

diff --git a/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch b/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch
new file mode 100644
index 00000000000..79c55dd629d
--- /dev/null
+++ b/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch
@@ -0,0 +1,57 @@
+From 9f834ec18defc369d73ccf9e87a2790bfa05bf46 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 22 Aug 2016 16:41:46 -0700
+Subject: binfmt_elf: switch to new creds when switching to new mm
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 upstream.
+
+We used to delay switching to the new credentials until after we had
+mapped the executable (and possible elf interpreter).  That was kind of
+odd to begin with, since the new executable will actually then _run_
+with the new creds, but whatever.
+
+The bigger problem was that we also want to make sure that we turn off
+prof events and tracing before we start mapping the new executable
+state.  So while this is a cleanup, it's also a fix for a possible
+information leak.
+
+Reported-by: Robert ÅwiÄcki <robert@swiecki.net>
+Tested-by: Peter Zijlstra <peterz@infradead.org>
+Acked-by: David Howells <dhowells@redhat.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Acked-by: Andy Lutomirski <luto@amacapital.net>
+Acked-by: Eric W. Biederman <ebiederm@xmission.com>
+Cc: Willy Tarreau <w@1wt.eu>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Federico Manuel Bento <up201407890@fc.up.pt>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/binfmt_elf.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -850,6 +850,7 @@ static int load_elf_binary(struct linux_
+ 		current->flags |= PF_RANDOMIZE;
+ 
+ 	setup_new_exec(bprm);
++	install_exec_creds(bprm);
+ 
+ 	/* Do this so that we can load the interpreter, if need be.  We will
+ 	   change some of these later */
+@@ -1084,7 +1085,6 @@ static int load_elf_binary(struct linux_
+ 		goto out;
+ #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
+ 
+-	install_exec_creds(bprm);
+ 	retval = create_elf_tables(bprm, &loc->elf_ex,
+ 			  load_addr, interp_load_addr);
+ 	if (retval < 0)
diff --git a/queue-4.4/series b/queue-4.4/series
index f7dad6b6947..ea1884e7f98 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -66,3 +66,4 @@ wlcore-fix-memory-leak-in-case-wl12xx_fetch_firmware.patch
 x86-build-mark-per-cpu-symbols-as-absolute-explicitl.patch
 dmaengine-tegra-avoid-overflow-of-byte-tracking.patch
 drm-dp-mst-configure-no_stop_bit-correctly-for-remot.patch
+binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch