From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Jun 2015 23:51:34 +0000 (-0700)
Subject: 3.10-stable patches
X-Git-Tag: v3.10.83~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eb528377702a52fa18076d7dca19cab3ec88c6d4;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	__ptrace_may_access-should-not-deny-sub-threads.patch
	include-linux-sched.h-don-t-use-task-pid-tgid-in.patch
---

diff --git a/queue-3.10/__ptrace_may_access-should-not-deny-sub-threads.patch b/queue-3.10/__ptrace_may_access-should-not-deny-sub-threads.patch
new file mode 100644
index 00000000000..7ea98e85ed6
--- /dev/null
+++ b/queue-3.10/__ptrace_may_access-should-not-deny-sub-threads.patch
@@ -0,0 +1,46 @@
+From 73af963f9f3036dffed55c3a2898598186db1045 Mon Sep 17 00:00:00 2001
+From: Mark Grondona <mgrondona@llnl.gov>
+Date: Wed, 11 Sep 2013 14:24:31 -0700
+Subject: __ptrace_may_access() should not deny sub-threads
+
+From: Mark Grondona <mgrondona@llnl.gov>
+
+commit 73af963f9f3036dffed55c3a2898598186db1045 upstream.
+
+__ptrace_may_access() checks get_dumpable/ptrace_has_cap/etc if task !=
+current, this can can lead to surprising results.
+
+For example, a sub-thread can't readlink("/proc/self/exe") if the
+executable is not readable.  setup_new_exec()->would_dump() notices that
+inode_permission(MAY_READ) fails and then it does
+set_dumpable(suid_dumpable).  After that get_dumpable() fails.
+
+(It is not clear why proc_pid_readlink() checks get_dumpable(), perhaps we
+could add PTRACE_MODE_NODUMPABLE)
+
+Change __ptrace_may_access() to use same_thread_group() instead of "task
+== current".  Any security check is pointless when the tasks share the
+same ->mm.
+
+Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
+Signed-off-by: Ben Woodard <woodard@redhat.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/ptrace.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -236,7 +236,7 @@ static int __ptrace_may_access(struct ta
+ 	 */
+ 	int dumpable = 0;
+ 	/* Don't let security modules deny introspection */
+-	if (task == current)
++	if (same_thread_group(task, current))
+ 		return 0;
+ 	rcu_read_lock();
+ 	tcred = __task_cred(task);
diff --git a/queue-3.10/include-linux-sched.h-don-t-use-task-pid-tgid-in.patch b/queue-3.10/include-linux-sched.h-don-t-use-task-pid-tgid-in.patch
new file mode 100644
index 00000000000..0b1b96659c2
--- /dev/null
+++ b/queue-3.10/include-linux-sched.h-don-t-use-task-pid-tgid-in.patch
@@ -0,0 +1,54 @@
+From e1403b8edf669ff49bbdf602cc97fefa2760cb15 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Wed, 11 Sep 2013 14:20:06 -0700
+Subject: include/linux/sched.h: don't use task->pid/tgid in
+ same_thread_group/has_group_leader_pid
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit e1403b8edf669ff49bbdf602cc97fefa2760cb15 upstream.
+
+task_struct->pid/tgid should go away.
+
+1. Change same_thread_group() to use task->signal for comparison.
+
+2. Change has_group_leader_pid(task) to compare task_pid(task) with
+   signal->leader_pid.
+
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Michal Hocko <mhocko@suse.cz>
+Cc: Sergey Dyasly <dserrg@gmail.com>
+Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/sched.h |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -2203,15 +2203,15 @@ static inline bool thread_group_leader(s
+  * all we care about is that we have a task with the appropriate
+  * pid, we don't actually care if we have the right task.
+  */
+-static inline int has_group_leader_pid(struct task_struct *p)
++static inline bool has_group_leader_pid(struct task_struct *p)
+ {
+-	return p->pid == p->tgid;
++	return task_pid(p) == p->signal->leader_pid;
+ }
+ 
+ static inline
+-int same_thread_group(struct task_struct *p1, struct task_struct *p2)
++bool same_thread_group(struct task_struct *p1, struct task_struct *p2)
+ {
+-	return p1->tgid == p2->tgid;
++	return p1->signal == p2->signal;
+ }
+ 
+ static inline struct task_struct *next_thread(const struct task_struct *p)
diff --git a/queue-3.10/series b/queue-3.10/series
index ec855bec3dc..c86ca2caa4c 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -3,3 +3,5 @@ get-rid-of-s_files-and-files_lock.patch
 config-enable-need_dma_map_state-by-default-when-swiotlb-is-selected.patch
 netfilter-nfnetlink_cthelper-remove-const-and-to-avoid-warnings.patch
 netfilter-zero-the-tuple-in-nfnl_cthelper_parse_tuple.patch
+include-linux-sched.h-don-t-use-task-pid-tgid-in.patch
+__ptrace_may_access-should-not-deny-sub-threads.patch