rpms/kernel/devel linux-2.6-proc-self-maps-fix.patch, NONE, 1.1 kernel-2.6.spec, 1.2125, 1.2126

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Apr 10 19:21:21 UTC 2006 

Author: davej

Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv21780

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6-proc-self-maps-fix.patch 
Log Message:
Al's /proc/self/maps setuid fix


linux-2.6-proc-self-maps-fix.patch:
 fs/proc/base.c          |   20 ++++++++++++++++++++
 fs/proc/internal.h      |    2 ++
 fs/proc/task_mmu.c      |    3 +--
 include/linux/proc_fs.h |    0 
 include/linux/ptrace.h  |    1 +
 kernel/ptrace.c         |    4 ++--
 6 files changed, 26 insertions(+), 4 deletions(-)

--- NEW FILE linux-2.6-proc-self-maps-fix.patch ---

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165351

diff --git a/fs/proc/base.c b/fs/proc/base.c
index a3a3eec..3f262cd 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -408,6 +408,26 @@ static int proc_task_root_link(struct in
 	 (task->state == TASK_STOPPED || task->state == TASK_TRACED) && \
 	 security_ptrace(current,task) == 0))
 
+struct mm_struct *mm_for_maps(struct task_struct *task)
+{
+	struct mm_struct *mm = get_task_mm(task);
+	if (!mm)
+		return NULL;
+	down_read(&mm->mmap_sem);
+	task_lock(task);
+	if (task->mm != mm)
+		goto out;
+	if (task->mm != current->mm && !__ptrace_may_attach(task))
+		goto out;
+	task_unlock(task);
+	return mm;
+out:
+	task_unlock(task);
+	up_read(&mm->mmap_sem);
+	mmput(mm);
+	return NULL;
+}
+
 static int proc_pid_environ(struct task_struct *task, char * buffer)
 {
 	int res = 0;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 0502f17..cd172ce 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -16,6 +16,8 @@ struct vmalloc_info {
 	unsigned long	largest_chunk;
 };
 
+extern struct mm_struct *mm_for_maps(struct task_struct *);
+
 #ifdef CONFIG_MMU
 #define VMALLOC_TOTAL (VMALLOC_END - VMALLOC_START)
 extern void get_vmalloc_info(struct vmalloc_info *vmi);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 91b7c15..3777557 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -311,12 +311,11 @@ static void *m_start(struct seq_file *m,
 	if (last_addr == -1UL)
 		return NULL;
 
-	mm = get_task_mm(task);
+	mm = mm_for_maps(task);
 	if (!mm)
 		return NULL;
 
 	tail_vma = get_gate_vma(task);
-	down_read(&mm->mmap_sem);
 
 	/* Start with last addr hint */
 	if (last_addr && (vma = find_vma(mm, last_addr))) {
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
index 0d36750..578c28e 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -94,6 +94,7 @@ extern void __ptrace_link(struct task_st
 extern void __ptrace_unlink(struct task_struct *child);
 extern void ptrace_untrace(struct task_struct *child);
 extern int ptrace_may_attach(struct task_struct *task);
+extern int __ptrace_may_attach(struct task_struct *task);
 
 static inline void ptrace_link(struct task_struct *child,
 			       struct task_struct *new_parent)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 0eeb7e6..443f77e 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -121,7 +121,7 @@ int ptrace_check_attach(struct task_stru
 	return ret;
 }
 
-static int may_attach(struct task_struct *task)
+int __ptrace_may_attach(struct task_struct *task)
 {
 	if (!task->mm)
 		return -EPERM;
@@ -143,7 +143,7 @@ int ptrace_may_attach(struct task_struct
 {
 	int err;
 	task_lock(task);
-	err = may_attach(task);
+	err = __ptrace_may_attach(task);
 	task_unlock(task);
 	return !err;
 }



Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2125
retrieving revision 1.2126
diff -u -r1.2125 -r1.2126
--- kernel-2.6.spec	10 Apr 2006 19:18:17 -0000	1.2125
+++ kernel-2.6.spec	10 Apr 2006 19:21:19 -0000	1.2126
@@ -340,6 +340,7 @@
 Patch1690: linux-2.6-smsc-ircc2-pnp.patch
 Patch1700: linux-2.6-w1-hush-debug.patch
 Patch1710: linux-2.6-sched-up-migration-cost.patch
+Patch1720: linux-2.6-proc-self-maps-fix.patch
 Patch1740: linux-2.6-softlockup-disable.patch
 Patch1760: linux-2.6-suspend-slab-warnings.patch
 Patch1770: linux-2.6-optimise-spinlock-debug.patch
@@ -960,6 +961,8 @@
 %patch1700 -p1
 # Only print migration info on SMP
 %patch1710 -p1
+# setuid /proc/self/maps fix.
+%patch1720 -p1
 # Add a safety net to softlockup so that it doesn't prevent installs.
 %patch1740 -p1
 # Fix up kmalloc whilst atomic warning during resume.
@@ -1653,6 +1656,7 @@
 - 2.6.16rc1-git2
 - Enable SMP on all x86 kernels.
   SMP_ALTERNATIVES disables the spinlocks etc at runtime.
+- setuid /proc/self/maps fix (#165351)
 
 * Thu Apr  6 2006 Dave Jones <davej at redhat.com>
 - Rebuild without a zillion warnings.

More information about the fedora-cvs-commits mailing list