Intel OpenBMC Linux kernel source tree (mirror) https://git.radix-linux.su/BMC/Intel-BMC/linux.git/atom?h=dev-4.7 2016-09-15T06:20:25+00:00 2016-09-15T06:20:25+00:00 John Johansen john.johansen@canonical.com 2015-12-17T02:09:10+00:00 urn:sha1:a913c940039ce803939bb81f3c3be3aab0d43b5c commit de7c4cc947f9f56f61520ee7edaf380434a98c8d upstream. When finding a child profile via an rcu critical section, the profile may be put and scheduled for deletion after the child is found but before its refcount is incremented. Protect against this by repeating the lookup if the profiles refcount is 0 and is one its way to deletion. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-08-16T07:34:58+00:00 John Johansen john.johansen@canonical.com 2015-11-18T19:41:05+00:00 urn:sha1:3f0153ace2051b3f62c24503740b935e82451c22 commit 0b938a2e2cf0b0a2c8bac9769111545aff0fee97 upstream. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-07-08T00:26:25+00:00 Vegard Nossum vegard.nossum@oracle.com 2016-07-07T20:41:11+00:00 urn:sha1:30a46a4647fd1df9cf52e43bf467f0d9265096ca When proc_pid_attr_write() was changed to use memdup_user apparmor's (interface violating) assumption that the setprocattr buffer was always a single page was violated. The size test is not strictly speaking needed as proc_pid_attr_write() will reject anything larger, but for the sake of robustness we can keep it in. SMACK and SELinux look safe to me, but somebody else should probably have a look just in case. Based on original patch from Vegard Nossum <vegard.nossum@oracle.com> modified for the case that apparmor provides null termination. Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2016-03-28T04:47:36+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:27:45+00:00 urn:sha1:3ccee46ab487d5b87d0621824efe2500b2857c58 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:28+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:22:49+00:00 urn:sha1:8db0185659c33143915768bdd33fc2fb1b1cbb58 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:27+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:21:09+00:00 urn:sha1:d360775217070ff0f4291e47d3f568f0fe0b7374 ... as well as unix_mknod() and may_o_create() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:27+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:13:39+00:00 urn:sha1:989f74e0500a1e136d369bb619adc22786ea5e68 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:26+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:10:04+00:00 urn:sha1:d6b49f7ad2f38b5c3af27ac1a6f475b1ec13ea6e Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:26+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:07:03+00:00 urn:sha1:3539aaf670cdd68a37314cd5db400c0c77287c88 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-03-28T04:47:25+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:04:36+00:00 urn:sha1:741aca71d61c3485d1e9db3bcea00d4509cf2301 was open-coded in several places... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>