mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
No description
731667 commits 104 branches 5093 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Tejun Heo 2337c8257c cgroup: Use open-time cgroup namespace for process migration perm checks 
commit e574576416 upstream.

cgroup process migration permission checks are performed at write time as
whether a given operation is allowed or not is dependent on the content of
the write - the PID. This currently uses current's cgroup namespace which is
a potential security weakness as it may allow scenarios where a less
privileged process tricks a more privileged one into writing into a fd that
it created.

This patch makes cgroup remember the cgroup namespace at the time of open
and uses it for migration permission checks instad of current's. Note that
this only applies to cgroup2 as cgroup1 doesn't have namespace support.

This also fixes a use-after-free bug on cgroupns reported in

 https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com

Note that backporting this fix also requires the preceding patch.

Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Reported-by: syzbot+50f5cf33a284ce738b62@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com
Fixes: 5136f6365c ("cgroup: implement "nsdelegate" mount option")
Signed-off-by: Tejun Heo <tj@kernel.org>
[mkoutny: v5.10: duplicate ns check in procs/threads write handler, adjust context]
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[OP: backport to v4.14: drop changes to cgroup_attach_permissions() and
cgroup_css_set_fork(), adjust cgroup_procs_write_permission() calls]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:08:30 +02:00
arch arm64: module: remove (NOLOAD) from linker script 2022-04-20 09:08:30 +02:00
block block: bio-integrity: Advance seed correctly for larger interval sizes 2022-02-08 18:16:28 +01:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-22 11:45:19 +02:00
crypto crypto: authenc - Fix sleep in atomic context in decrypt_tail 2022-04-20 09:08:12 +02:00
Documentation Documentation: update stable tree link 2022-04-20 09:08:09 +02:00
drivers dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" 2022-04-20 09:08:30 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs btrfs: fix qgroup reserve overflow the qgroup limit 2022-04-20 09:08:30 +02:00
include mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning 2022-04-20 09:08:30 +02:00
init init/main.c: return 1 from handled __setup() functions 2022-04-20 09:08:28 +02:00
ipc ipc: WARN if trying to remove ipc object which is absent 2021-12-08 08:46:53 +01:00
kernel cgroup: Use open-time cgroup namespace for process migration perm checks 2022-04-20 09:08:30 +02:00
lib lib/test: use after free in register_test_dev_kmod() 2022-04-20 09:08:21 +02:00
mm mm: don't skip swap entry even if zap_details specified 2022-04-20 09:08:30 +02:00
net net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:40:31 +01:00
scripts Makefile.extrawarn: Move -Wunaligned-access to W=1 2022-02-23 11:57:32 +01:00
security Fix incorrect type in assignment of ipv6 port for audit 2022-04-20 09:08:21 +02:00
sound ASoC: topology: Allow TLV control to be either read or write 2022-04-20 09:08:25 +02:00
tools tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts 2022-04-20 09:08:30 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: Prevent module exit until all VMs are freed 2022-04-20 09:08:24 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 16:36:12 +01:00
Makefile Linux 4.14.275 2022-04-02 12:41:10 +02:00
README

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.