linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-03 17:40:04 +00:00

No description

Find a file

Tejun Heo 43fa0b3639 cgroup: Use open-time cgroup namespace for process migration perm checks commit `e574576416` upstream. cgroup process migration permission checks are performed at write time as whether a given operation is allowed or not is dependent on the content of the write - the PID. This currently uses current's cgroup namespace which is a potential security weakness as it may allow scenarios where a less privileged process tricks a more privileged one into writing into a fd that it created. This patch makes cgroup remember the cgroup namespace at the time of open and uses it for migration permission checks instad of current's. Note that this only applies to cgroup2 as cgroup1 doesn't have namespace support. This also fixes a use-after-free bug on cgroupns reported in https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com Note that backporting this fix also requires the preceding patch. Reported-by: "Eric W. Biederman" <ebiederm@xmission.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Cc: Michal Koutný <mkoutny@suse.com> Cc: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Michal Koutný <mkoutny@suse.com> Reported-by: syzbot+50f5cf33a284ce738b62@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com Fixes: `5136f6365c` ("cgroup: implement "nsdelegate" mount option") Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2022-01-11 15:35:15 +01:00
arch	KVM: x86: Check for rmaps allocation	2022-01-11 15:35:15 +01:00
block	iocost: Fix divide-by-zero on donation from low hweight cgroup	2021-12-22 09:32:48 +01:00
certs	certs: Add support for using elliptic curve keys for signing modules	2021-08-23 19:55:42 +03:00
crypto	crypto: pcrypt - Delay write to padata->info	2021-11-18 19:16:44 +01:00
Documentation	Input: i8042 - add deferred probe support	2022-01-05 12:42:32 +01:00
drivers	EDAC/i10nm: Release mdev/mbase when failing to detect HBM	2022-01-11 15:35:15 +01:00
fs	fs/mount_setattr: always cleanup mount_kattr	2022-01-05 12:42:39 +01:00
include	sctp: hold endpoint before calling cb in sctp_transport_lookup_process	2022-01-11 15:35:14 +01:00
init	init: make unknown command line param message clearer	2021-11-18 19:17:11 +01:00
ipc	shm: extend forced shm destroy to support objects from several IPC nses	2021-11-25 09:48:42 +01:00
kernel	cgroup: Use open-time cgroup namespace for process migration perm checks	2022-01-11 15:35:15 +01:00
lib	siphash: use _unaligned version by default	2021-12-08 09:04:47 +01:00
LICENSES	LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"	2021-07-15 06:31:24 -06:00
mm	mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'	2022-01-05 12:42:39 +01:00
net	sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc	2022-01-11 15:35:14 +01:00
samples	ftrace/samples: Add missing prototypes direct functions	2022-01-11 15:35:13 +01:00
scripts	recordmcount.pl: fix typo in s390 mcount regex	2022-01-05 12:42:33 +01:00
security	selinux: initialize proto variable in selinux_ip_postroute_compat()	2022-01-05 12:42:34 +01:00
sound	ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2	2022-01-05 12:42:33 +01:00
tools	selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature	2022-01-11 15:35:14 +01:00
usr
virt	KVM: downgrade two BUG_ONs to WARN_ON_ONCE	2021-12-22 09:32:34 +01:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap	mailmap: add Andrej Shadura	2021-10-18 20:22:03 -10:00
COPYING
CREDITS	MAINTAINERS: Move Daniel Drake to credits	2021-09-21 08:34:58 +03:00
Kbuild
Kconfig
MAINTAINERS	drm fixes for 5.15 final	2021-10-28 12:17:01 -07:00
Makefile	Linux 5.15.13	2022-01-05 12:42:40 +01:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.