signal: fix kabi changes in struct task_struct

hulk inclusion category: kabi bugzilla: NA CVE: CVE-2020-10741, CVE-2020-12826 --------------------------- Commit d1e7fd64 ("signal: Extend exec_id to 64bits") can fixes CVE-2020-10741 and CVE-2020-12826, but it introduces a kabi change in struct task_strcut. Fix this kabi broken by using another new 64bits variables parent_exec_id_u64 and self_exec_id_u64. Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

signal: fix kabi changes in struct task_struct
hulk inclusion category: kabi bugzilla: NA CVE: CVE-2020-10741, CVE-2020-12826 --------------------------- Commit d1e7fd64 ("signal: Extend exec_id to 64bits") can fixes CVE-2020-10741 and CVE-2020-12826, but it introduces a kabi change in struct task_strcut. Fix this kabi broken by using another new 64bits variables parent_exec_id_u64 and self_exec_id_u64. Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
4dd9f6ac · Yang Yingliang · 1f4a4074 · 4dd9f6ac · 4dd9f6ac · 4dd9f6ac
隐藏空白更改
内联并排

Showing with 11 addition and 3 deletion

fs/exec.c fs/exec.c +1 -0

include/linux/sched.h include/linux/sched.h +7 -2

kernel/fork.c kernel/fork.c +2 -0

kernel/signal.c kernel/signal.c +1 -1

未找到文件。
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1380,6 +1380,7 @@ void setup_new_exec(struct linux_binprm * bprm)
 	/* An exec changes our domain. We are no longer part of the thread
 	   group */
 	WRITE_ONCE(current->self_exec_id, current->self_exec_id + 1);
+	WRITE_ONCE(current->self_exec_id_u64, current->self_exec_id_u64 + 1);
 	flush_signal_handlers(current, 0);
 }
 EXPORT_SYMBOL(setup_new_exec);

--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -892,8 +892,8 @@ struct task_struct {
 	struct seccomp			seccomp;
 	/* Thread group tracking: */
-	u64				parent_exec_id;
+	u32				parent_exec_id;
-	u64				self_exec_id;
+	u32				self_exec_id;
 	/* Protection against (de-)allocation: mm, files, fs, tty, keyrings, mems_allowed, mempolicy: */
 	spinlock_t			alloc_lock;
@@ -1212,8 +1212,13 @@ struct task_struct {
 	 */
 	randomized_struct_fields_end
+#ifndef __GENKSYMS__
+	u64				parent_exec_id_u64;
+	u64				self_exec_id_u64;
+#else
 	KABI_RESERVE(1)
 	KABI_RESERVE(2)
+#endif
 	KABI_RESERVE(3)
 	KABI_RESERVE(4)
 	KABI_RESERVE(5)

--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2055,9 +2055,11 @@ static __latent_entropy struct task_struct *copy_process(
 	if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
 		p->real_parent = current->real_parent;
 		p->parent_exec_id = current->parent_exec_id;
+		p->parent_exec_id_u64 = current->parent_exec_id_u64;
 	} else {
 		p->real_parent = current;
 		p->parent_exec_id = current->self_exec_id;
+		p->parent_exec_id_u64 = current->self_exec_id_u64;
 	}
 	klp_copy_process(p);

--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1827,7 +1827,7 @@ bool do_notify_parent(struct task_struct *tsk, int sig)
 		 * This is only possible if parent == real_parent.
 		 * Check if it has changed security domain.
 		 */
-		if (tsk->parent_exec_id != READ_ONCE(tsk->parent->self_exec_id))
+		if (tsk->parent_exec_id_u64 != READ_ONCE(tsk->parent->self_exec_id_u64))
 			sig = SIGCHLD;
 	}