tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
"Life has been busy and I have not gotten half as much done this round
as I would have liked. I delayed it so that a minor conflict
resolution with the mips tree could spend a little time in linux-next
before I sent this pull request.
This includes two long delayed user namespace changes from Kirill
Tkhai. It also includes a very useful change from Serge Hallyn that
allows the security capability attribute to be used inside of user
namespaces. The practical effect of this is people can now untar
tarballs and install rpms in user namespaces. It had been suggested to
generalize this and encode some of the namespace information
information in the xattr name. Upon close inspection that makes the
things that should be hard easy and the things that should be easy
more expensive.
Then there is my bugfix/cleanup for signal injection that removes the
magic encoding of the siginfo union member from the kernel internal
si_code. The mips folks reported the case where I had used FPE_FIXME
me is impossible so I have remove FPE_FIXME from mips, while at the
same time including a return statement in that case to keep gcc from
complaining about unitialized variables.
I almost finished the work to get make copy_siginfo_to_user a trivial
copy to user. The code is available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git neuter-copy_siginfo_to_user-v3
But I did not have time/energy to get the code posted and reviewed
before the merge window opened.
I was able to see that the security excuse for just copying fields
that we know are initialized doesn't work in practice there are buggy
initializations that don't initialize the proper fields in siginfo. So
we still sometimes copy unitialized data to userspace"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
Introduce v3 namespaced file capabilities
mips/signal: In force_fcr31_sig return in the impossible case
signal: Remove kernel interal si_code magic
fcntl: Don't use ambiguous SIG_POLL si_codes
prctl: Allow local CAP_SYS_ADMIN changing exe_file
security: Use user_namespace::level to avoid redundant iterations in cap_capable()
userns,pidns: Verify the userns for new pid namespaces
signal/testing: Don't look for __SI_FAULT in userspace
signal/mips: Document a conflict with SI_USER with SIGFPE
signal/sparc: Document a conflict with SI_USER with SIGFPE
signal/ia64: Document a conflict with SI_USER with SIGFPE
signal/alpha: Document a conflict with SI_USER for SIGTRAP
+622
-297
+14
arch/alpha/include/uapi/asm/siginfo.h
+14
arch/alpha/include/uapi/asm/siginfo.h
···
6
6
7
7
#include <asm-generic/siginfo.h>
8
8
9
+
/*
10
+
* SIGFPE si_codes
11
+
*/
12
+
#ifdef __KERNEL__
13
+
#define FPE_FIXME 0 /* Broken dup of SI_USER */
14
+
#endif /* __KERNEL__ */
15
+
16
+
/*
17
+
* SIGTRAP si_codes
18
+
*/
19
+
#ifdef __KERNEL__
20
+
#define TRAP_FIXME 0 /* Broken dup of SI_USER */
21
+
#endif /* __KERNEL__ */
22
+
9
23
#endif
+3
-3
arch/alpha/kernel/traps.c
+3
-3
arch/alpha/kernel/traps.c
···
280
280
case 1: /* bugcheck */
281
281
info.si_signo = SIGTRAP;
282
282
info.si_errno = 0;
283
-
info.si_code = __SI_FAULT;
283
+
info.si_code = TRAP_FIXME;
284
284
info.si_addr = (void __user *) regs->pc;
285
285
info.si_trapno = 0;
286
286
send_sig_info(SIGTRAP, &info, current);
···
320
320
break;
321
321
case GEN_ROPRAND:
322
322
signo = SIGFPE;
323
-
code = __SI_FAULT;
323
+
code = FPE_FIXME;
324
324
break;
325
325
326
326
case GEN_DECOVF:
···
342
342
case GEN_SUBRNG7:
343
343
default:
344
344
signo = SIGTRAP;
345
-
code = __SI_FAULT;
345
+
code = TRAP_FIXME;
346
346
break;
347
347
}
348
348
+9
-14
arch/arm64/kernel/signal32.c
+9
-14
arch/arm64/kernel/signal32.c
···
142
142
*/
143
143
err = __put_user(from->si_signo, &to->si_signo);
144
144
err |= __put_user(from->si_errno, &to->si_errno);
145
-
err |= __put_user((short)from->si_code, &to->si_code);
145
+
err |= __put_user(from->si_code, &to->si_code);
146
146
if (from->si_code < 0)
147
147
err |= __copy_to_user(&to->_sifields._pad, &from->_sifields._pad,
148
148
SI_PAD_SIZE);
149
-
else switch (from->si_code & __SI_MASK) {
150
-
case __SI_KILL:
149
+
else switch (siginfo_layout(from->si_signo, from->si_code)) {
150
+
case SIL_KILL:
151
151
err |= __put_user(from->si_pid, &to->si_pid);
152
152
err |= __put_user(from->si_uid, &to->si_uid);
153
153
break;
154
-
case __SI_TIMER:
154
+
case SIL_TIMER:
155
155
err |= __put_user(from->si_tid, &to->si_tid);
156
156
err |= __put_user(from->si_overrun, &to->si_overrun);
157
157
err |= __put_user(from->si_int, &to->si_int);
158
158
break;
159
-
case __SI_POLL:
159
+
case SIL_POLL:
160
160
err |= __put_user(from->si_band, &to->si_band);
161
161
err |= __put_user(from->si_fd, &to->si_fd);
162
162
break;
163
-
case __SI_FAULT:
163
+
case SIL_FAULT:
164
164
err |= __put_user((compat_uptr_t)(unsigned long)from->si_addr,
165
165
&to->si_addr);
166
166
#ifdef BUS_MCEERR_AO
···
173
173
err |= __put_user(from->si_addr_lsb, &to->si_addr_lsb);
174
174
#endif
175
175
break;
176
-
case __SI_CHLD:
176
+
case SIL_CHLD:
177
177
err |= __put_user(from->si_pid, &to->si_pid);
178
178
err |= __put_user(from->si_uid, &to->si_uid);
179
179
err |= __put_user(from->si_status, &to->si_status);
180
180
err |= __put_user(from->si_utime, &to->si_utime);
181
181
err |= __put_user(from->si_stime, &to->si_stime);
182
182
break;
183
-
case __SI_RT: /* This is not generated by the kernel as of now. */
184
-
case __SI_MESGQ: /* But this is */
183
+
case SIL_RT:
185
184
err |= __put_user(from->si_pid, &to->si_pid);
186
185
err |= __put_user(from->si_uid, &to->si_uid);
187
186
err |= __put_user(from->si_int, &to->si_int);
188
187
break;
189
-
case __SI_SYS:
188
+
case SIL_SYS:
190
189
err |= __put_user((compat_uptr_t)(unsigned long)
191
190
from->si_call_addr, &to->si_call_addr);
192
191
err |= __put_user(from->si_syscall, &to->si_syscall);
193
192
err |= __put_user(from->si_arch, &to->si_arch);
194
-
break;
195
-
default: /* this is just in case for now ... */
196
-
err |= __put_user(from->si_pid, &to->si_pid);
197
-
err |= __put_user(from->si_uid, &to->si_uid);
198
193
break;
199
194
}
200
195
return err;
+19
-11
arch/blackfin/include/uapi/asm/siginfo.h
+19
-11
arch/blackfin/include/uapi/asm/siginfo.h
···
14
14
15
15
#define si_uid16 _sifields._kill._uid
16
16
17
-
#define ILL_ILLPARAOP (__SI_FAULT|2) /* illegal opcode combine ********** */
18
-
#define ILL_ILLEXCPT (__SI_FAULT|4) /* unrecoverable exception ********** */
19
-
#define ILL_CPLB_VI (__SI_FAULT|9) /* D/I CPLB protect violation ******** */
20
-
#define ILL_CPLB_MISS (__SI_FAULT|10) /* D/I CPLB miss ******** */
21
-
#define ILL_CPLB_MULHIT (__SI_FAULT|11) /* D/I CPLB multiple hit ******** */
17
+
#define ILL_ILLPARAOP 2 /* illegal opcode combine ********** */
18
+
#define ILL_ILLEXCPT 4 /* unrecoverable exception ********** */
19
+
#define ILL_CPLB_VI 9 /* D/I CPLB protect violation ******** */
20
+
#define ILL_CPLB_MISS 10 /* D/I CPLB miss ******** */
21
+
#define ILL_CPLB_MULHIT 11 /* D/I CPLB multiple hit ******** */
22
+
#undef NSIGILL
23
+
#define NSIGILL 11
22
24
23
25
/*
24
26
* SIGBUS si_codes
25
27
*/
26
-
#define BUS_OPFETCH (__SI_FAULT|4) /* error from instruction fetch ******** */
28
+
#define BUS_OPFETCH 4 /* error from instruction fetch ******** */
29
+
#undef NSIGBUS
30
+
#define NSIGBUS 4
27
31
28
32
/*
29
33
* SIGTRAP si_codes
30
34
*/
31
-
#define TRAP_STEP (__SI_FAULT|1) /* single-step breakpoint************* */
32
-
#define TRAP_TRACEFLOW (__SI_FAULT|2) /* trace buffer overflow ************* */
33
-
#define TRAP_WATCHPT (__SI_FAULT|3) /* watchpoint match ************* */
34
-
#define TRAP_ILLTRAP (__SI_FAULT|4) /* illegal trap ************* */
35
+
#define TRAP_STEP 1 /* single-step breakpoint************* */
36
+
#define TRAP_TRACEFLOW 2 /* trace buffer overflow ************* */
37
+
#define TRAP_WATCHPT 3 /* watchpoint match ************* */
38
+
#define TRAP_ILLTRAP 4 /* illegal trap ************* */
39
+
#undef NSIGTRAP
40
+
#define NSIGTRAP 4
35
41
36
42
/*
37
43
* SIGSEGV si_codes
38
44
*/
39
-
#define SEGV_STACKFLOW (__SI_FAULT|3) /* stack overflow */
45
+
#define SEGV_STACKFLOW 3 /* stack overflow */
46
+
#undef NSIGSEGV
47
+
#define NSIGSEGV 3
40
48
41
49
#endif /* _UAPI_BFIN_SIGINFO_H */
+1
-1
arch/frv/include/uapi/asm/siginfo.h
+1
-1
arch/frv/include/uapi/asm/siginfo.h
+12
-9
arch/ia64/include/uapi/asm/siginfo.h
+12
-9
arch/ia64/include/uapi/asm/siginfo.h
···
98
98
/*
99
99
* SIGILL si_codes
100
100
*/
101
-
#define ILL_BADIADDR (__SI_FAULT|9) /* unimplemented instruction address */
102
-
#define __ILL_BREAK (__SI_FAULT|10) /* illegal break */
103
-
#define __ILL_BNDMOD (__SI_FAULT|11) /* bundle-update (modification) in progress */
101
+
#define ILL_BADIADDR 9 /* unimplemented instruction address */
102
+
#define __ILL_BREAK 10 /* illegal break */
103
+
#define __ILL_BNDMOD 11 /* bundle-update (modification) in progress */
104
104
#undef NSIGILL
105
105
#define NSIGILL 11
106
106
107
107
/*
108
108
* SIGFPE si_codes
109
109
*/
110
-
#define __FPE_DECOVF (__SI_FAULT|9) /* decimal overflow */
111
-
#define __FPE_DECDIV (__SI_FAULT|10) /* decimal division by zero */
112
-
#define __FPE_DECERR (__SI_FAULT|11) /* packed decimal error */
113
-
#define __FPE_INVASC (__SI_FAULT|12) /* invalid ASCII digit */
114
-
#define __FPE_INVDEC (__SI_FAULT|13) /* invalid decimal digit */
110
+
#ifdef __KERNEL__
111
+
#define FPE_FIXME 0 /* Broken dup of SI_USER */
112
+
#endif /* __KERNEL__ */
113
+
#define __FPE_DECOVF 9 /* decimal overflow */
114
+
#define __FPE_DECDIV 10 /* decimal division by zero */
115
+
#define __FPE_DECERR 11 /* packed decimal error */
116
+
#define __FPE_INVASC 12 /* invalid ASCII digit */
117
+
#define __FPE_INVDEC 13 /* invalid decimal digit */
115
118
#undef NSIGFPE
116
119
#define NSIGFPE 13
117
120
118
121
/*
119
122
* SIGSEGV si_codes
120
123
*/
121
-
#define __SEGV_PSTKOVF (__SI_FAULT|4) /* paragraph stack overflow */
124
+
#define __SEGV_PSTKOVF 4 /* paragraph stack overflow */
122
125
#undef NSIGSEGV
123
126
#define NSIGSEGV 4
124
127
+8
-9
arch/ia64/kernel/signal.c
+8
-9
arch/ia64/kernel/signal.c
···
124
124
*/
125
125
err = __put_user(from->si_signo, &to->si_signo);
126
126
err |= __put_user(from->si_errno, &to->si_errno);
127
-
err |= __put_user((short)from->si_code, &to->si_code);
128
-
switch (from->si_code >> 16) {
129
-
case __SI_FAULT >> 16:
127
+
err |= __put_user(from->si_code, &to->si_code);
128
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
129
+
case SIL_FAULT:
130
130
err |= __put_user(from->si_flags, &to->si_flags);
131
131
err |= __put_user(from->si_isr, &to->si_isr);
132
-
case __SI_POLL >> 16:
132
+
case SIL_POLL:
133
133
err |= __put_user(from->si_addr, &to->si_addr);
134
134
err |= __put_user(from->si_imm, &to->si_imm);
135
135
break;
136
-
case __SI_TIMER >> 16:
136
+
case SIL_TIMER:
137
137
err |= __put_user(from->si_tid, &to->si_tid);
138
138
err |= __put_user(from->si_overrun, &to->si_overrun);
139
139
err |= __put_user(from->si_ptr, &to->si_ptr);
140
140
break;
141
-
case __SI_RT >> 16: /* Not generated by the kernel as of now. */
142
-
case __SI_MESGQ >> 16:
141
+
case SIL_RT:
143
142
err |= __put_user(from->si_uid, &to->si_uid);
144
143
err |= __put_user(from->si_pid, &to->si_pid);
145
144
err |= __put_user(from->si_ptr, &to->si_ptr);
146
145
break;
147
-
case __SI_CHLD >> 16:
146
+
case SIL_CHLD:
148
147
err |= __put_user(from->si_utime, &to->si_utime);
149
148
err |= __put_user(from->si_stime, &to->si_stime);
150
149
err |= __put_user(from->si_status, &to->si_status);
151
-
default:
150
+
case SIL_KILL:
152
151
err |= __put_user(from->si_uid, &to->si_uid);
153
152
err |= __put_user(from->si_pid, &to->si_pid);
154
153
break;
+2
-2
arch/ia64/kernel/traps.c
+2
-2
arch/ia64/kernel/traps.c
···
349
349
}
350
350
siginfo.si_signo = SIGFPE;
351
351
siginfo.si_errno = 0;
352
-
siginfo.si_code = __SI_FAULT; /* default code */
352
+
siginfo.si_code = FPE_FIXME; /* default code */
353
353
siginfo.si_addr = (void __user *) (regs->cr_iip + ia64_psr(regs)->ri);
354
354
if (isr & 0x11) {
355
355
siginfo.si_code = FPE_FLTINV;
···
373
373
/* raise exception */
374
374
siginfo.si_signo = SIGFPE;
375
375
siginfo.si_errno = 0;
376
-
siginfo.si_code = __SI_FAULT; /* default code */
376
+
siginfo.si_code = FPE_FIXME; /* default code */
377
377
siginfo.si_addr = (void __user *) (regs->cr_iip + ia64_psr(regs)->ri);
378
378
if (isr & 0x880) {
379
379
siginfo.si_code = FPE_FLTOVF;
+2
-2
arch/mips/include/uapi/asm/siginfo.h
+2
-2
arch/mips/include/uapi/asm/siginfo.h
···
120
120
#undef SI_TIMER
121
121
#undef SI_MESGQ
122
122
#define SI_ASYNCIO -2 /* sent by AIO completion */
123
-
#define SI_TIMER __SI_CODE(__SI_TIMER, -3) /* sent by timer expiration */
124
-
#define SI_MESGQ __SI_CODE(__SI_MESGQ, -4) /* sent by real time mesq state change */
123
+
#define SI_TIMER -3 /* sent by timer expiration */
124
+
#define SI_MESGQ -4 /* sent by real time mesq state change */
125
125
126
126
#endif /* _UAPI_ASM_SIGINFO_H */
+9
-10
arch/mips/kernel/signal32.c
+9
-10
arch/mips/kernel/signal32.c
···
93
93
at the same time. */
94
94
err = __put_user(from->si_signo, &to->si_signo);
95
95
err |= __put_user(from->si_errno, &to->si_errno);
96
-
err |= __put_user((short)from->si_code, &to->si_code);
96
+
err |= __put_user(from->si_code, &to->si_code);
97
97
if (from->si_code < 0)
98
98
err |= __copy_to_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
99
99
else {
100
-
switch (from->si_code >> 16) {
101
-
case __SI_TIMER >> 16:
100
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
101
+
case SIL_TIMER:
102
102
err |= __put_user(from->si_tid, &to->si_tid);
103
103
err |= __put_user(from->si_overrun, &to->si_overrun);
104
104
err |= __put_user(from->si_int, &to->si_int);
105
105
break;
106
-
case __SI_CHLD >> 16:
106
+
case SIL_CHLD:
107
107
err |= __put_user(from->si_utime, &to->si_utime);
108
108
err |= __put_user(from->si_stime, &to->si_stime);
109
109
err |= __put_user(from->si_status, &to->si_status);
110
-
default:
110
+
case SIL_KILL:
111
111
err |= __put_user(from->si_pid, &to->si_pid);
112
112
err |= __put_user(from->si_uid, &to->si_uid);
113
113
break;
114
-
case __SI_FAULT >> 16:
114
+
case SIL_FAULT:
115
115
err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
116
116
break;
117
-
case __SI_POLL >> 16:
117
+
case SIL_POLL:
118
118
err |= __put_user(from->si_band, &to->si_band);
119
119
err |= __put_user(from->si_fd, &to->si_fd);
120
120
break;
121
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
122
-
case __SI_MESGQ >> 16:
121
+
case SIL_RT:
123
122
err |= __put_user(from->si_pid, &to->si_pid);
124
123
err |= __put_user(from->si_uid, &to->si_uid);
125
124
err |= __put_user(from->si_int, &to->si_int);
126
125
break;
127
-
case __SI_SYS >> 16:
126
+
case SIL_SYS:
128
127
err |= __copy_to_user(&to->si_call_addr, &from->si_call_addr,
129
128
sizeof(compat_uptr_t));
130
129
err |= __put_user(from->si_syscall, &to->si_syscall);
+1
-1
arch/mips/kernel/traps.c
+1
-1
arch/mips/kernel/traps.c
+15
-16
arch/parisc/kernel/signal32.c
+15
-16
arch/parisc/kernel/signal32.c
···
290
290
if (to->si_code < 0)
291
291
err |= __copy_from_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
292
292
else {
293
-
switch (to->si_code >> 16) {
294
-
case __SI_CHLD >> 16:
293
+
switch (siginfo_layout(to->si_signo, to->si_code)) {
294
+
case SIL_CHLD:
295
295
err |= __get_user(to->si_utime, &from->si_utime);
296
296
err |= __get_user(to->si_stime, &from->si_stime);
297
297
err |= __get_user(to->si_status, &from->si_status);
298
298
default:
299
+
case SIL_KILL:
299
300
err |= __get_user(to->si_pid, &from->si_pid);
300
301
err |= __get_user(to->si_uid, &from->si_uid);
301
302
break;
302
-
case __SI_FAULT >> 16:
303
+
case SIL_FAULT:
303
304
err |= __get_user(addr, &from->si_addr);
304
305
to->si_addr = compat_ptr(addr);
305
306
break;
306
-
case __SI_POLL >> 16:
307
+
case SIL_POLL:
307
308
err |= __get_user(to->si_band, &from->si_band);
308
309
err |= __get_user(to->si_fd, &from->si_fd);
309
310
break;
310
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
311
-
case __SI_MESGQ >> 16:
311
+
case SIL_RT:
312
312
err |= __get_user(to->si_pid, &from->si_pid);
313
313
err |= __get_user(to->si_uid, &from->si_uid);
314
314
err |= __get_user(to->si_int, &from->si_int);
···
337
337
at the same time. */
338
338
err = __put_user(from->si_signo, &to->si_signo);
339
339
err |= __put_user(from->si_errno, &to->si_errno);
340
-
err |= __put_user((short)from->si_code, &to->si_code);
340
+
err |= __put_user(from->si_code, &to->si_code);
341
341
if (from->si_code < 0)
342
342
err |= __copy_to_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
343
343
else {
344
-
switch (from->si_code >> 16) {
345
-
case __SI_CHLD >> 16:
344
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
345
+
case SIL_CHLD:
346
346
err |= __put_user(from->si_utime, &to->si_utime);
347
347
err |= __put_user(from->si_stime, &to->si_stime);
348
348
err |= __put_user(from->si_status, &to->si_status);
349
-
default:
349
+
case SIL_KILL:
350
350
err |= __put_user(from->si_pid, &to->si_pid);
351
351
err |= __put_user(from->si_uid, &to->si_uid);
352
352
break;
353
-
case __SI_FAULT >> 16:
353
+
case SIL_FAULT:
354
354
addr = ptr_to_compat(from->si_addr);
355
355
err |= __put_user(addr, &to->si_addr);
356
356
break;
357
-
case __SI_POLL >> 16:
357
+
case SIL_POLL:
358
358
err |= __put_user(from->si_band, &to->si_band);
359
359
err |= __put_user(from->si_fd, &to->si_fd);
360
360
break;
361
-
case __SI_TIMER >> 16:
361
+
case SIL_TIMER:
362
362
err |= __put_user(from->si_tid, &to->si_tid);
363
363
err |= __put_user(from->si_overrun, &to->si_overrun);
364
364
val = (compat_int_t)from->si_int;
365
365
err |= __put_user(val, &to->si_int);
366
366
break;
367
-
case __SI_RT >> 16: /* Not generated by the kernel as of now. */
368
-
case __SI_MESGQ >> 16:
367
+
case SIL_RT:
369
368
err |= __put_user(from->si_uid, &to->si_uid);
370
369
err |= __put_user(from->si_pid, &to->si_pid);
371
370
val = (compat_int_t)from->si_int;
372
371
err |= __put_user(val, &to->si_int);
373
372
break;
374
-
case __SI_SYS >> 16:
373
+
case SIL_SYS:
375
374
err |= __put_user(ptr_to_compat(from->si_call_addr), &to->si_call_addr);
376
375
err |= __put_user(from->si_syscall, &to->si_syscall);
377
376
err |= __put_user(from->si_arch, &to->si_arch);
+9
-11
arch/powerpc/kernel/signal_32.c
+9
-11
arch/powerpc/kernel/signal_32.c
···
913
913
*/
914
914
err = __put_user(s->si_signo, &d->si_signo);
915
915
err |= __put_user(s->si_errno, &d->si_errno);
916
-
err |= __put_user((short)s->si_code, &d->si_code);
916
+
err |= __put_user(s->si_code, &d->si_code);
917
917
if (s->si_code < 0)
918
918
err |= __copy_to_user(&d->_sifields._pad, &s->_sifields._pad,
919
919
SI_PAD_SIZE32);
920
-
else switch(s->si_code >> 16) {
921
-
case __SI_CHLD >> 16:
920
+
else switch(siginfo_layout(s->si_signo, s->si_code)) {
921
+
case SIL_CHLD:
922
922
err |= __put_user(s->si_pid, &d->si_pid);
923
923
err |= __put_user(s->si_uid, &d->si_uid);
924
924
err |= __put_user(s->si_utime, &d->si_utime);
925
925
err |= __put_user(s->si_stime, &d->si_stime);
926
926
err |= __put_user(s->si_status, &d->si_status);
927
927
break;
928
-
case __SI_FAULT >> 16:
928
+
case SIL_FAULT:
929
929
err |= __put_user((unsigned int)(unsigned long)s->si_addr,
930
930
&d->si_addr);
931
931
break;
932
-
case __SI_POLL >> 16:
932
+
case SIL_POLL:
933
933
err |= __put_user(s->si_band, &d->si_band);
934
934
err |= __put_user(s->si_fd, &d->si_fd);
935
935
break;
936
-
case __SI_TIMER >> 16:
936
+
case SIL_TIMER:
937
937
err |= __put_user(s->si_tid, &d->si_tid);
938
938
err |= __put_user(s->si_overrun, &d->si_overrun);
939
939
err |= __put_user(s->si_int, &d->si_int);
940
940
break;
941
-
case __SI_SYS >> 16:
941
+
case SIL_SYS:
942
942
err |= __put_user(ptr_to_compat(s->si_call_addr), &d->si_call_addr);
943
943
err |= __put_user(s->si_syscall, &d->si_syscall);
944
944
err |= __put_user(s->si_arch, &d->si_arch);
945
945
break;
946
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
947
-
case __SI_MESGQ >> 16:
946
+
case SIL_RT:
948
947
err |= __put_user(s->si_int, &d->si_int);
949
948
/* fallthrough */
950
-
case __SI_KILL >> 16:
951
-
default:
949
+
case SIL_KILL:
952
950
err |= __put_user(s->si_pid, &d->si_pid);
953
951
err |= __put_user(s->si_uid, &d->si_uid);
954
952
break;
+15
-17
arch/s390/kernel/compat_signal.c
+15
-17
arch/s390/kernel/compat_signal.c
···
75
75
at the same time. */
76
76
err = __put_user(from->si_signo, &to->si_signo);
77
77
err |= __put_user(from->si_errno, &to->si_errno);
78
-
err |= __put_user((short)from->si_code, &to->si_code);
78
+
err |= __put_user(from->si_code, &to->si_code);
79
79
if (from->si_code < 0)
80
80
err |= __copy_to_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
81
81
else {
82
-
switch (from->si_code >> 16) {
83
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
84
-
case __SI_MESGQ >> 16:
82
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
83
+
case SIL_RT:
85
84
err |= __put_user(from->si_int, &to->si_int);
86
85
/* fallthrough */
87
-
case __SI_KILL >> 16:
86
+
case SIL_KILL:
88
87
err |= __put_user(from->si_pid, &to->si_pid);
89
88
err |= __put_user(from->si_uid, &to->si_uid);
90
89
break;
91
-
case __SI_CHLD >> 16:
90
+
case SIL_CHLD:
92
91
err |= __put_user(from->si_pid, &to->si_pid);
93
92
err |= __put_user(from->si_uid, &to->si_uid);
94
93
err |= __put_user(from->si_utime, &to->si_utime);
95
94
err |= __put_user(from->si_stime, &to->si_stime);
96
95
err |= __put_user(from->si_status, &to->si_status);
97
96
break;
98
-
case __SI_FAULT >> 16:
97
+
case SIL_FAULT:
99
98
err |= __put_user((unsigned long) from->si_addr,
100
99
&to->si_addr);
101
100
break;
102
-
case __SI_POLL >> 16:
101
+
case SIL_POLL:
103
102
err |= __put_user(from->si_band, &to->si_band);
104
103
err |= __put_user(from->si_fd, &to->si_fd);
105
104
break;
106
-
case __SI_TIMER >> 16:
105
+
case SIL_TIMER:
107
106
err |= __put_user(from->si_tid, &to->si_tid);
108
107
err |= __put_user(from->si_overrun, &to->si_overrun);
109
108
err |= __put_user(from->si_int, &to->si_int);
···
126
127
if (to->si_code < 0)
127
128
err |= __copy_from_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
128
129
else {
129
-
switch (to->si_code >> 16) {
130
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
131
-
case __SI_MESGQ >> 16:
130
+
switch (siginfo_layout(to->si_signo, to->si_code)) {
131
+
case SIL_RT:
132
132
err |= __get_user(to->si_int, &from->si_int);
133
133
/* fallthrough */
134
-
case __SI_KILL >> 16:
134
+
case SIL_KILL:
135
135
err |= __get_user(to->si_pid, &from->si_pid);
136
136
err |= __get_user(to->si_uid, &from->si_uid);
137
137
break;
138
-
case __SI_CHLD >> 16:
138
+
case SIL_CHLD:
139
139
err |= __get_user(to->si_pid, &from->si_pid);
140
140
err |= __get_user(to->si_uid, &from->si_uid);
141
141
err |= __get_user(to->si_utime, &from->si_utime);
142
142
err |= __get_user(to->si_stime, &from->si_stime);
143
143
err |= __get_user(to->si_status, &from->si_status);
144
144
break;
145
-
case __SI_FAULT >> 16:
145
+
case SIL_FAULT:
146
146
err |= __get_user(tmp, &from->si_addr);
147
147
to->si_addr = (void __force __user *)
148
148
(u64) (tmp & PSW32_ADDR_INSN);
149
149
break;
150
-
case __SI_POLL >> 16:
150
+
case SIL_POLL:
151
151
err |= __get_user(to->si_band, &from->si_band);
152
152
err |= __get_user(to->si_fd, &from->si_fd);
153
153
break;
154
-
case __SI_TIMER >> 16:
154
+
case SIL_TIMER:
155
155
err |= __get_user(to->si_tid, &from->si_tid);
156
156
err |= __get_user(to->si_overrun, &from->si_overrun);
157
157
err |= __get_user(to->si_int, &from->si_int);
+8
-1
arch/sparc/include/uapi/asm/siginfo.h
+8
-1
arch/sparc/include/uapi/asm/siginfo.h
···
17
17
#define SI_NOINFO 32767 /* no information in siginfo_t */
18
18
19
19
/*
20
+
* SIGFPE si_codes
21
+
*/
22
+
#ifdef __KERNEL__
23
+
#define FPE_FIXME 0 /* Broken dup of SI_USER */
24
+
#endif /* __KERNEL__ */
25
+
26
+
/*
20
27
* SIGEMT si_codes
21
28
*/
22
-
#define EMT_TAGOVF (__SI_FAULT|1) /* tag overflow */
29
+
#define EMT_TAGOVF 1 /* tag overflow */
23
30
#define NSIGEMT 1
24
31
25
32
#endif /* _UAPI__SPARC_SIGINFO_H */
+8
-8
arch/sparc/kernel/signal32.c
+8
-8
arch/sparc/kernel/signal32.c
···
85
85
at the same time. */
86
86
err = __put_user(from->si_signo, &to->si_signo);
87
87
err |= __put_user(from->si_errno, &to->si_errno);
88
-
err |= __put_user((short)from->si_code, &to->si_code);
88
+
err |= __put_user(from->si_code, &to->si_code);
89
89
if (from->si_code < 0)
90
90
err |= __copy_to_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
91
91
else {
92
-
switch (from->si_code >> 16) {
93
-
case __SI_TIMER >> 16:
92
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
93
+
case SIL_TIMER:
94
94
err |= __put_user(from->si_tid, &to->si_tid);
95
95
err |= __put_user(from->si_overrun, &to->si_overrun);
96
96
err |= __put_user(from->si_int, &to->si_int);
97
97
break;
98
-
case __SI_CHLD >> 16:
98
+
case SIL_CHLD:
99
99
err |= __put_user(from->si_utime, &to->si_utime);
100
100
err |= __put_user(from->si_stime, &to->si_stime);
101
101
err |= __put_user(from->si_status, &to->si_status);
102
102
default:
103
+
case SIL_KILL:
103
104
err |= __put_user(from->si_pid, &to->si_pid);
104
105
err |= __put_user(from->si_uid, &to->si_uid);
105
106
break;
106
-
case __SI_FAULT >> 16:
107
+
case SIL_FAULT:
107
108
err |= __put_user(from->si_trapno, &to->si_trapno);
108
109
err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
109
110
break;
110
-
case __SI_POLL >> 16:
111
+
case SIL_POLL:
111
112
err |= __put_user(from->si_band, &to->si_band);
112
113
err |= __put_user(from->si_fd, &to->si_fd);
113
114
break;
114
-
case __SI_RT >> 16: /* This is not generated by the kernel as of now. */
115
-
case __SI_MESGQ >> 16:
115
+
case SIL_RT:
116
116
err |= __put_user(from->si_pid, &to->si_pid);
117
117
err |= __put_user(from->si_uid, &to->si_uid);
118
118
err |= __put_user(from->si_int, &to->si_int);
+1
-1
arch/sparc/kernel/traps_32.c
+1
-1
arch/sparc/kernel/traps_32.c
+1
-1
arch/sparc/kernel/traps_64.c
+1
-1
arch/sparc/kernel/traps_64.c
+2
-2
arch/tile/include/uapi/asm/siginfo.h
+2
-2
arch/tile/include/uapi/asm/siginfo.h
···
26
26
/*
27
27
* Additional Tile-specific SIGILL si_codes
28
28
*/
29
-
#define ILL_DBLFLT (__SI_FAULT|9) /* double fault */
30
-
#define ILL_HARDWALL (__SI_FAULT|10) /* user networks hardwall violation */
29
+
#define ILL_DBLFLT 9 /* double fault */
30
+
#define ILL_HARDWALL 10 /* user networks hardwall violation */
31
31
#undef NSIGILL
32
32
#define NSIGILL 10
33
33
+8
-10
arch/tile/kernel/compat_signal.c
+8
-10
arch/tile/kernel/compat_signal.c
···
64
64
3 ints plus the relevant union member. */
65
65
err = __put_user(from->si_signo, &to->si_signo);
66
66
err |= __put_user(from->si_errno, &to->si_errno);
67
-
err |= __put_user((short)from->si_code, &to->si_code);
67
+
err |= __put_user(from->si_code, &to->si_code);
68
68
69
69
if (from->si_code < 0) {
70
70
err |= __put_user(from->si_pid, &to->si_pid);
···
77
77
*/
78
78
err |= __put_user(from->_sifields._pad[0],
79
79
&to->_sifields._pad[0]);
80
-
switch (from->si_code >> 16) {
81
-
case __SI_FAULT >> 16:
80
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
81
+
case SIL_FAULT:
82
82
break;
83
-
case __SI_CHLD >> 16:
83
+
case SIL_CHLD:
84
84
err |= __put_user(from->si_utime, &to->si_utime);
85
85
err |= __put_user(from->si_stime, &to->si_stime);
86
86
err |= __put_user(from->si_status, &to->si_status);
87
87
/* FALL THROUGH */
88
88
default:
89
-
case __SI_KILL >> 16:
89
+
case SIL_KILL:
90
90
err |= __put_user(from->si_uid, &to->si_uid);
91
91
break;
92
-
case __SI_POLL >> 16:
92
+
case SIL_POLL:
93
93
err |= __put_user(from->si_fd, &to->si_fd);
94
94
break;
95
-
case __SI_TIMER >> 16:
95
+
case SIL_TIMER:
96
96
err |= __put_user(from->si_overrun, &to->si_overrun);
97
97
err |= __put_user(from->si_int, &to->si_int);
98
98
break;
99
-
/* This is not generated by the kernel as of now. */
100
-
case __SI_RT >> 16:
101
-
case __SI_MESGQ >> 16:
99
+
case SIL_RT:
102
100
err |= __put_user(from->si_uid, &to->si_uid);
103
101
err |= __put_user(from->si_int, &to->si_int);
104
102
break;
+1
-1
arch/tile/kernel/traps.c
+1
-1
arch/tile/kernel/traps.c
+9
-12
arch/x86/kernel/signal_compat.c
+9
-12
arch/x86/kernel/signal_compat.c
···
129
129
3 ints plus the relevant union member. */
130
130
put_user_ex(from->si_signo, &to->si_signo);
131
131
put_user_ex(from->si_errno, &to->si_errno);
132
-
put_user_ex((short)from->si_code, &to->si_code);
132
+
put_user_ex(from->si_code, &to->si_code);
133
133
134
134
if (from->si_code < 0) {
135
135
put_user_ex(from->si_pid, &to->si_pid);
···
142
142
*/
143
143
put_user_ex(from->_sifields._pad[0],
144
144
&to->_sifields._pad[0]);
145
-
switch (from->si_code >> 16) {
146
-
case __SI_FAULT >> 16:
145
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
146
+
case SIL_FAULT:
147
147
if (from->si_signo == SIGBUS &&
148
148
(from->si_code == BUS_MCEERR_AR ||
149
149
from->si_code == BUS_MCEERR_AO))
···
160
160
put_user_ex(from->si_pkey, &to->si_pkey);
161
161
}
162
162
break;
163
-
case __SI_SYS >> 16:
163
+
case SIL_SYS:
164
164
put_user_ex(from->si_syscall, &to->si_syscall);
165
165
put_user_ex(from->si_arch, &to->si_arch);
166
166
break;
167
-
case __SI_CHLD >> 16:
167
+
case SIL_CHLD:
168
168
if (!x32_ABI) {
169
169
put_user_ex(from->si_utime, &to->si_utime);
170
170
put_user_ex(from->si_stime, &to->si_stime);
···
174
174
}
175
175
put_user_ex(from->si_status, &to->si_status);
176
176
/* FALL THROUGH */
177
-
default:
178
-
case __SI_KILL >> 16:
177
+
case SIL_KILL:
179
178
put_user_ex(from->si_uid, &to->si_uid);
180
179
break;
181
-
case __SI_POLL >> 16:
180
+
case SIL_POLL:
182
181
put_user_ex(from->si_fd, &to->si_fd);
183
182
break;
184
-
case __SI_TIMER >> 16:
183
+
case SIL_TIMER:
185
184
put_user_ex(from->si_overrun, &to->si_overrun);
186
185
put_user_ex(ptr_to_compat(from->si_ptr),
187
186
&to->si_ptr);
188
187
break;
189
-
/* This is not generated by the kernel as of now. */
190
-
case __SI_RT >> 16:
191
-
case __SI_MESGQ >> 16:
188
+
case SIL_RT:
192
189
put_user_ex(from->si_uid, &to->si_uid);
193
190
put_user_ex(from->si_int, &to->si_int);
194
191
break;
+12
-1
fs/fcntl.c
+12
-1
fs/fcntl.c
···
741
741
si.si_signo = signum;
742
742
si.si_errno = 0;
743
743
si.si_code = reason;
744
+
/*
745
+
* Posix definies POLL_IN and friends to be signal
746
+
* specific si_codes for SIG_POLL. Linux extended
747
+
* these si_codes to other signals in a way that is
748
+
* ambiguous if other signals also have signal
749
+
* specific si_codes. In that case use SI_SIGIO instead
750
+
* to remove the ambiguity.
751
+
*/
752
+
if (sig_specific_sicodes(signum))
753
+
si.si_code = SI_SIGIO;
754
+
744
755
/* Make sure we are called with one of the POLL_*
745
756
reasons, otherwise we could leak kernel stack into
746
757
userspace. */
747
-
BUG_ON((reason & __SI_MASK) != __SI_POLL);
758
+
BUG_ON((reason < POLL_IN) || ((reason - POLL_IN) >= NSIGPOLL));
748
759
if (reason - POLL_IN >= NSIGPOLL)
749
760
si.si_band = ~0L;
750
761
else
+8
-14
fs/signalfd.c
+8
-14
fs/signalfd.c
···
95
95
*/
96
96
err |= __put_user(kinfo->si_signo, &uinfo->ssi_signo);
97
97
err |= __put_user(kinfo->si_errno, &uinfo->ssi_errno);
98
-
err |= __put_user((short) kinfo->si_code, &uinfo->ssi_code);
99
-
switch (kinfo->si_code & __SI_MASK) {
100
-
case __SI_KILL:
98
+
err |= __put_user(kinfo->si_code, &uinfo->ssi_code);
99
+
switch (siginfo_layout(kinfo->si_signo, kinfo->si_code)) {
100
+
case SIL_KILL:
101
101
err |= __put_user(kinfo->si_pid, &uinfo->ssi_pid);
102
102
err |= __put_user(kinfo->si_uid, &uinfo->ssi_uid);
103
103
break;
104
-
case __SI_TIMER:
104
+
case SIL_TIMER:
105
105
err |= __put_user(kinfo->si_tid, &uinfo->ssi_tid);
106
106
err |= __put_user(kinfo->si_overrun, &uinfo->ssi_overrun);
107
107
err |= __put_user((long) kinfo->si_ptr, &uinfo->ssi_ptr);
108
108
err |= __put_user(kinfo->si_int, &uinfo->ssi_int);
109
109
break;
110
-
case __SI_POLL:
110
+
case SIL_POLL:
111
111
err |= __put_user(kinfo->si_band, &uinfo->ssi_band);
112
112
err |= __put_user(kinfo->si_fd, &uinfo->ssi_fd);
113
113
break;
114
-
case __SI_FAULT:
114
+
case SIL_FAULT:
115
115
err |= __put_user((long) kinfo->si_addr, &uinfo->ssi_addr);
116
116
#ifdef __ARCH_SI_TRAPNO
117
117
err |= __put_user(kinfo->si_trapno, &uinfo->ssi_trapno);
···
128
128
&uinfo->ssi_addr_lsb);
129
129
#endif
130
130
break;
131
-
case __SI_CHLD:
131
+
case SIL_CHLD:
132
132
err |= __put_user(kinfo->si_pid, &uinfo->ssi_pid);
133
133
err |= __put_user(kinfo->si_uid, &uinfo->ssi_uid);
134
134
err |= __put_user(kinfo->si_status, &uinfo->ssi_status);
135
135
err |= __put_user(kinfo->si_utime, &uinfo->ssi_utime);
136
136
err |= __put_user(kinfo->si_stime, &uinfo->ssi_stime);
137
137
break;
138
-
case __SI_RT: /* This is not generated by the kernel as of now. */
139
-
case __SI_MESGQ: /* But this is */
140
-
err |= __put_user(kinfo->si_pid, &uinfo->ssi_pid);
141
-
err |= __put_user(kinfo->si_uid, &uinfo->ssi_uid);
142
-
err |= __put_user((long) kinfo->si_ptr, &uinfo->ssi_ptr);
143
-
err |= __put_user(kinfo->si_int, &uinfo->ssi_int);
144
-
break;
138
+
case SIL_RT:
145
139
default:
146
140
/*
147
141
* This case catches also the signals queued by sigqueue().
+6
fs/xattr.c
+6
fs/xattr.c
···
441
441
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
442
442
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
443
443
posix_acl_fix_xattr_from_user(kvalue, size);
444
+
else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
445
+
error = cap_convert_nscap(d, &kvalue, size);
446
+
if (error < 0)
447
+
goto out;
448
+
size = error;
449
+
}
444
450
}
445
451
446
452
error = vfs_setxattr(d, kname, kvalue, size, flags);
+2
include/linux/capability.h
+2
include/linux/capability.h
···
248
248
/* audit system wants to get cap info from files as well */
249
249
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
250
250
251
+
extern int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size);
252
+
251
253
#endif /* !_LINUX_CAPABILITY_H */
+2
include/linux/security.h
+2
include/linux/security.h
···
90
90
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
91
91
extern int cap_inode_need_killpriv(struct dentry *dentry);
92
92
extern int cap_inode_killpriv(struct dentry *dentry);
93
+
extern int cap_inode_getsecurity(struct inode *inode, const char *name,
94
+
void **buffer, bool alloc);
93
95
extern int cap_mmap_addr(unsigned long addr);
94
96
extern int cap_mmap_file(struct file *file, unsigned long reqprot,
95
97
unsigned long prot, unsigned long flags);
+22
include/linux/signal.h
+22
include/linux/signal.h
···
21
21
22
22
int copy_siginfo_to_user(struct siginfo __user *to, const struct siginfo *from);
23
23
24
+
enum siginfo_layout {
25
+
SIL_KILL,
26
+
SIL_TIMER,
27
+
SIL_POLL,
28
+
SIL_FAULT,
29
+
SIL_CHLD,
30
+
SIL_RT,
31
+
#ifdef __ARCH_SIGSYS
32
+
SIL_SYS,
33
+
#endif
34
+
};
35
+
36
+
enum siginfo_layout siginfo_layout(int sig, int si_code);
37
+
24
38
/*
25
39
* Define some primitives to manipulate sigset_t.
26
40
*/
···
394
380
rt_sigmask(SIGCONT) | rt_sigmask(SIGCHLD) | \
395
381
rt_sigmask(SIGWINCH) | rt_sigmask(SIGURG) )
396
382
383
+
#define SIG_SPECIFIC_SICODES_MASK (\
384
+
rt_sigmask(SIGILL) | rt_sigmask(SIGFPE) | \
385
+
rt_sigmask(SIGSEGV) | rt_sigmask(SIGBUS) | \
386
+
rt_sigmask(SIGTRAP) | rt_sigmask(SIGCHLD) | \
387
+
rt_sigmask(SIGPOLL) | rt_sigmask(SIGSYS) | \
388
+
SIGEMT_MASK )
389
+
397
390
#define sig_kernel_only(sig) siginmask(sig, SIG_KERNEL_ONLY_MASK)
398
391
#define sig_kernel_coredump(sig) siginmask(sig, SIG_KERNEL_COREDUMP_MASK)
399
392
#define sig_kernel_ignore(sig) siginmask(sig, SIG_KERNEL_IGNORE_MASK)
400
393
#define sig_kernel_stop(sig) siginmask(sig, SIG_KERNEL_STOP_MASK)
394
+
#define sig_specific_sicodes(sig) siginmask(sig, SIG_SPECIFIC_SICODES_MASK)
401
395
402
396
#define sig_fatal(t, signr) \
403
397
(!siginmask(signr, SIG_KERNEL_IGNORE_MASK|SIG_KERNEL_STOP_MASK) && \
+8
-1
include/linux/user_namespace.h
+8
-1
include/linux/user_namespace.h
···
112
112
extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
113
113
extern int proc_setgroups_show(struct seq_file *m, void *v);
114
114
extern bool userns_may_setgroups(const struct user_namespace *ns);
115
+
extern bool in_userns(const struct user_namespace *ancestor,
116
+
const struct user_namespace *child);
115
117
extern bool current_in_userns(const struct user_namespace *target_ns);
116
-
117
118
struct ns_common *ns_get_owner(struct ns_common *ns);
118
119
#else
119
120
···
141
140
}
142
141
143
142
static inline bool userns_may_setgroups(const struct user_namespace *ns)
143
+
{
144
+
return true;
145
+
}
146
+
147
+
static inline bool in_userns(const struct user_namespace *ancestor,
148
+
const struct user_namespace *child)
144
149
{
145
150
return true;
146
151
}
+46
-69
include/uapi/asm-generic/siginfo.h
+46
-69
include/uapi/asm-generic/siginfo.h
···
151
151
#define si_arch _sifields._sigsys._arch
152
152
#endif
153
153
154
-
#ifdef __KERNEL__
155
-
#define __SI_MASK 0xffff0000u
156
-
#define __SI_KILL (0 << 16)
157
-
#define __SI_TIMER (1 << 16)
158
-
#define __SI_POLL (2 << 16)
159
-
#define __SI_FAULT (3 << 16)
160
-
#define __SI_CHLD (4 << 16)
161
-
#define __SI_RT (5 << 16)
162
-
#define __SI_MESGQ (6 << 16)
163
-
#define __SI_SYS (7 << 16)
164
-
#define __SI_CODE(T,N) ((T) | ((N) & 0xffff))
165
-
#else /* __KERNEL__ */
166
-
#define __SI_KILL 0
167
-
#define __SI_TIMER 0
168
-
#define __SI_POLL 0
169
-
#define __SI_FAULT 0
170
-
#define __SI_CHLD 0
171
-
#define __SI_RT 0
172
-
#define __SI_MESGQ 0
173
-
#define __SI_SYS 0
174
-
#define __SI_CODE(T,N) (N)
175
-
#endif /* __KERNEL__ */
176
-
177
154
/*
178
155
* si_code values
179
156
* Digital reserves positive values for kernel-generated signals.
···
158
181
#define SI_USER 0 /* sent by kill, sigsend, raise */
159
182
#define SI_KERNEL 0x80 /* sent by the kernel from somewhere */
160
183
#define SI_QUEUE -1 /* sent by sigqueue */
161
-
#define SI_TIMER __SI_CODE(__SI_TIMER,-2) /* sent by timer expiration */
162
-
#define SI_MESGQ __SI_CODE(__SI_MESGQ,-3) /* sent by real time mesq state change */
184
+
#define SI_TIMER -2 /* sent by timer expiration */
185
+
#define SI_MESGQ -3 /* sent by real time mesq state change */
163
186
#define SI_ASYNCIO -4 /* sent by AIO completion */
164
187
#define SI_SIGIO -5 /* sent by queued SIGIO */
165
188
#define SI_TKILL -6 /* sent by tkill system call */
···
171
194
/*
172
195
* SIGILL si_codes
173
196
*/
174
-
#define ILL_ILLOPC (__SI_FAULT|1) /* illegal opcode */
175
-
#define ILL_ILLOPN (__SI_FAULT|2) /* illegal operand */
176
-
#define ILL_ILLADR (__SI_FAULT|3) /* illegal addressing mode */
177
-
#define ILL_ILLTRP (__SI_FAULT|4) /* illegal trap */
178
-
#define ILL_PRVOPC (__SI_FAULT|5) /* privileged opcode */
179
-
#define ILL_PRVREG (__SI_FAULT|6) /* privileged register */
180
-
#define ILL_COPROC (__SI_FAULT|7) /* coprocessor error */
181
-
#define ILL_BADSTK (__SI_FAULT|8) /* internal stack error */
197
+
#define ILL_ILLOPC 1 /* illegal opcode */
198
+
#define ILL_ILLOPN 2 /* illegal operand */
199
+
#define ILL_ILLADR 3 /* illegal addressing mode */
200
+
#define ILL_ILLTRP 4 /* illegal trap */
201
+
#define ILL_PRVOPC 5 /* privileged opcode */
202
+
#define ILL_PRVREG 6 /* privileged register */
203
+
#define ILL_COPROC 7 /* coprocessor error */
204
+
#define ILL_BADSTK 8 /* internal stack error */
182
205
#define NSIGILL 8
183
206
184
207
/*
185
208
* SIGFPE si_codes
186
209
*/
187
-
#define FPE_INTDIV (__SI_FAULT|1) /* integer divide by zero */
188
-
#define FPE_INTOVF (__SI_FAULT|2) /* integer overflow */
189
-
#define FPE_FLTDIV (__SI_FAULT|3) /* floating point divide by zero */
190
-
#define FPE_FLTOVF (__SI_FAULT|4) /* floating point overflow */
191
-
#define FPE_FLTUND (__SI_FAULT|5) /* floating point underflow */
192
-
#define FPE_FLTRES (__SI_FAULT|6) /* floating point inexact result */
193
-
#define FPE_FLTINV (__SI_FAULT|7) /* floating point invalid operation */
194
-
#define FPE_FLTSUB (__SI_FAULT|8) /* subscript out of range */
210
+
#define FPE_INTDIV 1 /* integer divide by zero */
211
+
#define FPE_INTOVF 2 /* integer overflow */
212
+
#define FPE_FLTDIV 3 /* floating point divide by zero */
213
+
#define FPE_FLTOVF 4 /* floating point overflow */
214
+
#define FPE_FLTUND 5 /* floating point underflow */
215
+
#define FPE_FLTRES 6 /* floating point inexact result */
216
+
#define FPE_FLTINV 7 /* floating point invalid operation */
217
+
#define FPE_FLTSUB 8 /* subscript out of range */
195
218
#define NSIGFPE 8
196
219
197
220
/*
198
221
* SIGSEGV si_codes
199
222
*/
200
-
#define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */
201
-
#define SEGV_ACCERR (__SI_FAULT|2) /* invalid permissions for mapped object */
202
-
#define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */
203
-
#define SEGV_PKUERR (__SI_FAULT|4) /* failed protection key checks */
223
+
#define SEGV_MAPERR 1 /* address not mapped to object */
224
+
#define SEGV_ACCERR 2 /* invalid permissions for mapped object */
225
+
#define SEGV_BNDERR 3 /* failed address bound checks */
226
+
#define SEGV_PKUERR 4 /* failed protection key checks */
204
227
#define NSIGSEGV 4
205
228
206
229
/*
207
230
* SIGBUS si_codes
208
231
*/
209
-
#define BUS_ADRALN (__SI_FAULT|1) /* invalid address alignment */
210
-
#define BUS_ADRERR (__SI_FAULT|2) /* non-existent physical address */
211
-
#define BUS_OBJERR (__SI_FAULT|3) /* object specific hardware error */
232
+
#define BUS_ADRALN 1 /* invalid address alignment */
233
+
#define BUS_ADRERR 2 /* non-existent physical address */
234
+
#define BUS_OBJERR 3 /* object specific hardware error */
212
235
/* hardware memory error consumed on a machine check: action required */
213
-
#define BUS_MCEERR_AR (__SI_FAULT|4)
236
+
#define BUS_MCEERR_AR 4
214
237
/* hardware memory error detected in process but not consumed: action optional*/
215
-
#define BUS_MCEERR_AO (__SI_FAULT|5)
238
+
#define BUS_MCEERR_AO 5
216
239
#define NSIGBUS 5
217
240
218
241
/*
219
242
* SIGTRAP si_codes
220
243
*/
221
-
#define TRAP_BRKPT (__SI_FAULT|1) /* process breakpoint */
222
-
#define TRAP_TRACE (__SI_FAULT|2) /* process trace trap */
223
-
#define TRAP_BRANCH (__SI_FAULT|3) /* process taken branch trap */
224
-
#define TRAP_HWBKPT (__SI_FAULT|4) /* hardware breakpoint/watchpoint */
244
+
#define TRAP_BRKPT 1 /* process breakpoint */
245
+
#define TRAP_TRACE 2 /* process trace trap */
246
+
#define TRAP_BRANCH 3 /* process taken branch trap */
247
+
#define TRAP_HWBKPT 4 /* hardware breakpoint/watchpoint */
225
248
#define NSIGTRAP 4
226
249
227
250
/*
228
251
* SIGCHLD si_codes
229
252
*/
230
-
#define CLD_EXITED (__SI_CHLD|1) /* child has exited */
231
-
#define CLD_KILLED (__SI_CHLD|2) /* child was killed */
232
-
#define CLD_DUMPED (__SI_CHLD|3) /* child terminated abnormally */
233
-
#define CLD_TRAPPED (__SI_CHLD|4) /* traced child has trapped */
234
-
#define CLD_STOPPED (__SI_CHLD|5) /* child has stopped */
235
-
#define CLD_CONTINUED (__SI_CHLD|6) /* stopped child has continued */
253
+
#define CLD_EXITED 1 /* child has exited */
254
+
#define CLD_KILLED 2 /* child was killed */
255
+
#define CLD_DUMPED 3 /* child terminated abnormally */
256
+
#define CLD_TRAPPED 4 /* traced child has trapped */
257
+
#define CLD_STOPPED 5 /* child has stopped */
258
+
#define CLD_CONTINUED 6 /* stopped child has continued */
236
259
#define NSIGCHLD 6
237
260
238
261
/*
239
-
* SIGPOLL si_codes
262
+
* SIGPOLL (or any other signal without signal specific si_codes) si_codes
240
263
*/
241
-
#define POLL_IN (__SI_POLL|1) /* data input available */
242
-
#define POLL_OUT (__SI_POLL|2) /* output buffers available */
243
-
#define POLL_MSG (__SI_POLL|3) /* input message available */
244
-
#define POLL_ERR (__SI_POLL|4) /* i/o error */
245
-
#define POLL_PRI (__SI_POLL|5) /* high priority input available */
246
-
#define POLL_HUP (__SI_POLL|6) /* device disconnected */
264
+
#define POLL_IN 1 /* data input available */
265
+
#define POLL_OUT 2 /* output buffers available */
266
+
#define POLL_MSG 3 /* input message available */
267
+
#define POLL_ERR 4 /* i/o error */
268
+
#define POLL_PRI 5 /* high priority input available */
269
+
#define POLL_HUP 6 /* device disconnected */
247
270
#define NSIGPOLL 6
248
271
249
272
/*
250
273
* SIGSYS si_codes
251
274
*/
252
-
#define SYS_SECCOMP (__SI_SYS|1) /* seccomp triggered */
253
-
#define NSIGSYS 1
275
+
#define SYS_SECCOMP 1 /* seccomp triggered */
276
+
#define NSIGSYS 1
254
277
255
278
/*
256
279
* sigevent definitions
+19
-3
include/uapi/linux/capability.h
+19
-3
include/uapi/linux/capability.h
···
60
60
#define VFS_CAP_U32_2 2
61
61
#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
62
62
63
-
#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2
64
-
#define VFS_CAP_U32 VFS_CAP_U32_2
65
-
#define VFS_CAP_REVISION VFS_CAP_REVISION_2
63
+
#define VFS_CAP_REVISION_3 0x03000000
64
+
#define VFS_CAP_U32_3 2
65
+
#define XATTR_CAPS_SZ_3 (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3))
66
+
67
+
#define XATTR_CAPS_SZ XATTR_CAPS_SZ_3
68
+
#define VFS_CAP_U32 VFS_CAP_U32_3
69
+
#define VFS_CAP_REVISION VFS_CAP_REVISION_3
66
70
67
71
struct vfs_cap_data {
68
72
__le32 magic_etc; /* Little endian */
···
74
70
__le32 permitted; /* Little endian */
75
71
__le32 inheritable; /* Little endian */
76
72
} data[VFS_CAP_U32];
73
+
};
74
+
75
+
/*
76
+
* same as vfs_cap_data but with a rootid at the end
77
+
*/
78
+
struct vfs_ns_cap_data {
79
+
__le32 magic_etc;
80
+
struct {
81
+
__le32 permitted; /* Little endian */
82
+
__le32 inheritable; /* Little endian */
83
+
} data[VFS_CAP_U32];
84
+
__le32 rootid;
77
85
};
78
86
79
87
#ifndef __KERNEL__
+2
-2
kernel/exit.c
+2
-2
kernel/exit.c
···
1615
1615
user_access_begin();
1616
1616
unsafe_put_user(signo, &infop->si_signo, Efault);
1617
1617
unsafe_put_user(0, &infop->si_errno, Efault);
1618
-
unsafe_put_user((short)info.cause, &infop->si_code, Efault);
1618
+
unsafe_put_user(info.cause, &infop->si_code, Efault);
1619
1619
unsafe_put_user(info.pid, &infop->si_pid, Efault);
1620
1620
unsafe_put_user(info.uid, &infop->si_uid, Efault);
1621
1621
unsafe_put_user(info.status, &infop->si_status, Efault);
···
1741
1741
user_access_begin();
1742
1742
unsafe_put_user(signo, &infop->si_signo, Efault);
1743
1743
unsafe_put_user(0, &infop->si_errno, Efault);
1744
-
unsafe_put_user((short)info.cause, &infop->si_code, Efault);
1744
+
unsafe_put_user(info.cause, &infop->si_code, Efault);
1745
1745
unsafe_put_user(info.pid, &infop->si_pid, Efault);
1746
1746
unsafe_put_user(info.uid, &infop->si_uid, Efault);
1747
1747
unsafe_put_user(info.status, &infop->si_status, Efault);
+4
kernel/pid_namespace.c
+4
kernel/pid_namespace.c
+2
-4
kernel/ptrace.c
+2
-4
kernel/ptrace.c
···
728
728
if (unlikely(in_compat_syscall())) {
729
729
compat_siginfo_t __user *uinfo = compat_ptr(data);
730
730
731
-
if (copy_siginfo_to_user32(uinfo, &info) ||
732
-
__put_user(info.si_code, &uinfo->si_code)) {
731
+
if (copy_siginfo_to_user32(uinfo, &info)) {
733
732
ret = -EFAULT;
734
733
break;
735
734
}
···
738
739
{
739
740
siginfo_t __user *uinfo = (siginfo_t __user *) data;
740
741
741
-
if (copy_siginfo_to_user(uinfo, &info) ||
742
-
__put_user(info.si_code, &uinfo->si_code)) {
742
+
if (copy_siginfo_to_user(uinfo, &info)) {
743
743
ret = -EFAULT;
744
744
break;
745
745
}
+55
-17
kernel/signal.c
+55
-17
kernel/signal.c
···
2686
2686
}
2687
2687
#endif
2688
2688
2689
+
enum siginfo_layout siginfo_layout(int sig, int si_code)
2690
+
{
2691
+
enum siginfo_layout layout = SIL_KILL;
2692
+
if ((si_code > SI_USER) && (si_code < SI_KERNEL)) {
2693
+
static const struct {
2694
+
unsigned char limit, layout;
2695
+
} filter[] = {
2696
+
[SIGILL] = { NSIGILL, SIL_FAULT },
2697
+
[SIGFPE] = { NSIGFPE, SIL_FAULT },
2698
+
[SIGSEGV] = { NSIGSEGV, SIL_FAULT },
2699
+
[SIGBUS] = { NSIGBUS, SIL_FAULT },
2700
+
[SIGTRAP] = { NSIGTRAP, SIL_FAULT },
2701
+
#if defined(SIGMET) && defined(NSIGEMT)
2702
+
[SIGEMT] = { NSIGEMT, SIL_FAULT },
2703
+
#endif
2704
+
[SIGCHLD] = { NSIGCHLD, SIL_CHLD },
2705
+
[SIGPOLL] = { NSIGPOLL, SIL_POLL },
2706
+
#ifdef __ARCH_SIGSYS
2707
+
[SIGSYS] = { NSIGSYS, SIL_SYS },
2708
+
#endif
2709
+
};
2710
+
if ((sig < ARRAY_SIZE(filter)) && (si_code <= filter[sig].limit))
2711
+
layout = filter[sig].layout;
2712
+
else if (si_code <= NSIGPOLL)
2713
+
layout = SIL_POLL;
2714
+
} else {
2715
+
if (si_code == SI_TIMER)
2716
+
layout = SIL_TIMER;
2717
+
else if (si_code == SI_SIGIO)
2718
+
layout = SIL_POLL;
2719
+
else if (si_code < 0)
2720
+
layout = SIL_RT;
2721
+
/* Tests to support buggy kernel ABIs */
2722
+
#ifdef TRAP_FIXME
2723
+
if ((sig == SIGTRAP) && (si_code == TRAP_FIXME))
2724
+
layout = SIL_FAULT;
2725
+
#endif
2726
+
#ifdef FPE_FIXME
2727
+
if ((sig == SIGFPE) && (si_code == FPE_FIXME))
2728
+
layout = SIL_FAULT;
2729
+
#endif
2730
+
}
2731
+
return layout;
2732
+
}
2733
+
2689
2734
#ifndef HAVE_ARCH_COPY_SIGINFO_TO_USER
2690
2735
2691
2736
int copy_siginfo_to_user(siginfo_t __user *to, const siginfo_t *from)
···
2753
2708
*/
2754
2709
err = __put_user(from->si_signo, &to->si_signo);
2755
2710
err |= __put_user(from->si_errno, &to->si_errno);
2756
-
err |= __put_user((short)from->si_code, &to->si_code);
2757
-
switch (from->si_code & __SI_MASK) {
2758
-
case __SI_KILL:
2711
+
err |= __put_user(from->si_code, &to->si_code);
2712
+
switch (siginfo_layout(from->si_signo, from->si_code)) {
2713
+
case SIL_KILL:
2759
2714
err |= __put_user(from->si_pid, &to->si_pid);
2760
2715
err |= __put_user(from->si_uid, &to->si_uid);
2761
2716
break;
2762
-
case __SI_TIMER:
2763
-
err |= __put_user(from->si_tid, &to->si_tid);
2764
-
err |= __put_user(from->si_overrun, &to->si_overrun);
2765
-
err |= __put_user(from->si_ptr, &to->si_ptr);
2717
+
case SIL_TIMER:
2718
+
/* Unreached SI_TIMER is negative */
2766
2719
break;
2767
-
case __SI_POLL:
2720
+
case SIL_POLL:
2768
2721
err |= __put_user(from->si_band, &to->si_band);
2769
2722
err |= __put_user(from->si_fd, &to->si_fd);
2770
2723
break;
2771
-
case __SI_FAULT:
2724
+
case SIL_FAULT:
2772
2725
err |= __put_user(from->si_addr, &to->si_addr);
2773
2726
#ifdef __ARCH_SI_TRAPNO
2774
2727
err |= __put_user(from->si_trapno, &to->si_trapno);
···
2791
2748
err |= __put_user(from->si_pkey, &to->si_pkey);
2792
2749
#endif
2793
2750
break;
2794
-
case __SI_CHLD:
2751
+
case SIL_CHLD:
2795
2752
err |= __put_user(from->si_pid, &to->si_pid);
2796
2753
err |= __put_user(from->si_uid, &to->si_uid);
2797
2754
err |= __put_user(from->si_status, &to->si_status);
2798
2755
err |= __put_user(from->si_utime, &to->si_utime);
2799
2756
err |= __put_user(from->si_stime, &to->si_stime);
2800
2757
break;
2801
-
case __SI_RT: /* This is not generated by the kernel as of now. */
2802
-
case __SI_MESGQ: /* But this is */
2758
+
case SIL_RT:
2803
2759
err |= __put_user(from->si_pid, &to->si_pid);
2804
2760
err |= __put_user(from->si_uid, &to->si_uid);
2805
2761
err |= __put_user(from->si_ptr, &to->si_ptr);
2806
2762
break;
2807
2763
#ifdef __ARCH_SIGSYS
2808
-
case __SI_SYS:
2764
+
case SIL_SYS:
2809
2765
err |= __put_user(from->si_call_addr, &to->si_call_addr);
2810
2766
err |= __put_user(from->si_syscall, &to->si_syscall);
2811
2767
err |= __put_user(from->si_arch, &to->si_arch);
2812
2768
break;
2813
2769
#endif
2814
-
default: /* this is just in case for now ... */
2815
-
err |= __put_user(from->si_pid, &to->si_pid);
2816
-
err |= __put_user(from->si_uid, &to->si_uid);
2817
-
break;
2818
2770
}
2819
2771
return err;
2820
2772
}
+2
-6
kernel/sys.c
+2
-6
kernel/sys.c
···
1896
1896
1897
1897
/*
1898
1898
* Finally, make sure the caller has the rights to
1899
-
* change /proc/pid/exe link: only local root should
1899
+
* change /proc/pid/exe link: only local sys admin should
1900
1900
* be allowed to.
1901
1901
*/
1902
1902
if (prctl_map->exe_fd != (u32)-1) {
1903
-
struct user_namespace *ns = current_user_ns();
1904
-
const struct cred *cred = current_cred();
1905
-
1906
-
if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
1907
-
!gid_eq(cred->gid, make_kgid(ns, 0)))
1903
+
if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
1908
1904
goto out;
1909
1905
}
1910
1906
+12
-8
kernel/user_namespace.c
+12
-8
kernel/user_namespace.c
···
986
986
}
987
987
988
988
/*
989
-
* Returns true if @ns is the same namespace as or a descendant of
990
-
* @target_ns.
989
+
* Returns true if @child is the same namespace or a descendant of
990
+
* @ancestor.
991
991
*/
992
+
bool in_userns(const struct user_namespace *ancestor,
993
+
const struct user_namespace *child)
994
+
{
995
+
const struct user_namespace *ns;
996
+
for (ns = child; ns->level > ancestor->level; ns = ns->parent)
997
+
;
998
+
return (ns == ancestor);
999
+
}
1000
+
992
1001
bool current_in_userns(const struct user_namespace *target_ns)
993
1002
{
994
-
struct user_namespace *ns;
995
-
for (ns = current_user_ns(); ns; ns = ns->parent) {
996
-
if (ns == target_ns)
997
-
return true;
998
-
}
999
-
return false;
1003
+
return in_userns(target_ns, current_user_ns());
1000
1004
}
1001
1005
1002
1006
static inline struct user_namespace *to_user_ns(struct ns_common *ns)
+256
-21
security/commoncap.c
+256
-21
security/commoncap.c
···
82
82
if (ns == cred->user_ns)
83
83
return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
84
84
85
-
/* Have we tried all of the parent namespaces? */
86
-
if (ns == &init_user_ns)
85
+
/*
86
+
* If we're already at a lower level than we're looking for,
87
+
* we're done searching.
88
+
*/
89
+
if (ns->level <= cred->user_ns->level)
87
90
return -EPERM;
88
91
89
92
/*
···
326
323
return error;
327
324
}
328
325
326
+
static bool rootid_owns_currentns(kuid_t kroot)
327
+
{
328
+
struct user_namespace *ns;
329
+
330
+
if (!uid_valid(kroot))
331
+
return false;
332
+
333
+
for (ns = current_user_ns(); ; ns = ns->parent) {
334
+
if (from_kuid(ns, kroot) == 0)
335
+
return true;
336
+
if (ns == &init_user_ns)
337
+
break;
338
+
}
339
+
340
+
return false;
341
+
}
342
+
343
+
static __u32 sansflags(__u32 m)
344
+
{
345
+
return m & ~VFS_CAP_FLAGS_EFFECTIVE;
346
+
}
347
+
348
+
static bool is_v2header(size_t size, __le32 magic)
349
+
{
350
+
__u32 m = le32_to_cpu(magic);
351
+
if (size != XATTR_CAPS_SZ_2)
352
+
return false;
353
+
return sansflags(m) == VFS_CAP_REVISION_2;
354
+
}
355
+
356
+
static bool is_v3header(size_t size, __le32 magic)
357
+
{
358
+
__u32 m = le32_to_cpu(magic);
359
+
360
+
if (size != XATTR_CAPS_SZ_3)
361
+
return false;
362
+
return sansflags(m) == VFS_CAP_REVISION_3;
363
+
}
364
+
365
+
/*
366
+
* getsecurity: We are called for security.* before any attempt to read the
367
+
* xattr from the inode itself.
368
+
*
369
+
* This gives us a chance to read the on-disk value and convert it. If we
370
+
* return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
371
+
*
372
+
* Note we are not called by vfs_getxattr_alloc(), but that is only called
373
+
* by the integrity subsystem, which really wants the unconverted values -
374
+
* so that's good.
375
+
*/
376
+
int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
377
+
bool alloc)
378
+
{
379
+
int size, ret;
380
+
kuid_t kroot;
381
+
uid_t root, mappedroot;
382
+
char *tmpbuf = NULL;
383
+
struct vfs_cap_data *cap;
384
+
struct vfs_ns_cap_data *nscap;
385
+
struct dentry *dentry;
386
+
struct user_namespace *fs_ns;
387
+
388
+
if (strcmp(name, "capability") != 0)
389
+
return -EOPNOTSUPP;
390
+
391
+
dentry = d_find_alias(inode);
392
+
if (!dentry)
393
+
return -EINVAL;
394
+
395
+
size = sizeof(struct vfs_ns_cap_data);
396
+
ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
397
+
&tmpbuf, size, GFP_NOFS);
398
+
dput(dentry);
399
+
400
+
if (ret < 0)
401
+
return ret;
402
+
403
+
fs_ns = inode->i_sb->s_user_ns;
404
+
cap = (struct vfs_cap_data *) tmpbuf;
405
+
if (is_v2header((size_t) ret, cap->magic_etc)) {
406
+
/* If this is sizeof(vfs_cap_data) then we're ok with the
407
+
* on-disk value, so return that. */
408
+
if (alloc)
409
+
*buffer = tmpbuf;
410
+
else
411
+
kfree(tmpbuf);
412
+
return ret;
413
+
} else if (!is_v3header((size_t) ret, cap->magic_etc)) {
414
+
kfree(tmpbuf);
415
+
return -EINVAL;
416
+
}
417
+
418
+
nscap = (struct vfs_ns_cap_data *) tmpbuf;
419
+
root = le32_to_cpu(nscap->rootid);
420
+
kroot = make_kuid(fs_ns, root);
421
+
422
+
/* If the root kuid maps to a valid uid in current ns, then return
423
+
* this as a nscap. */
424
+
mappedroot = from_kuid(current_user_ns(), kroot);
425
+
if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) {
426
+
if (alloc) {
427
+
*buffer = tmpbuf;
428
+
nscap->rootid = cpu_to_le32(mappedroot);
429
+
} else
430
+
kfree(tmpbuf);
431
+
return size;
432
+
}
433
+
434
+
if (!rootid_owns_currentns(kroot)) {
435
+
kfree(tmpbuf);
436
+
return -EOPNOTSUPP;
437
+
}
438
+
439
+
/* This comes from a parent namespace. Return as a v2 capability */
440
+
size = sizeof(struct vfs_cap_data);
441
+
if (alloc) {
442
+
*buffer = kmalloc(size, GFP_ATOMIC);
443
+
if (*buffer) {
444
+
struct vfs_cap_data *cap = *buffer;
445
+
__le32 nsmagic, magic;
446
+
magic = VFS_CAP_REVISION_2;
447
+
nsmagic = le32_to_cpu(nscap->magic_etc);
448
+
if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE)
449
+
magic |= VFS_CAP_FLAGS_EFFECTIVE;
450
+
memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
451
+
cap->magic_etc = cpu_to_le32(magic);
452
+
}
453
+
}
454
+
kfree(tmpbuf);
455
+
return size;
456
+
}
457
+
458
+
static kuid_t rootid_from_xattr(const void *value, size_t size,
459
+
struct user_namespace *task_ns)
460
+
{
461
+
const struct vfs_ns_cap_data *nscap = value;
462
+
uid_t rootid = 0;
463
+
464
+
if (size == XATTR_CAPS_SZ_3)
465
+
rootid = le32_to_cpu(nscap->rootid);
466
+
467
+
return make_kuid(task_ns, rootid);
468
+
}
469
+
470
+
static bool validheader(size_t size, __le32 magic)
471
+
{
472
+
return is_v2header(size, magic) || is_v3header(size, magic);
473
+
}
474
+
475
+
/*
476
+
* User requested a write of security.capability. If needed, update the
477
+
* xattr to change from v2 to v3, or to fixup the v3 rootid.
478
+
*
479
+
* If all is ok, we return the new size, on error return < 0.
480
+
*/
481
+
int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
482
+
{
483
+
struct vfs_ns_cap_data *nscap;
484
+
uid_t nsrootid;
485
+
const struct vfs_cap_data *cap = *ivalue;
486
+
__u32 magic, nsmagic;
487
+
struct inode *inode = d_backing_inode(dentry);
488
+
struct user_namespace *task_ns = current_user_ns(),
489
+
*fs_ns = inode->i_sb->s_user_ns;
490
+
kuid_t rootid;
491
+
size_t newsize;
492
+
493
+
if (!*ivalue)
494
+
return -EINVAL;
495
+
if (!validheader(size, cap->magic_etc))
496
+
return -EINVAL;
497
+
if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
498
+
return -EPERM;
499
+
if (size == XATTR_CAPS_SZ_2)
500
+
if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP))
501
+
/* user is privileged, just write the v2 */
502
+
return size;
503
+
504
+
rootid = rootid_from_xattr(*ivalue, size, task_ns);
505
+
if (!uid_valid(rootid))
506
+
return -EINVAL;
507
+
508
+
nsrootid = from_kuid(fs_ns, rootid);
509
+
if (nsrootid == -1)
510
+
return -EINVAL;
511
+
512
+
newsize = sizeof(struct vfs_ns_cap_data);
513
+
nscap = kmalloc(newsize, GFP_ATOMIC);
514
+
if (!nscap)
515
+
return -ENOMEM;
516
+
nscap->rootid = cpu_to_le32(nsrootid);
517
+
nsmagic = VFS_CAP_REVISION_3;
518
+
magic = le32_to_cpu(cap->magic_etc);
519
+
if (magic & VFS_CAP_FLAGS_EFFECTIVE)
520
+
nsmagic |= VFS_CAP_FLAGS_EFFECTIVE;
521
+
nscap->magic_etc = cpu_to_le32(nsmagic);
522
+
memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
523
+
524
+
kvfree(*ivalue);
525
+
*ivalue = nscap;
526
+
return newsize;
527
+
}
528
+
329
529
/*
330
530
* Calculate the new process capability sets from the capability sets attached
331
531
* to a file.
···
582
376
__u32 magic_etc;
583
377
unsigned tocopy, i;
584
378
int size;
585
-
struct vfs_cap_data caps;
379
+
struct vfs_ns_cap_data data, *nscaps = &data;
380
+
struct vfs_cap_data *caps = (struct vfs_cap_data *) &data;
381
+
kuid_t rootkuid;
382
+
struct user_namespace *fs_ns = inode->i_sb->s_user_ns;
586
383
587
384
memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
588
385
···
593
384
return -ENODATA;
594
385
595
386
size = __vfs_getxattr((struct dentry *)dentry, inode,
596
-
XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ);
387
+
XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ);
597
388
if (size == -ENODATA || size == -EOPNOTSUPP)
598
389
/* no data, that's ok */
599
390
return -ENODATA;
391
+
600
392
if (size < 0)
601
393
return size;
602
394
603
395
if (size < sizeof(magic_etc))
604
396
return -EINVAL;
605
397
606
-
cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc);
398
+
cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps->magic_etc);
607
399
400
+
rootkuid = make_kuid(fs_ns, 0);
608
401
switch (magic_etc & VFS_CAP_REVISION_MASK) {
609
402
case VFS_CAP_REVISION_1:
610
403
if (size != XATTR_CAPS_SZ_1)
···
618
407
return -EINVAL;
619
408
tocopy = VFS_CAP_U32_2;
620
409
break;
410
+
case VFS_CAP_REVISION_3:
411
+
if (size != XATTR_CAPS_SZ_3)
412
+
return -EINVAL;
413
+
tocopy = VFS_CAP_U32_3;
414
+
rootkuid = make_kuid(fs_ns, le32_to_cpu(nscaps->rootid));
415
+
break;
416
+
621
417
default:
622
418
return -EINVAL;
623
419
}
420
+
/* Limit the caps to the mounter of the filesystem
421
+
* or the more limited uid specified in the xattr.
422
+
*/
423
+
if (!rootid_owns_currentns(rootkuid))
424
+
return -ENODATA;
624
425
625
426
CAP_FOR_EACH_U32(i) {
626
427
if (i >= tocopy)
627
428
break;
628
-
cpu_caps->permitted.cap[i] = le32_to_cpu(caps.data[i].permitted);
629
-
cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable);
429
+
cpu_caps->permitted.cap[i] = le32_to_cpu(caps->data[i].permitted);
430
+
cpu_caps->inheritable.cap[i] = le32_to_cpu(caps->data[i].inheritable);
630
431
}
631
432
632
433
cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
···
676
453
rc = get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps);
677
454
if (rc < 0) {
678
455
if (rc == -EINVAL)
679
-
printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
680
-
__func__, rc, bprm->filename);
456
+
printk(KERN_NOTICE "Invalid argument reading file caps for %s\n",
457
+
bprm->filename);
681
458
else if (rc == -ENODATA)
682
459
rc = 0;
683
460
goto out;
···
856
633
int cap_inode_setxattr(struct dentry *dentry, const char *name,
857
634
const void *value, size_t size, int flags)
858
635
{
859
-
if (!strcmp(name, XATTR_NAME_CAPS)) {
860
-
if (!capable(CAP_SETFCAP))
861
-
return -EPERM;
636
+
/* Ignore non-security xattrs */
637
+
if (strncmp(name, XATTR_SECURITY_PREFIX,
638
+
sizeof(XATTR_SECURITY_PREFIX) - 1) != 0)
862
639
return 0;
863
-
}
864
640
865
-
if (!strncmp(name, XATTR_SECURITY_PREFIX,
866
-
sizeof(XATTR_SECURITY_PREFIX) - 1) &&
867
-
!capable(CAP_SYS_ADMIN))
641
+
/*
642
+
* For XATTR_NAME_CAPS the check will be done in
643
+
* cap_convert_nscap(), called by setxattr()
644
+
*/
645
+
if (strcmp(name, XATTR_NAME_CAPS) == 0)
646
+
return 0;
647
+
648
+
if (!capable(CAP_SYS_ADMIN))
868
649
return -EPERM;
869
650
return 0;
870
651
}
···
886
659
*/
887
660
int cap_inode_removexattr(struct dentry *dentry, const char *name)
888
661
{
889
-
if (!strcmp(name, XATTR_NAME_CAPS)) {
890
-
if (!capable(CAP_SETFCAP))
662
+
/* Ignore non-security xattrs */
663
+
if (strncmp(name, XATTR_SECURITY_PREFIX,
664
+
sizeof(XATTR_SECURITY_PREFIX) - 1) != 0)
665
+
return 0;
666
+
667
+
if (strcmp(name, XATTR_NAME_CAPS) == 0) {
668
+
/* security.capability gets namespaced */
669
+
struct inode *inode = d_backing_inode(dentry);
670
+
if (!inode)
671
+
return -EINVAL;
672
+
if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
891
673
return -EPERM;
892
674
return 0;
893
675
}
894
676
895
-
if (!strncmp(name, XATTR_SECURITY_PREFIX,
896
-
sizeof(XATTR_SECURITY_PREFIX) - 1) &&
897
-
!capable(CAP_SYS_ADMIN))
677
+
if (!capable(CAP_SYS_ADMIN))
898
678
return -EPERM;
899
679
return 0;
900
680
}
···
1288
1054
LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds),
1289
1055
LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv),
1290
1056
LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv),
1057
+
LSM_HOOK_INIT(inode_getsecurity, cap_inode_getsecurity),
1291
1058
LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
1292
1059
LSM_HOOK_INIT(mmap_file, cap_mmap_file),
1293
1060
LSM_HOOK_INIT(task_fix_setuid, cap_task_fix_setuid),
+1
-2
tools/testing/selftests/x86/mpx-mini-test.c
+1
-2
tools/testing/selftests/x86/mpx-mini-test.c
···
391
391
br_count++;
392
392
dprintf1("#BR 0x%jx (total seen: %d)\n", status, br_count);
393
393
394
-
#define __SI_FAULT (3 << 16)
395
-
#define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */
394
+
#define SEGV_BNDERR 3 /* failed address bound checks */
396
395
397
396
dprintf2("Saw a #BR! status 0x%jx at %016lx br_reason: %jx\n",
398
397
status, ip, br_reason);
+6
-7
tools/testing/selftests/x86/protection_keys.c
+6
-7
tools/testing/selftests/x86/protection_keys.c
···
212
212
}
213
213
}
214
214
215
-
#define __SI_FAULT (3 << 16)
216
-
#define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */
217
-
#define SEGV_PKUERR (__SI_FAULT|4)
215
+
#define SEGV_BNDERR 3 /* failed address bound checks */
216
+
#define SEGV_PKUERR 4
218
217
219
218
static char *si_code_str(int si_code)
220
219
{
221
-
if (si_code & SEGV_MAPERR)
220
+
if (si_code == SEGV_MAPERR)
222
221
return "SEGV_MAPERR";
223
-
if (si_code & SEGV_ACCERR)
222
+
if (si_code == SEGV_ACCERR)
224
223
return "SEGV_ACCERR";
225
-
if (si_code & SEGV_BNDERR)
224
+
if (si_code == SEGV_BNDERR)
226
225
return "SEGV_BNDERR";
227
-
if (si_code & SEGV_PKUERR)
226
+
if (si_code == SEGV_PKUERR)
228
227
return "SEGV_PKUERR";
229
228
return "UNKNOWN";
230
229
}