Signed-off-by: Stefan Bader <email address hidden>
3124589...
by
Linus Torvalds <email address hidden>
UBUNTU: SAUCE: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
This is an ancient bug that was actually attrempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can once
more try to fix it by checking the pte_dirty() bit properly (and do it
better). Also, the VM has become more scalable, and what was a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Signed-off-by: Andy Whitcroft <email address hidden>
95a9b04...
by
Sabrina Dubroca <email address hidden>
UBUNTU: SAUCE: net: add recursion limit to GRO
Currently, GRO can do unlimited recursion through the gro_receive
handlers. This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem. Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.
This patch adds a recursion counter to the GRO layer to prevent stack
overflow. When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally.
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca <email address hidden>
Reviewed-by: Jiri Benc <email address hidden>
Acked-by: Hannes Frederic Sowa <email address hidden>
BugLink: http://bugs.launchpad.net/bugs/1631287
Signed-off-by: Andy Whitcroft <email address hidden>
UBUNTU: SAUCE: apparmor: add flag to detect semantic change, to binfmt_elf mmap
commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 changed when the creds
are installed by the binfmt_elf handler. This affects which creds
are used to mmap the executable into the address space. Which can have
an affect on apparmor policy.
Add a flag to apparmor at
/sys/kernel/security/apparmor/features/domain/fix_binfmt_elf_mmap
to make it possible to detect this semantic change so that the userspace
tools and the regression test suite can correctly deal with the change.
Note: since 9f834ec1 is a potential information leak fix for prof
events and tracing, it is expected that it could be picked up by
kernels earlier kernels than 4.8 so that detecting the kernel version
is not sufficient.
BugLink: http://bugs.launchpad.net/bugs/1630069
Signed-off-by: John Johansen <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>
autofs passes the uid and gid of the user requesting a mount to
userspace, taking them from current->cred. ca6fe3344554 "fs: Call
d_automount with the filesystems creds" causes a regression as
current->cred is now the credentials of real root during automount
and not the credentials of the user. Fix this by taking the ids
from current->real_cred instead.