<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/arch/ia64/include/asm/processor.h, branch linux-4.7.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>sched, mips, ia64: Remove __ARCH_WANT_UNLOCKED_CTXSW</title>
<updated>2014-09-24T12:47:05+00:00</updated>
<author>
<name>Peter Zijlstra</name>
<email>peterz@infradead.org</email>
</author>
<published>2014-09-23T15:06:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c55f5158f5606f8a62e694b7e009f59b92ac6258'/>
<id>c55f5158f5606f8a62e694b7e009f59b92ac6258</id>
<content type='text'>
Kirill found that there's a subtle race in the
__ARCH_WANT_UNLOCKED_CTXSW code, and instead of fixing it, remove the
entire exception because neither arch that uses it seems to actually
still require it.

Boot tested on mips64el (qemu) only.

Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: Kirill Tkhai &lt;tkhai@yandex.ru&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Davidlohr Bueso &lt;davidlohr@hp.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
Cc: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Paul Burton &lt;paul.burton@imgtec.com&gt;
Cc: Qais Yousef &lt;qais.yousef@imgtec.com&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: oleg@redhat.com
Cc: linux@roeck-us.net
Cc: linux-ia64@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mips@linux-mips.org
Link: http://lkml.kernel.org/r/20140923150641.GH3312@worktop.programming.kicks-ass.net
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Kirill found that there's a subtle race in the
__ARCH_WANT_UNLOCKED_CTXSW code, and instead of fixing it, remove the
entire exception because neither arch that uses it seems to actually
still require it.

Boot tested on mips64el (qemu) only.

Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Reviewed-by: Kirill Tkhai &lt;tkhai@yandex.ru&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Davidlohr Bueso &lt;davidlohr@hp.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
Cc: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Paul Burton &lt;paul.burton@imgtec.com&gt;
Cc: Qais Yousef &lt;qais.yousef@imgtec.com&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: oleg@redhat.com
Cc: linux@roeck-us.net
Cc: linux-ia64@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mips@linux-mips.org
Link: http://lkml.kernel.org/r/20140923150641.GH3312@worktop.programming.kicks-ass.net
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>arch, locking: Ciao arch_mutex_cpu_relax()</title>
<updated>2014-07-17T10:32:47+00:00</updated>
<author>
<name>Davidlohr Bueso</name>
<email>davidlohr@hp.com</email>
</author>
<published>2014-06-29T22:09:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3a6bfbc91df04b081a44d419e0260bad54abddf7'/>
<id>3a6bfbc91df04b081a44d419e0260bad54abddf7</id>
<content type='text'>
The arch_mutex_cpu_relax() function, introduced by 34b133f, is
hacky and ugly. It was added a few years ago to address the fact
that common cpu_relax() calls include yielding on s390, and thus
impact the optimistic spinning functionality of mutexes. Nowadays
we use this function well beyond mutexes: rwsem, qrwlock, mcs and
lockref. Since the macro that defines the call is in the mutex header,
any users must include mutex.h and the naming is misleading as well.

This patch (i) renames the call to cpu_relax_lowlatency  ("relax, but
only if you can do it with very low latency") and (ii) defines it in
each arch's asm/processor.h local header, just like for regular cpu_relax
functions. On all archs, except s390, cpu_relax_lowlatency is simply cpu_relax,
and thus we can take it out of mutex.h. While this can seem redundant,
I believe it is a good choice as it allows us to move out arch specific
logic from generic locking primitives and enables future(?) archs to
transparently define it, similarly to System Z.

Signed-off-by: Davidlohr Bueso &lt;davidlohr@hp.com&gt;
Signed-off-by: Peter Zijlstra &lt;peterz@infradead.org&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Anton Blanchard &lt;anton@samba.org&gt;
Cc: Aurelien Jacquiot &lt;a-jacquiot@ti.com&gt;
Cc: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: Bharat Bhushan &lt;r65777@freescale.com&gt;
Cc: Catalin Marinas &lt;catalin.marinas@arm.com&gt;
Cc: Chen Liqin &lt;liqin.linux@gmail.com&gt;
Cc: Chris Metcalf &lt;cmetcalf@tilera.com&gt;
Cc: Christian Borntraeger &lt;borntraeger@de.ibm.com&gt;
Cc: Chris Zankel &lt;chris@zankel.net&gt;
Cc: David Howells &lt;dhowells@redhat.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Cc: Deepthi Dharwar &lt;deepthi@linux.vnet.ibm.com&gt;
Cc: Dominik Dingel &lt;dingel@linux.vnet.ibm.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
Cc: Geert Uytterhoeven &lt;geert@linux-m68k.org&gt;
Cc: Guan Xuetao &lt;gxt@mprc.pku.edu.cn&gt;
Cc: Haavard Skinnemoen &lt;hskinnemoen@gmail.com&gt;
Cc: Hans-Christian Egtvedt &lt;egtvedt@samfundet.no&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Hirokazu Takata &lt;takata@linux-m32r.org&gt;
Cc: Ivan Kokshaysky &lt;ink@jurassic.park.msu.ru&gt;
Cc: James E.J. Bottomley &lt;jejb@parisc-linux.org&gt;
Cc: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Jason Wang &lt;jasowang@redhat.com&gt;
Cc: Jesper Nilsson &lt;jesper.nilsson@axis.com&gt;
Cc: Joe Perches &lt;joe@perches.com&gt;
Cc: Jonas Bonn &lt;jonas@southpole.se&gt;
Cc: Joseph Myers &lt;joseph@codesourcery.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Koichi Yasutake &lt;yasutake.koichi@jp.panasonic.com&gt;
Cc: Lennox Wu &lt;lennox.wu@gmail.com&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Mark Salter &lt;msalter@redhat.com&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Matt Turner &lt;mattst88@gmail.com&gt;
Cc: Max Filippov &lt;jcmvbkbc@gmail.com&gt;
Cc: Michael Neuling &lt;mikey@neuling.org&gt;
Cc: Michal Simek &lt;monstr@monstr.eu&gt;
Cc: Mikael Starvik &lt;starvik@axis.com&gt;
Cc: Nicolas Pitre &lt;nico@linaro.org&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: Paul Burton &lt;paul.burton@imgtec.com&gt;
Cc: Paul E. McKenney &lt;paulmck@linux.vnet.ibm.com&gt;
Cc: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Cc: Paul Mackerras &lt;paulus@samba.org&gt;
Cc: Qais Yousef &lt;qais.yousef@imgtec.com&gt;
Cc: Qiaowei Ren &lt;qiaowei.ren@intel.com&gt;
Cc: Rafael Wysocki &lt;rafael.j.wysocki@intel.com&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Richard Henderson &lt;rth@twiddle.net&gt;
Cc: Richard Kuo &lt;rkuo@codeaurora.org&gt;
Cc: Russell King &lt;linux@arm.linux.org.uk&gt;
Cc: Steven Miao &lt;realmz6@gmail.com&gt;
Cc: Steven Rostedt &lt;srostedt@redhat.com&gt;
Cc: Stratos Karafotis &lt;stratosk@semaphore.gr&gt;
Cc: Tim Chen &lt;tim.c.chen@linux.intel.com&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: Vasily Kulikov &lt;segoon@openwall.com&gt;
Cc: Vineet Gupta &lt;vgupta@synopsys.com&gt;
Cc: Vineet Gupta &lt;Vineet.Gupta1@synopsys.com&gt;
Cc: Waiman Long &lt;Waiman.Long@hp.com&gt;
Cc: Will Deacon &lt;will.deacon@arm.com&gt;
Cc: Wolfram Sang &lt;wsa@the-dreams.de&gt;
Cc: adi-buildroot-devel@lists.sourceforge.net
Cc: linux390@de.ibm.com
Cc: linux-alpha@vger.kernel.org
Cc: linux-am33-list@redhat.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-c6x-dev@linux-c6x.org
Cc: linux-cris-kernel@axis.com
Cc: linux-hexagon@vger.kernel.org
Cc: linux-ia64@vger.kernel.org
Cc: linux@lists.openrisc.net
Cc: linux-m32r-ja@ml.linux-m32r.org
Cc: linux-m32r@ml.linux-m32r.org
Cc: linux-m68k@lists.linux-m68k.org
Cc: linux-metag@vger.kernel.org
Cc: linux-mips@linux-mips.org
Cc: linux-parisc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-s390@vger.kernel.org
Cc: linux-sh@vger.kernel.org
Cc: linux-xtensa@linux-xtensa.org
Cc: sparclinux@vger.kernel.org
Link: http://lkml.kernel.org/r/1404079773.2619.4.camel@buesod1.americas.hpqcorp.net
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The arch_mutex_cpu_relax() function, introduced by 34b133f, is
hacky and ugly. It was added a few years ago to address the fact
that common cpu_relax() calls include yielding on s390, and thus
impact the optimistic spinning functionality of mutexes. Nowadays
we use this function well beyond mutexes: rwsem, qrwlock, mcs and
lockref. Since the macro that defines the call is in the mutex header,
any users must include mutex.h and the naming is misleading as well.

This patch (i) renames the call to cpu_relax_lowlatency  ("relax, but
only if you can do it with very low latency") and (ii) defines it in
each arch's asm/processor.h local header, just like for regular cpu_relax
functions. On all archs, except s390, cpu_relax_lowlatency is simply cpu_relax,
and thus we can take it out of mutex.h. While this can seem redundant,
I believe it is a good choice as it allows us to move out arch specific
logic from generic locking primitives and enables future(?) archs to
transparently define it, similarly to System Z.

Signed-off-by: Davidlohr Bueso &lt;davidlohr@hp.com&gt;
Signed-off-by: Peter Zijlstra &lt;peterz@infradead.org&gt;
Cc: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Cc: Anton Blanchard &lt;anton@samba.org&gt;
Cc: Aurelien Jacquiot &lt;a-jacquiot@ti.com&gt;
Cc: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: Bharat Bhushan &lt;r65777@freescale.com&gt;
Cc: Catalin Marinas &lt;catalin.marinas@arm.com&gt;
Cc: Chen Liqin &lt;liqin.linux@gmail.com&gt;
Cc: Chris Metcalf &lt;cmetcalf@tilera.com&gt;
Cc: Christian Borntraeger &lt;borntraeger@de.ibm.com&gt;
Cc: Chris Zankel &lt;chris@zankel.net&gt;
Cc: David Howells &lt;dhowells@redhat.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Cc: Deepthi Dharwar &lt;deepthi@linux.vnet.ibm.com&gt;
Cc: Dominik Dingel &lt;dingel@linux.vnet.ibm.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
Cc: Geert Uytterhoeven &lt;geert@linux-m68k.org&gt;
Cc: Guan Xuetao &lt;gxt@mprc.pku.edu.cn&gt;
Cc: Haavard Skinnemoen &lt;hskinnemoen@gmail.com&gt;
Cc: Hans-Christian Egtvedt &lt;egtvedt@samfundet.no&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Hirokazu Takata &lt;takata@linux-m32r.org&gt;
Cc: Ivan Kokshaysky &lt;ink@jurassic.park.msu.ru&gt;
Cc: James E.J. Bottomley &lt;jejb@parisc-linux.org&gt;
Cc: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Jason Wang &lt;jasowang@redhat.com&gt;
Cc: Jesper Nilsson &lt;jesper.nilsson@axis.com&gt;
Cc: Joe Perches &lt;joe@perches.com&gt;
Cc: Jonas Bonn &lt;jonas@southpole.se&gt;
Cc: Joseph Myers &lt;joseph@codesourcery.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Koichi Yasutake &lt;yasutake.koichi@jp.panasonic.com&gt;
Cc: Lennox Wu &lt;lennox.wu@gmail.com&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Mark Salter &lt;msalter@redhat.com&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Matt Turner &lt;mattst88@gmail.com&gt;
Cc: Max Filippov &lt;jcmvbkbc@gmail.com&gt;
Cc: Michael Neuling &lt;mikey@neuling.org&gt;
Cc: Michal Simek &lt;monstr@monstr.eu&gt;
Cc: Mikael Starvik &lt;starvik@axis.com&gt;
Cc: Nicolas Pitre &lt;nico@linaro.org&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: Paul Burton &lt;paul.burton@imgtec.com&gt;
Cc: Paul E. McKenney &lt;paulmck@linux.vnet.ibm.com&gt;
Cc: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Cc: Paul Mackerras &lt;paulus@samba.org&gt;
Cc: Qais Yousef &lt;qais.yousef@imgtec.com&gt;
Cc: Qiaowei Ren &lt;qiaowei.ren@intel.com&gt;
Cc: Rafael Wysocki &lt;rafael.j.wysocki@intel.com&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Richard Henderson &lt;rth@twiddle.net&gt;
Cc: Richard Kuo &lt;rkuo@codeaurora.org&gt;
Cc: Russell King &lt;linux@arm.linux.org.uk&gt;
Cc: Steven Miao &lt;realmz6@gmail.com&gt;
Cc: Steven Rostedt &lt;srostedt@redhat.com&gt;
Cc: Stratos Karafotis &lt;stratosk@semaphore.gr&gt;
Cc: Tim Chen &lt;tim.c.chen@linux.intel.com&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: Vasily Kulikov &lt;segoon@openwall.com&gt;
Cc: Vineet Gupta &lt;vgupta@synopsys.com&gt;
Cc: Vineet Gupta &lt;Vineet.Gupta1@synopsys.com&gt;
Cc: Waiman Long &lt;Waiman.Long@hp.com&gt;
Cc: Will Deacon &lt;will.deacon@arm.com&gt;
Cc: Wolfram Sang &lt;wsa@the-dreams.de&gt;
Cc: adi-buildroot-devel@lists.sourceforge.net
Cc: linux390@de.ibm.com
Cc: linux-alpha@vger.kernel.org
Cc: linux-am33-list@redhat.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-c6x-dev@linux-c6x.org
Cc: linux-cris-kernel@axis.com
Cc: linux-hexagon@vger.kernel.org
Cc: linux-ia64@vger.kernel.org
Cc: linux@lists.openrisc.net
Cc: linux-m32r-ja@ml.linux-m32r.org
Cc: linux-m32r@ml.linux-m32r.org
Cc: linux-m68k@lists.linux-m68k.org
Cc: linux-metag@vger.kernel.org
Cc: linux-mips@linux-mips.org
Cc: linux-parisc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-s390@vger.kernel.org
Cc: linux-sh@vger.kernel.org
Cc: linux-xtensa@linux-xtensa.org
Cc: sparclinux@vger.kernel.org
Link: http://lkml.kernel.org/r/1404079773.2619.4.camel@buesod1.americas.hpqcorp.net
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>printk/cache: mark printk_once test variable __read_mostly</title>
<updated>2014-01-24T00:36:56+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2014-01-23T23:54:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c28aa1f0a847c36daa4280b611e2b54bad75c576'/>
<id>c28aa1f0a847c36daa4280b611e2b54bad75c576</id>
<content type='text'>
Add #include &lt;linux/cache.h&gt; to define __read_mostly.

Convert cache.h to use uapi/linux/kernel.h instead
of linux/kernel.h to avoid recursive #includes.

Convert the ALIGN macro to __ALIGN_KERNEL.

printk_once only sets the bool variable tested
once so mark it __read_mostly.

Neaten the alignment so it matches the rest of the
pr_&lt;level&gt;_once #defines too.

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Reviewed-by: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Wu Fengguang &lt;fengguang.wu@intel.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add #include &lt;linux/cache.h&gt; to define __read_mostly.

Convert cache.h to use uapi/linux/kernel.h instead
of linux/kernel.h to avoid recursive #includes.

Convert the ALIGN macro to __ALIGN_KERNEL.

printk_once only sets the bool variable tested
once so mark it __read_mostly.

Neaten the alignment so it matches the rest of the
pr_&lt;level&gt;_once #defines too.

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Reviewed-by: James Hogan &lt;james.hogan@imgtec.com&gt;
Cc: Wu Fengguang &lt;fengguang.wu@intel.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>exec/ptrace: fix get_dumpable() incorrect tests</title>
<updated>2013-11-13T03:09:33+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2013-11-12T23:11:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d049f74f2dbe71354d43d393ac3a188947811348'/>
<id>d049f74f2dbe71354d43d393ac3a188947811348</id>
<content type='text'>
The get_dumpable() return value is not boolean.  Most users of the
function actually want to be testing for non-SUID_DUMP_USER(1) rather than
SUID_DUMP_DISABLE(0).  The SUID_DUMP_ROOT(2) is also considered a
protected state.  Almost all places did this correctly, excepting the two
places fixed in this patch.

Wrong logic:
    if (dumpable == SUID_DUMP_DISABLE) { /* be protective */ }
        or
    if (dumpable == 0) { /* be protective */ }
        or
    if (!dumpable) { /* be protective */ }

Correct logic:
    if (dumpable != SUID_DUMP_USER) { /* be protective */ }
        or
    if (dumpable != 1) { /* be protective */ }

Without this patch, if the system had set the sysctl fs/suid_dumpable=2, a
user was able to ptrace attach to processes that had dropped privileges to
that user.  (This may have been partially mitigated if Yama was enabled.)

The macros have been moved into the file that declares get/set_dumpable(),
which means things like the ia64 code can see them too.

CVE-2013-2929

Reported-by: Vasily Kulikov &lt;segoon@openwall.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Cc: "Luck, Tony" &lt;tony.luck@intel.com&gt;
Cc: Oleg Nesterov &lt;oleg@redhat.com&gt;
Cc: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The get_dumpable() return value is not boolean.  Most users of the
function actually want to be testing for non-SUID_DUMP_USER(1) rather than
SUID_DUMP_DISABLE(0).  The SUID_DUMP_ROOT(2) is also considered a
protected state.  Almost all places did this correctly, excepting the two
places fixed in this patch.

Wrong logic:
    if (dumpable == SUID_DUMP_DISABLE) { /* be protective */ }
        or
    if (dumpable == 0) { /* be protective */ }
        or
    if (!dumpable) { /* be protective */ }

Correct logic:
    if (dumpable != SUID_DUMP_USER) { /* be protective */ }
        or
    if (dumpable != 1) { /* be protective */ }

Without this patch, if the system had set the sysctl fs/suid_dumpable=2, a
user was able to ptrace attach to processes that had dropped privileges to
that user.  (This may have been partially mitigated if Yama was enabled.)

The macros have been moved into the file that declares get/set_dumpable(),
which means things like the ia64 code can see them too.

CVE-2013-2929

Reported-by: Vasily Kulikov &lt;segoon@openwall.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Cc: "Luck, Tony" &lt;tony.luck@intel.com&gt;
Cc: Oleg Nesterov &lt;oleg@redhat.com&gt;
Cc: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ia64: switch to generic kernel_thread()/kernel_execve()</title>
<updated>2012-10-19T18:28:09+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2012-10-14T19:43:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=54d496c3915a10b5e46c5dd9de1a6d301ceb32bd'/>
<id>54d496c3915a10b5e46c5dd9de1a6d301ceb32bd</id>
<content type='text'>
Acked-by: Tony Luck &lt;tony.luck@intel.com&gt;
Tested-by: Tony Luck &lt;tony.luck@intel.com&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Acked-by: Tony Luck &lt;tony.luck@intel.com&gt;
Tested-by: Tony Luck &lt;tony.luck@intel.com&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[IA64] Rename platform_name to ia64_platform_name</title>
<updated>2012-07-25T18:47:16+00:00</updated>
<author>
<name>Fengguang Wu</name>
<email>fengguang.wu@intel.com</email>
</author>
<published>2012-07-25T07:15:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f9445a382e3b9fdd21db41a4825ca1399cd0a3f4'/>
<id>f9445a382e3b9fdd21db41a4825ca1399cd0a3f4</id>
<content type='text'>
The macro name is too generic and conflicts with
snd_soc_dai_link.platform_name, which triggers lots of build errors.

Signed-off-by: Fengguang Wu &lt;fengguang.wu@intel.com&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The macro name is too generic and conflicts with
snd_soc_dai_link.platform_name, which triggers lots of build errors.

Signed-off-by: Fengguang Wu &lt;fengguang.wu@intel.com&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'ia64-3.5-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux</title>
<updated>2012-05-23T19:05:44+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2012-05-23T19:05:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3813d4024a75562baf77d3907fb6afbf8f9c8232'/>
<id>3813d4024a75562baf77d3907fb6afbf8f9c8232</id>
<content type='text'>
Pull Itanium fixes from Tony Luck.

* tag 'ia64-3.5-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Liberate the signal layer from IA64 assembler
  [IA64] Add cmpxchg.h to exported userspace headers
  [IA64] Fix fast syscall version of getcpu()
  [IA64] Removed "task_size" element from thread_struct - it is now constant
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull Itanium fixes from Tony Luck.

* tag 'ia64-3.5-merge' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Liberate the signal layer from IA64 assembler
  [IA64] Add cmpxchg.h to exported userspace headers
  [IA64] Fix fast syscall version of getcpu()
  [IA64] Removed "task_size" element from thread_struct - it is now constant
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip</title>
<updated>2012-05-23T17:59:07+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2012-05-23T17:59:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ec0d7f18ab7b5097d7c0c8f3d909ca1031b9d5cd'/>
<id>ec0d7f18ab7b5097d7c0c8f3d909ca1031b9d5cd</id>
<content type='text'>
Pull fpu state cleanups from Ingo Molnar:
 "This tree streamlines further aspects of FPU handling by eliminating
  the prepare_to_copy() complication and moving that logic to
  arch_dup_task_struct().

  It also fixes the FPU dumps in threaded core dumps, removes and old
  (and now invalid) assumption plus micro-optimizes the exit path by
  avoiding an FPU save for dead tasks."

Fixed up trivial add-add conflict in arch/sh/kernel/process.c that came
in because we now do the FPU handling in arch_dup_task_struct() rather
than the legacy (and now gone) prepare_to_copy().

* 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, fpu: drop the fpu state during thread exit
  x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state()
  coredump: ensure the fpu state is flushed for proper multi-threaded core dump
  fork: move the real prepare_to_copy() users to arch_dup_task_struct()
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull fpu state cleanups from Ingo Molnar:
 "This tree streamlines further aspects of FPU handling by eliminating
  the prepare_to_copy() complication and moving that logic to
  arch_dup_task_struct().

  It also fixes the FPU dumps in threaded core dumps, removes and old
  (and now invalid) assumption plus micro-optimizes the exit path by
  avoiding an FPU save for dead tasks."

Fixed up trivial add-add conflict in arch/sh/kernel/process.c that came
in because we now do the FPU handling in arch_dup_task_struct() rather
than the legacy (and now gone) prepare_to_copy().

* 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, fpu: drop the fpu state during thread exit
  x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state()
  coredump: ensure the fpu state is flushed for proper multi-threaded core dump
  fork: move the real prepare_to_copy() users to arch_dup_task_struct()
</pre>
</div>
</content>
</entry>
<entry>
<title>fork: move the real prepare_to_copy() users to arch_dup_task_struct()</title>
<updated>2012-05-16T22:16:26+00:00</updated>
<author>
<name>Suresh Siddha</name>
<email>suresh.b.siddha@intel.com</email>
</author>
<published>2012-05-16T22:03:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=55ccf3fe3f9a3441731aa79cf42a628fc4ecace9'/>
<id>55ccf3fe3f9a3441731aa79cf42a628fc4ecace9</id>
<content type='text'>
Historical prepare_to_copy() is mostly a no-op, duplicated for majority of
the architectures and the rest following the x86 model of flushing the extended
register state like fpu there.

Remove it and use the arch_dup_task_struct() instead.

Suggested-by: Oleg Nesterov &lt;oleg@redhat.com&gt;
Suggested-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Suresh Siddha &lt;suresh.b.siddha@intel.com&gt;
Link: http://lkml.kernel.org/r/1336692811-30576-1-git-send-email-suresh.b.siddha@intel.com
Acked-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: David Howells &lt;dhowells@redhat.com&gt;
Cc: Koichi Yasutake &lt;yasutake.koichi@jp.panasonic.com&gt;
Cc: Paul Mackerras &lt;paulus@samba.org&gt;
Cc: Paul Mundt &lt;lethal@linux-sh.org&gt;
Cc: Chris Zankel &lt;chris@zankel.net&gt;
Cc: Richard Henderson &lt;rth@twiddle.net&gt;
Cc: Russell King &lt;linux@arm.linux.org.uk&gt;
Cc: Haavard Skinnemoen &lt;hskinnemoen@gmail.com&gt;
Cc: Mike Frysinger &lt;vapier@gentoo.org&gt;
Cc: Mark Salter &lt;msalter@redhat.com&gt;
Cc: Aurelien Jacquiot &lt;a-jacquiot@ti.com&gt;
Cc: Mikael Starvik &lt;starvik@axis.com&gt;
Cc: Yoshinori Sato &lt;ysato@users.sourceforge.jp&gt;
Cc: Richard Kuo &lt;rkuo@codeaurora.org&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: Michal Simek &lt;monstr@monstr.eu&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Jonas Bonn &lt;jonas@southpole.se&gt;
Cc: James E.J. Bottomley &lt;jejb@parisc-linux.org&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: Chen Liqin &lt;liqin.chen@sunplusct.com&gt;
Cc: Lennox Wu &lt;lennox.wu@gmail.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Cc: Chris Metcalf &lt;cmetcalf@tilera.com&gt;
Cc: Jeff Dike &lt;jdike@addtoit.com&gt;
Cc: Richard Weinberger &lt;richard@nod.at&gt;
Cc: Guan Xuetao &lt;gxt@mprc.pku.edu.cn&gt;
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Historical prepare_to_copy() is mostly a no-op, duplicated for majority of
the architectures and the rest following the x86 model of flushing the extended
register state like fpu there.

Remove it and use the arch_dup_task_struct() instead.

Suggested-by: Oleg Nesterov &lt;oleg@redhat.com&gt;
Suggested-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Suresh Siddha &lt;suresh.b.siddha@intel.com&gt;
Link: http://lkml.kernel.org/r/1336692811-30576-1-git-send-email-suresh.b.siddha@intel.com
Acked-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: David Howells &lt;dhowells@redhat.com&gt;
Cc: Koichi Yasutake &lt;yasutake.koichi@jp.panasonic.com&gt;
Cc: Paul Mackerras &lt;paulus@samba.org&gt;
Cc: Paul Mundt &lt;lethal@linux-sh.org&gt;
Cc: Chris Zankel &lt;chris@zankel.net&gt;
Cc: Richard Henderson &lt;rth@twiddle.net&gt;
Cc: Russell King &lt;linux@arm.linux.org.uk&gt;
Cc: Haavard Skinnemoen &lt;hskinnemoen@gmail.com&gt;
Cc: Mike Frysinger &lt;vapier@gentoo.org&gt;
Cc: Mark Salter &lt;msalter@redhat.com&gt;
Cc: Aurelien Jacquiot &lt;a-jacquiot@ti.com&gt;
Cc: Mikael Starvik &lt;starvik@axis.com&gt;
Cc: Yoshinori Sato &lt;ysato@users.sourceforge.jp&gt;
Cc: Richard Kuo &lt;rkuo@codeaurora.org&gt;
Cc: Tony Luck &lt;tony.luck@intel.com&gt;
Cc: Michal Simek &lt;monstr@monstr.eu&gt;
Cc: Ralf Baechle &lt;ralf@linux-mips.org&gt;
Cc: Jonas Bonn &lt;jonas@southpole.se&gt;
Cc: James E.J. Bottomley &lt;jejb@parisc-linux.org&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: Chen Liqin &lt;liqin.chen@sunplusct.com&gt;
Cc: Lennox Wu &lt;lennox.wu@gmail.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Cc: Chris Metcalf &lt;cmetcalf@tilera.com&gt;
Cc: Jeff Dike &lt;jdike@addtoit.com&gt;
Cc: Richard Weinberger &lt;richard@nod.at&gt;
Cc: Guan Xuetao &lt;gxt@mprc.pku.edu.cn&gt;
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[IA64] Removed "task_size" element from thread_struct - it is now constant</title>
<updated>2012-05-16T20:55:32+00:00</updated>
<author>
<name>Tony Luck</name>
<email>tony.luck@intel.com</email>
</author>
<published>2012-05-01T21:41:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c7173271f3f63738e7ec5a2f074472c5feed3518'/>
<id>c7173271f3f63738e7ec5a2f074472c5feed3518</id>
<content type='text'>
When the 32-bit compat code was deleted, we should also have removed
the task_size element from the thread structure - threads can only
be 64-bit now, so no need to keep track of how much virtual address
space each task can have ... everyone gets 0xa000000000000000.

Suggested-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the 32-bit compat code was deleted, we should also have removed
the task_size element from the thread structure - threads can only
be 64-bit now, so no need to keep track of how much virtual address
space each task can have ... everyone gets 0xa000000000000000.

Suggested-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
