linux-stable.git/kernel, branch linux-2.6.14.y Linux kernel stable tree [PATCH] sysctl: make sure to terminate strings with a NUL 2006-01-08T02:15:08+00:00 Linus Torvalds torvalds@osdl.org 2005-12-31T05:59:41+00:00 002cf2a8adbb7b9d9911f410e2db78c7a3798d14 This is a slightly more complete fix for the previous minimal sysctl string fix. It always terminates the returned string with a NUL, even if the full result wouldn't fit in the user-supplied buffer. The returned length is the full untruncated length, so that you can tell when truncation has occurred. Signed-off-by: Linus Torvalds <torvalds@osdl.org> [chrisw: inclusive of minimal fix so it's same as upstream] Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
This is a slightly more complete fix for the previous minimal sysctl
string fix.  It always terminates the returned string with a NUL, even
if the full result wouldn't fit in the user-supplied buffer.

The returned length is the full untruncated length, so that you can
tell when truncation has occurred.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[chrisw: inclusive of minimal fix so it's same as upstream]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] kernel/params.c: fix sysfs access with CONFIG_MODULES=n 2005-12-27T00:08:58+00:00 Jason Wessel jason.wessel@windriver.com 2005-12-20T22:41:02+00:00 eec59235580a82f31ec66e066666332b804b0714 All the work was done to setup the file and maintain the file handles but the access functions were zeroed out due to the #ifdef. Removing the #ifdef allows full access to all the parameters when CONFIG_MODULES=n. akpm: put it back again, but use CONFIG_SYSFS instead. This patch has already been included in Linus' tree. Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
All the work was done to setup the file and maintain the file handles but
the access functions were zeroed out due to the #ifdef.  Removing the
#ifdef allows full access to all the parameters when CONFIG_MODULES=n.

akpm: put it back again, but use CONFIG_SYSFS instead.

This patch has already been included in Linus' tree.

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Add try_to_freeze to kauditd 2005-12-14T23:43:00+00:00 Pierre Ossman drzeus@drzeus.cx 2005-12-12T18:03:35+00:00 97086d3e713e1175c4a83fc3c8bbcd8d8ac8578d kauditd was causing suspends to fail because it refused to freeze. Adding a try_to_freeze() to its sleep loop solves the issue. Signed-off-by: Pierre Ossman <drzeus@drzeus.cx> Acked-by: Pavel Machek <pavel@suse.cz> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
kauditd was causing suspends to fail because it refused to freeze.  Adding
a try_to_freeze() to its sleep loop solves the issue.

Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Acked-by: Pavel Machek <pavel@suse.cz>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Fix crash when ptrace poking hugepage areas 2005-12-14T23:42:54+00:00 David Gibson david@gibson.dropbear.id.au 2005-11-30T03:46:37+00:00 d948e779d14768cee4077ad5b477d58d42b20371 set_page_dirty() will not cope with being handed a page * which is part of a compound page, but not the master page in that compound page. This case can occur via access_process_vm() if you attemp to write to another process's hugepage memory area using ptrace() (causing an oops or hang). This patch fixes the bug by only calling set_page_dirty() from access_process_vm() if the page is not a compound page. We already use a similar fix in bio_set_pages_dirty() for the case of direct io to hugepages. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: William Irwin <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
set_page_dirty() will not cope with being handed a page * which is part of
a compound page, but not the master page in that compound page.  This case
can occur via access_process_vm() if you attemp to write to another
process's hugepage memory area using ptrace() (causing an oops or hang).

This patch fixes the bug by only calling set_page_dirty() from
access_process_vm() if the page is not a compound page.  We already use a
similar fix in bio_set_pages_dirty() for the case of direct io to
hugepages.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: William Irwin <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Don't auto-reap traced children 2005-11-24T22:10:07+00:00 Oleg Nesterov oleg@tv-sign.ru 2005-11-10T14:22:18+00:00 423885efc678eec81b59e4c200417be58ede9d2f If a task is being traced we never auto-reap it even if it might look like its parent doesn't care. The tracer obviously _does_ care. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
If a task is being traced we never auto-reap it even if it might look
like its parent doesn't care. The tracer obviously _does_ care.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Fix ptrace self-attach rule 2005-11-11T05:22:08+00:00 Linus Torvalds torvalds@osdl.org 2005-11-09T19:37:57+00:00 082d52c56f642d21b771a13221068d40915a1409 Before we did CLONE_THREAD, the way to check whether we were attaching to ourselves was to just check "current == task", but with CLONE_THREAD we should check that the thread group ID matches instead. Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Before we did CLONE_THREAD, the way to check whether we were attaching
to ourselves was to just check "current == task", but with CLONE_THREAD
we should check that the thread group ID matches instead.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] - fix signal->live leak in copy_process() 2005-11-11T05:18:55+00:00 Oleg Nesterov oleg@tv-sign.ru 2005-11-09T18:22:13+00:00 d212503f82d7ef3b63ed20ab97bb68a69616d06c exit_signal() (called from copy_process's error path) should decrement ->signal->live, otherwise forking process will miss 'group_dead' in do_exit(). Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
exit_signal() (called from copy_process's error path) should decrement
->signal->live, otherwise forking process will miss 'group_dead' in
do_exit().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] CVE-2005-2709 sysctl unregistration oops 2005-11-08T19:14:00+00:00 Al Viro viro@zeniv.linux.org.uk 2005-11-08T15:03:46+00:00 e4e0411221c7d4f2bd82fa5e21745f927a1bff28 You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then wait for interface to go away, try to grab as much memory as possible in hope to hit the (kfreed) ctl_table. Then fill it with pointers to your function. Then do read from file you've opened and if you are lucky, you'll get it called as ->proc_handler() in kernel mode. So this is at least an Oops and possibly more. It does depend on an interface going away though, so less of a security risk than it would otherwise be. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
wait for interface to go away, try to grab as much memory as possible in
hope to hit the (kfreed) ctl_table.  Then fill it with pointers to your
function. Then do read from file you've opened and if you are lucky,
you'll get it called as ->proc_handler() in kernel mode.

So this is at least an Oops and possibly more.  It does depend on an
interface going away though, so less of a security risk than it would
otherwise be.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Yet more posix-cpu-timer fixes 2005-10-27T16:08:43+00:00 Roland McGrath roland@redhat.com 2005-10-27T10:16:42+00:00 72ab373a5688a78cbdaf3bf96012e597d5399bb7 This just makes sure that a thread's expiry times can't get reset after it clears them in do_exit. This is what allowed us to re-introduce the stricter BUG_ON() check in a362f463a6d316d14daed0f817e151835ce97ff7. Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
This just makes sure that a thread's expiry times can't get reset after
it clears them in do_exit.

This is what allowed us to re-introduce the stricter BUG_ON() check in
a362f463a6d316d14daed0f817e151835ce97ff7.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Revert "remove false BUG_ON() from run_posix_cpu_timers()" 2005-10-27T16:07:33+00:00 Linus Torvalds torvalds@g5.osdl.org 2005-10-27T16:07:33+00:00 a362f463a6d316d14daed0f817e151835ce97ff7 This reverts commit 3de463c7d9d58f8cf3395268230cb20a4c15bffa. Roland has another patch that allows us to leave the BUG_ON() in place by just making sure that the condition it tests for really is always true. That goes in next. Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
This reverts commit 3de463c7d9d58f8cf3395268230cb20a4c15bffa.

Roland has another patch that allows us to leave the BUG_ON() in place
by just making sure that the condition it tests for really is always
true.

That goes in next.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>