| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <875zc8kxyg.fsf@x220.int.ebiederm.org>
Date: Wed, 03 Jun 2020 09:47:51 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] proc changes for v5.8-rc1
Please pull the proc-linus branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git proc-linus
HEAD: 9d78edeaec759f997c303f286ecd39daee166f2a proc: proc_pid_ns takes super_block as an argument
This branch has 4 sets of changes:
proc: modernize proc to support multiple private instances
proc: Ensure we see the exit of each process tid exactly
Removing has_group_leader_pid
posix-cpu-timers: Use pids not tasks in lookup
Alexey updated proc so each mount of proc uses a new superblock. This
allows people to actually use mount options with proc with no fear of
messing up another mount of proc. Given the kernel's internal mounts of
proc for things like uml this was a real problem, and resulted in
Android's hidepid mount options being ignored and introducing security
issues.
The rest of the changes are small cleanups and fixes that came out of my
work to allow this change to proc. In essence it is swapping the pids
in de_thread during exec which revoves a special case the code had to
handle. Then updating the code to stop handling that special case.
Alexey Gladkov (9):
proc: modernize proc to support multiple private instances
proc: rename struct proc_fs_info to proc_fs_opts
proc: allow to mount many instances of proc in one pid namespace
proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option
proc: add option to mount only a pids subset
docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior
proc: use human-readable values for hidepid
proc: use named enums for better readability
Use proc_pid_ns() to get pid_namespace from the proc superblock
proc: proc_pid_ns takes super_block as an argument
Eric W. Biederman (14):
proc: Use PIDTYPE_TGID in next_tgid
rculist: Add hlists_swap_heads_rcu
proc: Ensure we see the exit of each process tid exactly once
proc: Ensure we see the exit of each process tid exactly
posix-cpu-timer: Tidy up group_leader logic in lookup_task
posix-cpu-timer: Unify the now redundant code in lookup_task
exec: Remove BUG_ON(has_group_leader_pid)
signal: Remove has_group_leader_pid
posix-cpu-timers: Extend rcu_read_lock removing task_struct references
posix-cpu-timers: Replace cpu_timer_pid_type with clock_pid_type
posix-cpu-timers: Replace __get_task_for_clock with pid_for_clock
Removing has_group_leader_pid
posix-cpu-timers: Use pids not tasks in lookup
Oleg Nesterov (1):
remove the no longer needed pid_alive() check in __task_pid_nr_ns()
Documentation/filesystems/proc.rst | 92 ++++++++++++---
fs/exec.c | 6 +-
fs/locks.c | 4 +-
fs/proc/array.c | 2 +-
fs/proc/base.c | 74 ++++++------
fs/proc/generic.c | 9 ++
fs/proc/inode.c | 30 ++++-
fs/proc/root.c | 131 ++++++++++++++++-----
fs/proc/self.c | 8 +-
fs/proc/thread_self.c | 8 +-
fs/proc_namespace.c | 14 +--
include/linux/pid.h | 1 +
include/linux/pid_namespace.h | 12 --
include/linux/proc_fs.h | 32 ++++-
include/linux/rculist.h | 21 ++++
include/linux/sched/signal.h | 11 --
kernel/fork.c | 2 +-
kernel/pid.c | 22 +++-
kernel/time/posix-cpu-timers.c | 111 ++++++++---------
net/ipv6/ip6_flowlabel.c | 2 +-
security/tomoyo/realpath.c | 4 +-
tools/testing/selftests/proc/.gitignore | 2 +
tools/testing/selftests/proc/Makefile | 2 +
.../testing/selftests/proc/proc-fsconfig-hidepid.c | 50 ++++++++
.../testing/selftests/proc/proc-multiple-procfs.c | 48 ++++++++
25 files changed, 492 insertions(+), 206 deletions(-)
Eric
Powered by blists - more mailing lists