Import of kernel-4.18.0-553.125.1.el8_10
This commit is contained in:
parent
255206941b
commit
b6e320a30c
@ -12,7 +12,7 @@ RHEL_MINOR = 10
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_RELEASE = 553.124.1
|
||||
RHEL_RELEASE = 553.125.1
|
||||
|
||||
#
|
||||
# ZSTREAM
|
||||
|
||||
@ -864,6 +864,8 @@ struct task_struct {
|
||||
#ifdef CONFIG_PSI
|
||||
RH_KABI_FILL_HOLE(unsigned sched_psi_wake_requeue:1)
|
||||
#endif
|
||||
/* Save user-dumpable when mm goes away */
|
||||
RH_KABI_FILL_HOLE(unsigned user_dumpable:1)
|
||||
|
||||
/* Force alignment to the next boundary: */
|
||||
unsigned :0;
|
||||
|
||||
@ -482,6 +482,7 @@ static void exit_mm(void)
|
||||
BUG_ON(mm != current->active_mm);
|
||||
/* more a memory barrier than a real lock */
|
||||
task_lock(current);
|
||||
current->user_dumpable = (get_dumpable(mm) == SUID_DUMP_USER);
|
||||
current->mm = NULL;
|
||||
mmap_read_unlock(mm);
|
||||
enter_lazy_tlb(mm, current);
|
||||
|
||||
@ -284,11 +284,24 @@ static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
|
||||
return has_ns_capability(current, ns, CAP_SYS_PTRACE);
|
||||
}
|
||||
|
||||
static bool task_still_dumpable(struct task_struct *task, unsigned int mode)
|
||||
{
|
||||
struct mm_struct *mm = task->mm;
|
||||
if (mm) {
|
||||
if (get_dumpable(mm) == SUID_DUMP_USER)
|
||||
return true;
|
||||
return ptrace_has_cap(mm->user_ns, mode);
|
||||
}
|
||||
|
||||
if (task->user_dumpable)
|
||||
return true;
|
||||
return ptrace_has_cap(&init_user_ns, mode);
|
||||
}
|
||||
|
||||
/* Returns 0 on success, -errno on denial. */
|
||||
static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
|
||||
{
|
||||
const struct cred *cred = current_cred(), *tcred;
|
||||
struct mm_struct *mm;
|
||||
kuid_t caller_uid;
|
||||
kgid_t caller_gid;
|
||||
|
||||
@ -349,14 +362,8 @@ ok:
|
||||
* Pairs with a write barrier in commit_creds().
|
||||
*/
|
||||
smp_rmb();
|
||||
mm = task->mm;
|
||||
if (mm) {
|
||||
if ((get_dumpable(mm) != SUID_DUMP_USER) &&
|
||||
!ptrace_has_cap(mm->user_ns, mode))
|
||||
return -EPERM;
|
||||
} else if (!ptrace_has_cap(&init_user_ns, mode)) {
|
||||
if (!task_still_dumpable(task, mode))
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
return security_ptrace_access_check(task, mode);
|
||||
}
|
||||
|
||||
@ -4352,7 +4352,8 @@ normal:
|
||||
skb_copy_from_linear_data_offset(head_skb, offset,
|
||||
skb_put(nskb, hsize), hsize);
|
||||
|
||||
skb_shinfo(nskb)->tx_flags |= skb_shinfo(head_skb)->tx_flags &
|
||||
skb_shinfo(nskb)->tx_flags |= (skb_shinfo(head_skb)->tx_flags |
|
||||
skb_shinfo(frag_skb)->tx_flags) &
|
||||
SKBTX_SHARED_FRAG;
|
||||
|
||||
if (skb_zerocopy_clone(nskb, frag_skb, GFP_ATOMIC))
|
||||
@ -4369,6 +4370,9 @@ normal:
|
||||
nfrags = skb_shinfo(list_skb)->nr_frags;
|
||||
frag = skb_shinfo(list_skb)->frags;
|
||||
frag_skb = list_skb;
|
||||
|
||||
skb_shinfo(nskb)->tx_flags |= skb_shinfo(frag_skb)->tx_flags & SKBTX_SHARED_FRAG;
|
||||
|
||||
if (!skb_headlen(list_skb)) {
|
||||
BUG_ON(!nfrags);
|
||||
} else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user