Merge branch 'akpm' (patches from Andrew Morton)

Merge first patch-bomb from Andrew Morton: "Quite a lot of other stuff is banked up awaiting further next->mainline merging, but this batch contains: - Lots of random misc patches - OCFS2 - Most of MM - backlight updates - lib/ updates - printk updates - checkpatch updates - epoll tweaking - rtc updates - hfs - hfsplus - documentation - procfs - update gcov to gcc-4.7 format - IPC" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (269 commits) ipc, msg: fix message length check for negative values ipc/util.c: remove unnecessary work pending test devpts: plug the memory leak in kill_sb ./Makefile: export initial ramdisk compression config option init/Kconfig: add option to disable kernel compression drivers: w1: make w1_slave::flags long to avoid memory corruption drivers/w1/masters/ds1wm.cuse dev_get_platdata() drivers/memstick/core/ms_block.c: fix unreachable state in h_msb_read_page() drivers/memstick/core/mspro_block.c: fix attributes array allocation drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr kernel/panic.c: reduce 1 byte usage for print tainted buffer gcov: reuse kbasename helper kernel/gcov/fs.c: use pr_warn() kernel/module.c: use pr_foo() gcov: compile specific gcov implementation based on gcc version gcov: add support for gcc 4.7 gcov format gcov: move gcov structs definitions to a gcc version specific file kernel/taskstats.c: return -ENOMEM when alloc memory fails in add_del_listener() kernel/taskstats.c: add nla_nest_cancel() for failure processing between nla_nest_start() and nla_nest_end() kernel/sysctl_binary.c: use scnprintf() instead of snprintf() ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-13 01:45:43 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-13 01:45:43 -0500
commit: 5cbb3d216e2041700231bcfc383ee5f8b7fc8b74 (patch)
tree: a738fa82dbcefa9bd283c08bc67f38827be63937 /lib/vsprintf.c
parent: 9bc9ccd7db1c9f043f75380b5a5b94912046a60e (diff)
parent: 4e9b45a19241354daec281d7a785739829b52359 (diff)
1 files changed, 32 insertions, 3 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 26559bdb4c49..48586ac3a62e 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -27,6 +27,7 @@
 #include <linux/uaccess.h>
 #include <linux/ioport.h>
 #include <linux/dcache.h>
+#include <linux/cred.h>
 #include <net/addrconf.h>
 #include <asm/page.h>           /* for PAGE_SIZE */
@@ -1218,6 +1219,8 @@ int kptr_restrict __read_mostly;
 *            The maximum supported length is 64 bytes of the input. Consider
 *            to use print_hex_dump() for the larger input.
 * - 'a' For a phys_addr_t type and its derivative types (passed by reference)
+ * - 'd[234]' For a dentry name (optionally 2-4 last components)
+ * - 'D[234]' Same as 'd' but for a struct file
 *
 * Note: The difference between 'S' and 'F' is that on ia64 and ppc64
 * function pointers are really function descriptors, which contain a
@@ -1312,11 +1315,37 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
                                spec.field_width = default_width;
                        return string(buf, end, "pK-error", spec);
                }
-                if (!((kptr_restrict == 0) ||
-                      (kptr_restrict == 1 &&
+                switch (kptr_restrict) {
-                       has_capability_noaudit(current, CAP_SYSLOG))))
+                case 0:
+                        /* Always print %pK values */
+                        break;
+                case 1: {
+                        /*
+                         * Only print the real pointer value if the current
+                         * process has CAP_SYSLOG and is running with the
+                         * same credentials it started with. This is because
+                         * access to files is checked at open() time, but %pK
+                         * checks permission at read() time. We don't want to
+                         * leak pointer values if a binary opens a file using
+                         * %pK and then elevates privileges before reading it.
+                         */
+                        const struct cred *cred = current_cred();
+                        if (!has_capability_noaudit(current, CAP_SYSLOG) ||
+                            !uid_eq(cred->euid, cred->uid) ||
+                            !gid_eq(cred->egid, cred->gid))
+                                ptr = NULL;
+                        break;
+                }
+                case 2:
+                default:
+                        /* Always print 0's for %pK */
                        ptr = NULL;
+                        break;
+                }
                break;
        case 'N':
                switch (fmt[1]) {
                case 'F':
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-13 01:45:43 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-13 01:45:43 -0500
commit	5cbb3d216e2041700231bcfc383ee5f8b7fc8b74 (patch)
tree	a738fa82dbcefa9bd283c08bc67f38827be63937 /lib/vsprintf.c
parent	9bc9ccd7db1c9f043f75380b5a5b94912046a60e (diff)
parent	4e9b45a19241354daec281d7a785739829b52359 (diff)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 26559bdb4c49..48586ac3a62e 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c
@@ -27,6 +27,7 @@
27	#include <linux/uaccess.h>	27	#include <linux/uaccess.h>
28	#include <linux/ioport.h>	28	#include <linux/ioport.h>
29	#include <linux/dcache.h>	29	#include <linux/dcache.h>
		30	#include <linux/cred.h>
30	#include <net/addrconf.h>	31	#include <net/addrconf.h>
31		32
32	#include <asm/page.h> /* for PAGE_SIZE */	33	#include <asm/page.h> /* for PAGE_SIZE */
@@ -1218,6 +1219,8 @@ int kptr_restrict __read_mostly;
1218	* The maximum supported length is 64 bytes of the input. Consider	1219	* The maximum supported length is 64 bytes of the input. Consider
1219	* to use print_hex_dump() for the larger input.	1220	* to use print_hex_dump() for the larger input.
1220	* - 'a' For a phys_addr_t type and its derivative types (passed by reference)	1221	* - 'a' For a phys_addr_t type and its derivative types (passed by reference)
		1222	* - 'd[234]' For a dentry name (optionally 2-4 last components)
		1223	* - 'D[234]' Same as 'd' but for a struct file
1221	*	1224	*
1222	* Note: The difference between 'S' and 'F' is that on ia64 and ppc64	1225	* Note: The difference between 'S' and 'F' is that on ia64 and ppc64
1223	* function pointers are really function descriptors, which contain a	1226	* function pointers are really function descriptors, which contain a
@@ -1312,11 +1315,37 @@ char pointer(const char fmt, char buf, char end, void *ptr,
1312	spec.field_width = default_width;	1315	spec.field_width = default_width;
1313	return string(buf, end, "pK-error", spec);	1316	return string(buf, end, "pK-error", spec);
1314	}	1317	}
1315	if (!((kptr_restrict == 0) \|\|	1318
1316	(kptr_restrict == 1 &&	1319	switch (kptr_restrict) {
1317	has_capability_noaudit(current, CAP_SYSLOG))))	1320	case 0:
		1321	/* Always print %pK values */
		1322	break;
		1323	case 1: {
		1324	/*
		1325	* Only print the real pointer value if the current
		1326	* process has CAP_SYSLOG and is running with the
		1327	* same credentials it started with. This is because
		1328	* access to files is checked at open() time, but %pK
		1329	* checks permission at read() time. We don't want to
		1330	* leak pointer values if a binary opens a file using
		1331	* %pK and then elevates privileges before reading it.
		1332	*/
		1333	const struct cred *cred = current_cred();
		1334
		1335	if (!has_capability_noaudit(current, CAP_SYSLOG) \|\|
		1336	!uid_eq(cred->euid, cred->uid) \|\|
		1337	!gid_eq(cred->egid, cred->gid))
		1338	ptr = NULL;
		1339	break;
		1340	}
		1341	case 2:
		1342	default:
		1343	/* Always print 0's for %pK */
1318	ptr = NULL;	1344	ptr = NULL;
		1345	break;
		1346	}
1319	break;	1347	break;
		1348
1320	case 'N':	1349	case 'N':
1321	switch (fmt[1]) {	1350	switch (fmt[1]) {
1322	case 'F':	1351	case 'F':