diff options
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/alpha/kernel/osf_sys.c | 4 | ||||
| -rw-r--r-- | arch/ia64/kernel/mca_drv.c | 3 | ||||
| -rw-r--r-- | arch/ia64/kernel/perfmon.c | 32 | ||||
| -rw-r--r-- | arch/ia64/kernel/signal.c | 4 | ||||
| -rw-r--r-- | arch/powerpc/mm/fault.c | 2 | ||||
| -rw-r--r-- | arch/s390/hypfs/inode.c | 20 | ||||
| -rw-r--r-- | arch/s390/kernel/compat_linux.c | 36 |
7 files changed, 61 insertions, 40 deletions
diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c index bc1acdda7a5e..9503a4be40f6 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c | |||
| @@ -278,8 +278,8 @@ linux_to_osf_stat(struct kstat *lstat, struct osf_stat __user *osf_stat) | |||
| 278 | tmp.st_dev = lstat->dev; | 278 | tmp.st_dev = lstat->dev; |
| 279 | tmp.st_mode = lstat->mode; | 279 | tmp.st_mode = lstat->mode; |
| 280 | tmp.st_nlink = lstat->nlink; | 280 | tmp.st_nlink = lstat->nlink; |
| 281 | tmp.st_uid = lstat->uid; | 281 | tmp.st_uid = from_kuid_munged(current_user_ns(), lstat->uid); |
| 282 | tmp.st_gid = lstat->gid; | 282 | tmp.st_gid = from_kgid_munged(current_user_ns(), lstat->gid); |
| 283 | tmp.st_rdev = lstat->rdev; | 283 | tmp.st_rdev = lstat->rdev; |
| 284 | tmp.st_ldev = lstat->rdev; | 284 | tmp.st_ldev = lstat->rdev; |
| 285 | tmp.st_size = lstat->size; | 285 | tmp.st_size = lstat->size; |
diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c index 1c2e89406721..9392e021c93b 100644 --- a/arch/ia64/kernel/mca_drv.c +++ b/arch/ia64/kernel/mca_drv.c | |||
| @@ -158,7 +158,8 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr) | |||
| 158 | ia64_mlogbuf_dump(); | 158 | ia64_mlogbuf_dump(); |
| 159 | printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, " | 159 | printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, " |
| 160 | "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n", | 160 | "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n", |
| 161 | raw_smp_processor_id(), current->pid, current_uid(), | 161 | raw_smp_processor_id(), current->pid, |
| 162 | from_kuid(&init_user_ns, current_uid()), | ||
| 162 | iip, ipsr, paddr, current->comm); | 163 | iip, ipsr, paddr, current->comm); |
| 163 | 164 | ||
| 164 | spin_lock(&mca_bh_lock); | 165 | spin_lock(&mca_bh_lock); |
diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c index 3fa4bc536953..5a5c22245dee 100644 --- a/arch/ia64/kernel/perfmon.c +++ b/arch/ia64/kernel/perfmon.c | |||
| @@ -2380,8 +2380,8 @@ static int | |||
| 2380 | pfm_bad_permissions(struct task_struct *task) | 2380 | pfm_bad_permissions(struct task_struct *task) |
| 2381 | { | 2381 | { |
| 2382 | const struct cred *tcred; | 2382 | const struct cred *tcred; |
| 2383 | uid_t uid = current_uid(); | 2383 | kuid_t uid = current_uid(); |
| 2384 | gid_t gid = current_gid(); | 2384 | kgid_t gid = current_gid(); |
| 2385 | int ret; | 2385 | int ret; |
| 2386 | 2386 | ||
| 2387 | rcu_read_lock(); | 2387 | rcu_read_lock(); |
| @@ -2389,20 +2389,20 @@ pfm_bad_permissions(struct task_struct *task) | |||
| 2389 | 2389 | ||
| 2390 | /* inspired by ptrace_attach() */ | 2390 | /* inspired by ptrace_attach() */ |
| 2391 | DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n", | 2391 | DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n", |
| 2392 | uid, | 2392 | from_kuid(&init_user_ns, uid), |
| 2393 | gid, | 2393 | from_kgid(&init_user_ns, gid), |
| 2394 | tcred->euid, | 2394 | from_kuid(&init_user_ns, tcred->euid), |
| 2395 | tcred->suid, | 2395 | from_kuid(&init_user_ns, tcred->suid), |
| 2396 | tcred->uid, | 2396 | from_kuid(&init_user_ns, tcred->uid), |
| 2397 | tcred->egid, | 2397 | from_kgid(&init_user_ns, tcred->egid), |
| 2398 | tcred->sgid)); | 2398 | from_kgid(&init_user_ns, tcred->sgid))); |
| 2399 | 2399 | ||
| 2400 | ret = ((uid != tcred->euid) | 2400 | ret = ((!uid_eq(uid, tcred->euid)) |
| 2401 | || (uid != tcred->suid) | 2401 | || (!uid_eq(uid, tcred->suid)) |
| 2402 | || (uid != tcred->uid) | 2402 | || (!uid_eq(uid, tcred->uid)) |
| 2403 | || (gid != tcred->egid) | 2403 | || (!gid_eq(gid, tcred->egid)) |
| 2404 | || (gid != tcred->sgid) | 2404 | || (!gid_eq(gid, tcred->sgid)) |
| 2405 | || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE); | 2405 | || (!gid_eq(gid, tcred->gid))) && !capable(CAP_SYS_PTRACE); |
| 2406 | 2406 | ||
| 2407 | rcu_read_unlock(); | 2407 | rcu_read_unlock(); |
| 2408 | return ret; | 2408 | return ret; |
diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c index a199be1fe619..37dd79511cbe 100644 --- a/arch/ia64/kernel/signal.c +++ b/arch/ia64/kernel/signal.c | |||
| @@ -220,7 +220,7 @@ ia64_rt_sigreturn (struct sigscratch *scr) | |||
| 220 | si.si_errno = 0; | 220 | si.si_errno = 0; |
| 221 | si.si_code = SI_KERNEL; | 221 | si.si_code = SI_KERNEL; |
| 222 | si.si_pid = task_pid_vnr(current); | 222 | si.si_pid = task_pid_vnr(current); |
| 223 | si.si_uid = current_uid(); | 223 | si.si_uid = from_kuid_munged(current_user_ns(), current_uid()); |
| 224 | si.si_addr = sc; | 224 | si.si_addr = sc; |
| 225 | force_sig_info(SIGSEGV, &si, current); | 225 | force_sig_info(SIGSEGV, &si, current); |
| 226 | return retval; | 226 | return retval; |
| @@ -317,7 +317,7 @@ force_sigsegv_info (int sig, void __user *addr) | |||
| 317 | si.si_errno = 0; | 317 | si.si_errno = 0; |
| 318 | si.si_code = SI_KERNEL; | 318 | si.si_code = SI_KERNEL; |
| 319 | si.si_pid = task_pid_vnr(current); | 319 | si.si_pid = task_pid_vnr(current); |
| 320 | si.si_uid = current_uid(); | 320 | si.si_uid = from_kuid_munged(current_user_ns(), current_uid()); |
| 321 | si.si_addr = addr; | 321 | si.si_addr = addr; |
| 322 | force_sig_info(SIGSEGV, &si, current); | 322 | force_sig_info(SIGSEGV, &si, current); |
| 323 | return 0; | 323 | return 0; |
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index 08ffcf52a856..e5f028b5794e 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c | |||
| @@ -470,7 +470,7 @@ bad_area_nosemaphore: | |||
| 470 | if (is_exec && (error_code & DSISR_PROTFAULT)) | 470 | if (is_exec && (error_code & DSISR_PROTFAULT)) |
| 471 | printk_ratelimited(KERN_CRIT "kernel tried to execute NX-protected" | 471 | printk_ratelimited(KERN_CRIT "kernel tried to execute NX-protected" |
| 472 | " page (%lx) - exploit attempt? (uid: %d)\n", | 472 | " page (%lx) - exploit attempt? (uid: %d)\n", |
| 473 | address, current_uid()); | 473 | address, from_kuid(&init_user_ns, current_uid())); |
| 474 | 474 | ||
| 475 | return SIGSEGV; | 475 | return SIGSEGV; |
| 476 | 476 | ||
diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c index 6767b437a103..124ec1a55cc9 100644 --- a/arch/s390/hypfs/inode.c +++ b/arch/s390/hypfs/inode.c | |||
| @@ -31,8 +31,8 @@ static struct dentry *hypfs_create_update_file(struct super_block *sb, | |||
| 31 | struct dentry *dir); | 31 | struct dentry *dir); |
| 32 | 32 | ||
| 33 | struct hypfs_sb_info { | 33 | struct hypfs_sb_info { |
| 34 | uid_t uid; /* uid used for files and dirs */ | 34 | kuid_t uid; /* uid used for files and dirs */ |
| 35 | gid_t gid; /* gid used for files and dirs */ | 35 | kgid_t gid; /* gid used for files and dirs */ |
| 36 | struct dentry *update_file; /* file to trigger update */ | 36 | struct dentry *update_file; /* file to trigger update */ |
| 37 | time_t last_update; /* last update time in secs since 1970 */ | 37 | time_t last_update; /* last update time in secs since 1970 */ |
| 38 | struct mutex lock; /* lock to protect update process */ | 38 | struct mutex lock; /* lock to protect update process */ |
| @@ -229,6 +229,8 @@ static int hypfs_parse_options(char *options, struct super_block *sb) | |||
| 229 | { | 229 | { |
| 230 | char *str; | 230 | char *str; |
| 231 | substring_t args[MAX_OPT_ARGS]; | 231 | substring_t args[MAX_OPT_ARGS]; |
| 232 | kuid_t uid; | ||
| 233 | kgid_t gid; | ||
| 232 | 234 | ||
| 233 | if (!options) | 235 | if (!options) |
| 234 | return 0; | 236 | return 0; |
| @@ -243,12 +245,18 @@ static int hypfs_parse_options(char *options, struct super_block *sb) | |||
| 243 | case opt_uid: | 245 | case opt_uid: |
| 244 | if (match_int(&args[0], &option)) | 246 | if (match_int(&args[0], &option)) |
| 245 | return -EINVAL; | 247 | return -EINVAL; |
| 246 | hypfs_info->uid = option; | 248 | uid = make_kuid(current_user_ns(), option); |
| 249 | if (!uid_valid(uid)) | ||
| 250 | return -EINVAL; | ||
| 251 | hypfs_info->uid = uid; | ||
| 247 | break; | 252 | break; |
| 248 | case opt_gid: | 253 | case opt_gid: |
| 249 | if (match_int(&args[0], &option)) | 254 | if (match_int(&args[0], &option)) |
| 250 | return -EINVAL; | 255 | return -EINVAL; |
| 251 | hypfs_info->gid = option; | 256 | gid = make_kgid(current_user_ns(), option); |
| 257 | if (!gid_valid(gid)) | ||
| 258 | return -EINVAL; | ||
| 259 | hypfs_info->gid = gid; | ||
| 252 | break; | 260 | break; |
| 253 | case opt_err: | 261 | case opt_err: |
| 254 | default: | 262 | default: |
| @@ -263,8 +271,8 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root) | |||
| 263 | { | 271 | { |
| 264 | struct hypfs_sb_info *hypfs_info = root->d_sb->s_fs_info; | 272 | struct hypfs_sb_info *hypfs_info = root->d_sb->s_fs_info; |
| 265 | 273 | ||
| 266 | seq_printf(s, ",uid=%u", hypfs_info->uid); | 274 | seq_printf(s, ",uid=%u", from_kuid_munged(&init_user_ns, hypfs_info->uid)); |
| 267 | seq_printf(s, ",gid=%u", hypfs_info->gid); | 275 | seq_printf(s, ",gid=%u", from_kgid_munged(&init_user_ns, hypfs_info->gid)); |
| 268 | return 0; | 276 | return 0; |
| 269 | } | 277 | } |
| 270 | 278 | ||
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c index f606d935f495..189963c90c6e 100644 --- a/arch/s390/kernel/compat_linux.c +++ b/arch/s390/kernel/compat_linux.c | |||
| @@ -131,13 +131,19 @@ asmlinkage long sys32_setresuid16(u16 ruid, u16 euid, u16 suid) | |||
| 131 | low2highuid(suid)); | 131 | low2highuid(suid)); |
| 132 | } | 132 | } |
| 133 | 133 | ||
| 134 | asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user *suid) | 134 | asmlinkage long sys32_getresuid16(u16 __user *ruidp, u16 __user *euidp, u16 __user *suidp) |
| 135 | { | 135 | { |
| 136 | const struct cred *cred = current_cred(); | ||
| 136 | int retval; | 137 | int retval; |
| 138 | u16 ruid, euid, suid; | ||
| 137 | 139 | ||
| 138 | if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) && | 140 | ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); |
| 139 | !(retval = put_user(high2lowuid(current->cred->euid), euid))) | 141 | euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); |
| 140 | retval = put_user(high2lowuid(current->cred->suid), suid); | 142 | suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); |
| 143 | |||
| 144 | if (!(retval = put_user(ruid, ruidp)) && | ||
| 145 | !(retval = put_user(euid, euidp))) | ||
| 146 | retval = put_user(suid, suidp); | ||
| 141 | 147 | ||
| 142 | return retval; | 148 | return retval; |
| 143 | } | 149 | } |
| @@ -148,13 +154,19 @@ asmlinkage long sys32_setresgid16(u16 rgid, u16 egid, u16 sgid) | |||
| 148 | low2highgid(sgid)); | 154 | low2highgid(sgid)); |
| 149 | } | 155 | } |
| 150 | 156 | ||
| 151 | asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user *sgid) | 157 | asmlinkage long sys32_getresgid16(u16 __user *rgidp, u16 __user *egidp, u16 __user *sgidp) |
| 152 | { | 158 | { |
| 159 | const struct cred *cred = current_cred(); | ||
| 153 | int retval; | 160 | int retval; |
| 161 | u16 rgid, egid, sgid; | ||
| 162 | |||
| 163 | rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); | ||
| 164 | egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); | ||
| 165 | sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); | ||
| 154 | 166 | ||
| 155 | if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) && | 167 | if (!(retval = put_user(rgid, rgidp)) && |
| 156 | !(retval = put_user(high2lowgid(current->cred->egid), egid))) | 168 | !(retval = put_user(egid, egidp))) |
| 157 | retval = put_user(high2lowgid(current->cred->sgid), sgid); | 169 | retval = put_user(sgid, sgidp); |
| 158 | 170 | ||
| 159 | return retval; | 171 | return retval; |
| 160 | } | 172 | } |
| @@ -258,22 +270,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) | |||
| 258 | 270 | ||
| 259 | asmlinkage long sys32_getuid16(void) | 271 | asmlinkage long sys32_getuid16(void) |
| 260 | { | 272 | { |
| 261 | return high2lowuid(current->cred->uid); | 273 | return high2lowuid(from_kuid_munged(current_user_ns(), current_uid())); |
| 262 | } | 274 | } |
| 263 | 275 | ||
| 264 | asmlinkage long sys32_geteuid16(void) | 276 | asmlinkage long sys32_geteuid16(void) |
| 265 | { | 277 | { |
| 266 | return high2lowuid(current->cred->euid); | 278 | return high2lowuid(from_kuid_munged(current_user_ns(), current_euid())); |
| 267 | } | 279 | } |
| 268 | 280 | ||
| 269 | asmlinkage long sys32_getgid16(void) | 281 | asmlinkage long sys32_getgid16(void) |
| 270 | { | 282 | { |
| 271 | return high2lowgid(current->cred->gid); | 283 | return high2lowgid(from_kgid_munged(current_user_ns(), current_gid())); |
| 272 | } | 284 | } |
| 273 | 285 | ||
| 274 | asmlinkage long sys32_getegid16(void) | 286 | asmlinkage long sys32_getegid16(void) |
| 275 | { | 287 | { |
| 276 | return high2lowgid(current->cred->egid); | 288 | return high2lowgid(from_kgid_munged(current_user_ns(), current_egid())); |
| 277 | } | 289 | } |
| 278 | 290 | ||
| 279 | /* | 291 | /* |