android_kernel_xiaomi_sm8350/fs
Kees Cook 5883f57ca0 proc: protect mm start_code/end_code in /proc/pid/stat
While mm->start_stack was protected from cross-uid viewing (commit
f83ce3e6b0 ("proc: avoid information leaks to non-privileged
processes")), the start_code and end_code values were not.  This would
allow the text location of a PIE binary to leak, defeating ASLR.

Note that the value "1" is used instead of "0" for a protected value since
"ps", "killall", and likely other readers of /proc/pid/stat, take
start_code of "0" to mean a kernel thread and will misbehave.  Thanks to
Brad Spengler for pointing this out.

Addresses CVE-2011-0726

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Cc: <stable@kernel.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-23 19:46:37 -07:00
..
9p 9p: use the updated offset given by generic_write_checks 2011-03-22 16:32:49 -05:00
adfs fs/adfs/adfs.h: fix unsigned comparison 2011-03-23 19:46:09 -07:00
affs fs: change to new flag variable 2011-03-17 14:02:57 +01:00
afs afs: Fix oops in afs_unlink_writeback 2011-02-25 11:12:37 -08:00
autofs4 lose 'mounting_here' argument in ->d_manage() 2011-03-18 10:01:59 -04:00
befs
bfs bfs: fix bitmap size argument to find_first_zero_bit() 2011-03-21 08:35:12 -04:00
btrfs zlib: slim down zlib_deflate() workspace when possible 2011-03-22 17:44:17 -07:00
cachefiles CacheFiles: Add calls to path-based security hooks 2011-01-24 10:49:45 +11:00
ceph ceph: rename dentry_release -> d_release, fix comment 2011-03-21 12:24:26 -07:00
cifs [CIFS] update cifs version 2011-02-21 22:31:47 +00:00
coda codafs: fix compile warning when CONFIG_SYSCTL=n 2011-03-22 17:44:16 -07:00
configfs
cramfs
debugfs debugfs: Fix filesystem reference counting on debugfs_remove() failure 2011-02-18 08:07:18 -08:00
devpts fs/devpts/inode.c: correctly check d_alloc_name() return code in devpts_pty_new() 2011-03-22 17:44:17 -07:00
dlm dlm: use alloc_workqueue function 2011-03-10 13:22:34 -06:00
ecryptfs eCryptfs: Copy up lower inode attrs in getattr 2011-02-21 14:46:36 -06:00
efs
exofs exofs: i_nlink races in rename() 2011-03-03 01:28:17 -05:00
exportfs vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
ext2 bitops: remove ext2 non-atomic bitops from asm/bitops.h 2011-03-23 19:46:21 -07:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2011-03-17 17:41:19 -07:00
ext4 ext4: use little-endian bitops 2011-03-23 19:46:17 -07:00
fat exportfs: Return the minimum required handle size 2011-03-14 09:15:28 -04:00
freevxfs
fscache
fuse mm: add replace_page_cache_page() function 2011-03-22 17:44:02 -07:00
gfs2 Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-03-20 18:14:55 -07:00
hfs hfs: fix rename() over non-empty directory 2011-03-03 01:28:40 -05:00
hfsplus hfsplus: fix up a comparism in hfsplus_file_extend 2011-02-03 16:34:18 -07:00
hostfs
hpfs hpfs: remove the BKL 2011-03-02 22:27:36 +01:00
hppfs
hugetlbfs mm: hugetlbfs: change remove_from_page_cache 2011-03-22 17:44:02 -07:00
isofs exportfs: Return the minimum required handle size 2011-03-14 09:15:28 -04:00
jbd jbd: Remove one to many n's in a word. 2011-02-28 21:55:58 +01:00
jbd2 jbd: Remove one to many n's in a word. 2011-02-28 21:55:58 +01:00
jffs2 zlib: slim down zlib_deflate() workspace when possible 2011-03-22 17:44:17 -07:00
jfs Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-03-20 18:14:55 -07:00
lockd NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!" 2011-01-25 15:24:47 -05:00
logfs zlib: slim down zlib_deflate() workspace when possible 2011-03-22 17:44:17 -07:00
minix bitops: remove minix bitops from asm/bitops.h 2011-03-23 19:46:22 -07:00
ncpfs fs: change to new flag variable 2011-03-17 14:02:57 +01:00
nfs nfs: lock() vs unlock() typo 2011-03-21 00:45:50 -04:00
nfs_common NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
nfsd don't pass 'mounting_here' flag to follow_down() 2011-03-18 09:04:20 -04:00
nilfs2 nilfs2: use little-endian bitops 2011-03-23 19:46:18 -07:00
nls
notify Remove one to many n's in a word 2011-03-01 15:47:58 +01:00
ntfs fs: change to new flag variable 2011-03-17 14:02:57 +01:00
ocfs2 ocfs2: use little-endian bitops 2011-03-23 19:46:17 -07:00
omfs omfs: make readdir stop when filldir says so 2011-03-05 16:24:12 -05:00
openpromfs
partitions Increase OSF partition limit from 8 to 18 2011-03-16 08:04:07 -07:00
proc proc: protect mm start_code/end_code in /proc/pid/stat 2011-03-23 19:46:37 -07:00
pstore pstore: use mount option instead sysfs to tweak kmsg_bytes 2011-03-21 13:50:05 -07:00
qnx4
quota quota: return -ENOMEM when memory allocation fails 2011-02-24 11:42:44 +01:00
ramfs
reiserfs Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-03-20 18:14:55 -07:00
romfs
squashfs squashfs: fix use of uninitialised variable in zlib & xz decompressors 2011-01-26 10:50:05 +10:00
sysfs kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
sysv sysv: i_nlink races in rename() 2011-03-03 01:28:16 -05:00
ubifs Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6 2011-03-18 10:50:27 -07:00
udf udf: use little-endian bitops 2011-03-23 19:46:19 -07:00
ufs ufs: use little-endian bitops 2011-03-23 19:46:19 -07:00
xfs Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs 2011-03-21 14:24:56 -07:00
aio.c aio: wake all waiters when destroying ctx 2011-03-22 17:44:17 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c binfmt_elf: quiet GCC-4.6 'set but not used' warning in load_elf_binary() 2011-03-22 17:44:15 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c fs: use appropriate printk priority levels 2011-03-22 17:44:10 -07:00
block_dev.c fs/block_dev.c: fix new kernel-doc warning 2011-02-28 18:08:31 -08:00
buffer.c
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c select: remove unused MAX_SELECT_SECONDS 2011-03-21 00:16:08 -04:00
dcache.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-18 10:51:11 -07:00
dcookies.c
direct-io.c Merge branch 'master' into for-next 2011-02-15 10:24:31 +01:00
drop_caches.c
eventfd.c Docbook: add fs/eventfd.c and fix typos in it 2011-02-21 15:07:04 -08:00
eventpoll.c epoll: fix compiler warning and optimize the non-blocking path 2011-03-22 17:44:15 -07:00
exec.c Small typo fix... 2011-03-21 00:16:09 -04:00
fcntl.c New kind of open files - "location only". 2011-03-15 02:21:45 -04:00
fhandle.c vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
fifo.c Filesystem: fifo: Fixed coding style issue. 2011-03-21 00:16:09 -04:00
file_table.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-16 13:26:17 -07:00
file.c
filesystems.c
fs_struct.c
fs-writeback.c
generic_acl.c
inode.c fs/inode: Fix kernel-doc format for inode_init_owner 2011-03-21 00:16:08 -04:00
internal.h FS: lookup_mnt() is only used in the core fs routines now 2011-03-21 12:13:10 -04:00
ioctl.c vfs: cleanup do_vfs_ioctl() 2011-03-21 00:16:08 -04:00
ioprio.c
Kconfig Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2011-03-16 19:01:29 -07:00
Kconfig.binfmt
libfs.c
locks.c fs/locks.c: Remove stale FIXME left over from BKL conversion 2011-03-05 10:55:59 +01:00
Makefile Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2011-03-16 19:01:29 -07:00
mbcache.c
mpage.c
namei.c lose 'mounting_here' argument in ->d_manage() 2011-03-18 10:01:59 -04:00
namespace.c fs: use appropriate printk priority levels 2011-03-22 17:44:10 -07:00
nfsctl.c open-style analog of vfs_path_lookup() 2011-03-14 09:15:28 -04:00
no-block.c
open.c fs: Use BUG_ON(!mnt) at dentry_open(). 2011-03-21 01:10:41 -04:00
pipe.c
pnode.c
pnode.h
posix_acl.c NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
read_write.c
read_write.h
readdir.c
select.c select: remove unused MAX_SELECT_SECONDS 2011-03-21 00:16:08 -04:00
seq_file.c
signalfd.c
splice.c
stack.c
stat.c readlinkat(), fchownat() and fstatat() with empty relative pathnames 2011-03-15 02:21:45 -04:00
statfs.c clean statfs-like syscalls up 2011-03-14 09:15:28 -04:00
super.c vfs: split off vfsmount-related parts of vfs_kern_mount() 2011-03-17 22:10:41 -04:00
sync.c introduce sys_syncfs to sync a single file system 2011-03-21 00:40:29 -04:00
timerfd.c
utimes.c
xattr_acl.c
xattr.c