The patch titled
Subject: proc: make /proc/*/cmdline go through LSM
has been removed from the -mm tree. Its filename was
proc-make-proc-cmdline-go-through-lsm.patch
This patch was dropped because it was withdrawn
------------------------------------------------------
From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Subject: proc: make /proc/*/cmdline go through LSM
/proc/*/cmdline is not different from /proc/*/environ as it accesses
target task's memory (and can access the very same region of memory) but
it doesn't go through ptrace_may_access() and thus doesn't go through LSM.
Link: http://lkml.kernel.org/r/20180221192339.GA28548@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/proc/base.c | 67 +++++++++++++++++++++++------------------------
1 file changed, 33 insertions(+), 34 deletions(-)
diff -puN fs/proc/base.c~proc-make-proc-cmdline-go-through-lsm fs/proc/base.c
--- a/fs/proc/base.c~proc-make-proc-cmdline-go-through-lsm
+++ a/fs/proc/base.c
@@ -205,11 +205,34 @@ static int proc_root_link(struct dentry
return result;
}
+static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+{
+ struct mm_struct *mm = proc_mem_open(inode, mode);
+
+ if (IS_ERR(mm))
+ return PTR_ERR(mm);
+
+ file->private_data = mm;
+ return 0;
+}
+
+static int proc_pid_cmdline_open(struct inode *inode, struct file *file)
+{
+ return __mem_open(inode, file, PTRACE_MODE_READ);
+}
+
+static int mem_release(struct inode *inode, struct file *file)
+{
+ struct mm_struct *mm = file->private_data;
+ if (mm)
+ mmdrop(mm);
+ return 0;
+}
+
static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
size_t _count, loff_t *pos)
{
- struct task_struct *tsk;
- struct mm_struct *mm;
+ struct mm_struct *mm = file->private_data;
char *page;
unsigned long count = _count;
unsigned long arg_start, arg_end, env_start, env_end;
@@ -220,18 +243,11 @@ static ssize_t proc_pid_cmdline_read(str
BUG_ON(*pos < 0);
- tsk = get_proc_task(file_inode(file));
- if (!tsk)
- return -ESRCH;
- mm = get_task_mm(tsk);
- put_task_struct(tsk);
- if (!mm)
- return 0;
/* Check if process spawned far enough to have cmdline. */
- if (!mm->env_end) {
- rv = 0;
- goto out_mmput;
- }
+ if (!mm || !mm->env_end)
+ return 0;
+ if (!mmget_not_zero(mm))
+ return 0;
page = (char *)__get_free_page(GFP_KERNEL);
if (!page) {
@@ -373,8 +389,10 @@ out_mmput:
}
static const struct file_operations proc_pid_cmdline_ops = {
- .read = proc_pid_cmdline_read,
- .llseek = generic_file_llseek,
+ .open = proc_pid_cmdline_open,
+ .read = proc_pid_cmdline_read,
+ .llseek = generic_file_llseek,
+ .release = mem_release,
};
#ifdef CONFIG_KALLSYMS
@@ -783,17 +801,6 @@ struct mm_struct *proc_mem_open(struct i
return mm;
}
-static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
-{
- struct mm_struct *mm = proc_mem_open(inode, mode);
-
- if (IS_ERR(mm))
- return PTR_ERR(mm);
-
- file->private_data = mm;
- return 0;
-}
-
static int mem_open(struct inode *inode, struct file *file)
{
int ret = __mem_open(inode, file, PTRACE_MODE_ATTACH);
@@ -887,14 +894,6 @@ loff_t mem_lseek(struct file *file, loff
return file->f_pos;
}
-static int mem_release(struct inode *inode, struct file *file)
-{
- struct mm_struct *mm = file->private_data;
- if (mm)
- mmdrop(mm);
- return 0;
-}
-
static const struct file_operations proc_mem_operations = {
.llseek = mem_lseek,
.read = mem_read,
_
Patches currently in -mm which might be from adobriyan@xxxxxxxxx are
proc-more-unsigned-int-in-proc-cmdline.patch
proc-somewhat-simpler-code-for-proc-cmdline.patch
proc-simpler-iterations-for-proc-cmdline.patch
proc-deduplicate-proc-cmdline-implementation.patch
proc-smaller-rcu-section-in-getattr.patch
proc-use-unsigned-int-in-proc_fill_cache.patch
proc-skip-branch-in-proc-lookup.patch
proc-use-unsigned-int-for-sigqueue-length.patch
proc-use-unsigned-int-for-proc-stack.patch
coredump-fix-spam-with-zero-vma-process.patch
seq_file-delete-small-value-optimization.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
