Merge 4.19.123 into android-4.19
Changes in 4.19.123 USB: serial: qcserial: Add DW5816e support tracing/kprobes: Fix a double initialization typo vt: fix unicode console freeing with a common interface dp83640: reverse arguments to list_add_tail fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks net: macsec: preserve ingress frame ordering net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net_sched: sch_skbprio: add message validation to skbprio_change() net: usb: qmi_wwan: add support for DW5816e sch_choke: avoid potential panic in choke_reset() sch_sfq: validate silly quantum values tipc: fix partial topology connection closure bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). net/mlx5: Fix forced completion access non initialized command entry net/mlx5: Fix command entry leak in Internal Error State bnxt_en: Improve AER slot reset. bnxt_en: Fix VF anti-spoof filter setup. net: stricter validation of untrusted gso packets HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices sctp: Fix bundling of SHUTDOWN with COOKIE-ACK HID: usbhid: Fix race between usbhid_close() and usbhid_stop() USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length tracing: Add a vmalloc_sync_mappings() for safe measure KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER KVM: arm64: Fix 32bit PC wrap-around arm64: hugetlb: avoid potential NULL dereference mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() staging: gasket: Check the return value of gasket_get_bar_index() coredump: fix crash when umh is disabled KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob batman-adv: fix batadv_nc_random_weight_tq batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process x86/entry/64: Fix unwind hints in register clearing code x86/entry/64: Fix unwind hints in kernel exit path x86/entry/64: Fix unwind hints in rewind_stack_do_exit() x86/unwind/orc: Don't skip the first frame for inactive tasks x86/unwind/orc: Prevent unwinding before ORC initialization x86/unwind/orc: Fix error path for bad ORC entry type x86/unwind/orc: Fix premature unwind stoppage due to IRET frames netfilter: nat: never update the UDP checksum when it's 0 netfilter: nf_osf: avoid passing pointer to local var objtool: Fix stack offset tracking for indirect CFAs scripts/decodecode: fix trapping instruction formatting ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() Linux 4.19.123 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib87d493c94816aa0a0754530669a8bd688964987
This commit is contained in:
Greg Kroah-Hartman
34
ipc/mqueue.c
34
ipc/mqueue.c
@@ -76,6 +76,7 @@ struct mqueue_inode_info {
|
||||
|
||||
struct sigevent notify;
|
||||
struct pid *notify_owner;
|
||||
u32 notify_self_exec_id;
|
||||
struct user_namespace *notify_user_ns;
|
||||
struct user_struct *user; /* user who created, for accounting */
|
||||
struct sock *notify_sock;
|
||||
@@ -662,28 +663,44 @@ static void __do_notify(struct mqueue_inode_info *info)
|
||||
* synchronously. */
|
||||
if (info->notify_owner &&
|
||||
info->attr.mq_curmsgs == 1) {
|
||||
struct siginfo sig_i;
|
||||
switch (info->notify.sigev_notify) {
|
||||
case SIGEV_NONE:
|
||||
break;
|
||||
case SIGEV_SIGNAL:
|
||||
/* sends signal */
|
||||
case SIGEV_SIGNAL: {
|
||||
struct siginfo sig_i;
|
||||
struct task_struct *task;
|
||||
|
||||
/* do_mq_notify() accepts sigev_signo == 0, why?? */
|
||||
if (!info->notify.sigev_signo)
|
||||
break;
|
||||
|
||||
clear_siginfo(&sig_i);
|
||||
sig_i.si_signo = info->notify.sigev_signo;
|
||||
sig_i.si_errno = 0;
|
||||
sig_i.si_code = SI_MESGQ;
|
||||
sig_i.si_value = info->notify.sigev_value;
|
||||
/* map current pid/uid into info->owner's namespaces */
|
||||
rcu_read_lock();
|
||||
/* map current pid/uid into info->owner's namespaces */
|
||||
sig_i.si_pid = task_tgid_nr_ns(current,
|
||||
ns_of_pid(info->notify_owner));
|
||||
sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid());
|
||||
sig_i.si_uid = from_kuid_munged(info->notify_user_ns,
|
||||
current_uid());
|
||||
/*
|
||||
* We can't use kill_pid_info(), this signal should
|
||||
* bypass check_kill_permission(). It is from kernel
|
||||
* but si_fromuser() can't know this.
|
||||
* We do check the self_exec_id, to avoid sending
|
||||
* signals to programs that don't expect them.
|
||||
*/
|
||||
task = pid_task(info->notify_owner, PIDTYPE_TGID);
|
||||
if (task && task->self_exec_id ==
|
||||
info->notify_self_exec_id) {
|
||||
do_send_sig_info(info->notify.sigev_signo,
|
||||
&sig_i, task, PIDTYPE_TGID);
|
||||
}
|
||||
rcu_read_unlock();
|
||||
|
||||
kill_pid_info(info->notify.sigev_signo,
|
||||
&sig_i, info->notify_owner);
|
||||
break;
|
||||
}
|
||||
case SIGEV_THREAD:
|
||||
set_cookie(info->notify_cookie, NOTIFY_WOKENUP);
|
||||
netlink_sendskb(info->notify_sock, info->notify_cookie);
|
||||
@@ -1273,6 +1290,7 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification)
|
||||
info->notify.sigev_signo = notification->sigev_signo;
|
||||
info->notify.sigev_value = notification->sigev_value;
|
||||
info->notify.sigev_notify = SIGEV_SIGNAL;
|
||||
info->notify_self_exec_id = current->self_exec_id;
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user