Merge tag 'v3.10.85' into update

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / ptrace.c

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index aed981a3f69c180dda76bfca76411656842eec01..30ab20623bcafc6861163f11323df8053b3d38be 100644 (file)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -236,7 +236,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
         */
        int dumpable = 0;
        /* Don't let security modules deny introspection */
-       if (task == current)
+       if (same_thread_group(task, current))
                return 0;
        rcu_read_lock();
        tcred = __task_cred(task);
@@ -257,7 +257,8 @@ ok:
        if (task->mm)
                dumpable = get_dumpable(task->mm);
        rcu_read_lock();
-       if (!dumpable && !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
+       if (dumpable != SUID_DUMP_USER &&
+           !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
                rcu_read_unlock();
                return -EPERM;
        }
@@ -665,20 +666,22 @@ static int ptrace_peek_siginfo(struct task_struct *child,
                if (unlikely(is_compat_task())) {
                        compat_siginfo_t __user *uinfo = compat_ptr(data);
 
-                       ret = copy_siginfo_to_user32(uinfo, &info);
-                       ret |= __put_user(info.si_code, &uinfo->si_code);
+                       if (copy_siginfo_to_user32(uinfo, &info) ||
+                           __put_user(info.si_code, &uinfo->si_code)) {
+                               ret = -EFAULT;
+                               break;
+                       }
+
                } else
 #endif
                {
                        siginfo_t __user *uinfo = (siginfo_t __user *) data;
 
-                       ret = copy_siginfo_to_user(uinfo, &info);
-                       ret |= __put_user(info.si_code, &uinfo->si_code);
-               }
-
-               if (ret) {
-                       ret = -EFAULT;
-                       break;
+                       if (copy_siginfo_to_user(uinfo, &info) ||
+                           __put_user(info.si_code, &uinfo->si_code)) {
+                               ret = -EFAULT;
+                               break;
+                       }
                }
 
                data += sizeof(siginfo_t);
@@ -717,6 +720,8 @@ static int ptrace_peek_siginfo(struct task_struct *child,
 static int ptrace_resume(struct task_struct *child, long request,
                         unsigned long data)
 {
+       bool need_siglock;
+
        if (!valid_signal(data))
                return -EIO;
 
@@ -744,8 +749,26 @@ static int ptrace_resume(struct task_struct *child, long request,
                user_disable_single_step(child);
        }
 
+       /*
+        * Change ->exit_code and ->state under siglock to avoid the race
+        * with wait_task_stopped() in between; a non-zero ->exit_code will
+        * wrongly look like another report from tracee.
+        *
+        * Note that we need siglock even if ->exit_code == data and/or this
+        * status was not reported yet, the new status must not be cleared by
+        * wait_task_stopped() after resume.
+        *
+        * If data == 0 we do not care if wait_task_stopped() reports the old
+        * status and clears the code too; this can't race with the tracee, it
+        * takes siglock after resume.
+        */
+       need_siglock = data && !thread_group_empty(current);
+       if (need_siglock)
+               spin_lock_irq(&child->sighand->siglock);
        child->exit_code = data;
        wake_up_state(child, __TASK_TRACED);
+       if (need_siglock)
+               spin_unlock_irq(&child->sighand->siglock);
 
        return 0;
 }