Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / ab83798bd5a38f3c6781a170e0f8cef05df65fd7
commitab83798bd5a38f3c6781a170e0f8cef05df65fd7[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Tue Jan 10 12:28:32 2017 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Jul 29 17:05:44 2022 +0200
tree6dbcfc0b4fde3abf5791d352a19e0f11a7544a80
parent65be5f5665a580424a7b1102f1a04c4259c559b5 [diff]
security,selinux,smack: kill security_task_wait hook

commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 upstream.

As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
6 files changed
tree: 6dbcfc0b4fde3abf5791d352a19e0f11a7544a80
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS