system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-23 11:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/video
History
Eric W. Biederman 38bf195398 connector/userns: replace netlink uses of cap_raised() with capable() 
In 2009 Philip Reiser notied that a few users of netlink connector
interface needed a capability check and added the idiom
cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
that netlink was asynchronous.

In 2011 Patrick McHardy noticed we were being silly because netlink is
synchronous and removed eff_cap from the netlink_skb_params and changed
the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).

Looking at those spots with a fresh eye we should be calling
capable(CAP_SYS_ADMIN).  The only reason I can see for not calling capable
is that it once appeared we were not in the same task as the caller which
would have made calling capable() impossible.

In the initial user_namespace the only difference between between
cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN) are a
few sanity checks and the fact that capable(CAP_SYS_ADMIN) sets
PF_SUPERPRIV if we use the capability.

Since we are going to be using root privilege setting PF_SUPERPRIV seems
the right thing to do.

The motivation for this that patch is that in a child user namespace
cap_raised(current_cap(),...) tests your capabilities with respect to that
child user namespace not capabilities in the initial user namespace and
thus will allow processes that should be unprivielged to use the kernel
services that are only protected with cap_raised(current_cap(),..).

To fix possible user_namespace issues and to just clean up the code
replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
capable(CAP_SYS_ADMIN).

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Philipp Reisner <philipp.reisner@linbit.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-05-10 23:21:39 -04:00
..
aty module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
backlight ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
console Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
exynos video: support DP controller driver 2012-02-13 03:02:30 +00:00
geode gx1fb: Fix section mismatch warnings 2011-06-24 17:00:31 +09:00
i810 module_param: make bool parameters really bool (drivers/video/i810) 2012-01-12 23:28:59 +00:00
intelfb fbdev fixes for 3.3 2012-02-07 15:54:02 -08:00
kyro kyrofb: fix on x86_64 2012-04-08 14:27:08 +00:00
logo module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
matrox fbdev: matroxfb: Fix compilation after fb_var_screeninfo change 2011-12-21 02:26:11 +00:00
mb862xx video: Add module.h to drivers/video files who really use it. 2011-10-31 19:31:33 -04:00
mbx video: convert mbxfb to use module_platform_driver() 2011-12-19 20:21:43 +00:00
msm video: msm: Fix section mismatches in mddi.c 2012-04-13 10:23:17 -07:00
nvidia drivers/video/nvidia/nvidia.c: fix warning 2012-01-12 20:13:03 -08:00
omap ARM: board specific updates 2012-03-27 16:27:28 -07:00
omap2 ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
pnx4008 video: pnx4008: convert drivers/video/pnx4008/* to use module_platform_driver() 2011-12-19 20:21:43 +00:00
riva riva/fbdev: fix several -Wuninitialized 2012-02-13 02:59:14 +00:00
savage Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
sis sisfb: use display information in info not in var for panning 2011-08-19 10:34:52 +02:00
vermilion atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
via Merge branch 'viafb-next' of git://github.com/schandinat/linux-2.6 into fbdev-next 2012-03-13 23:19:58 +00:00
68328fb.c 68328fb: use display information in info not in var for panning 2011-08-19 10:28:58 +02:00
acornfb.c acornfb: use display information in info not in var for panning 2011-08-19 10:29:34 +02:00
acornfb.h
amba-clcd.c fbdev: amba: Enable module alias autogeneration for AMBA drivers 2011-11-22 10:58:33 +00:00
amifb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
arcfb.c video: Convert vmalloc/memset to vzalloc 2011-06-02 17:25:35 +09:00
arkfb.c arkfb: use display information in info not in var for panning 2011-08-19 10:29:44 +02:00
asiliantfb.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
atafb.c m68k/atari: Do not use "/" in interrupt names 2011-05-19 18:19:10 +02:00
atafb.h
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atmel_lcdfb.c atmel_lcdfb: support 16bit BGR:565 mode, remove unsupported 15bit modes 2012-01-28 19:54:10 +00:00
au1100fb.c fbdev: fix au1*fb builds 2012-04-08 14:27:09 +00:00
au1100fb.h fb: fix au1100fb bitrot. 2011-10-03 15:52:38 +00:00
au1200fb.c fbdev: fix au1*fb builds 2012-04-08 14:27:09 +00:00
au1200fb.h
bf54x-lq043fb.c video: use gpio_request_one 2012-01-28 20:50:11 +00:00
bf537-lq035.c video: use gpio_request_one 2012-01-28 20:50:11 +00:00
bfin-lq035q1-fb.c blackfin: fix compile error in bfin-lq035q1-fb.c 2012-04-26 14:46:51 -04:00
bfin-t350mcqb-fb.c treewide: Fix comment and string typo 'bufer' 2011-12-06 09:53:40 +01:00
bfin_adv7393fb.c fbdev: bfin_adv7393fb: Drop needless include 2012-03-21 10:27:37 +00:00
bfin_adv7393fb.h Fix common misspellings 2011-03-31 11:26:23 -03:00
broadsheetfb.c video: Convert vmalloc/memset to vzalloc 2011-06-02 17:25:35 +09:00
bt431.h Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
bt455.h Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
bw2.c dt/video: Eliminate users of of_platform_{,un}register_driver 2011-02-28 13:22:45 -07:00
c2p.h
c2p_core.h
c2p_iplan2.c
c2p_planar.c
carminefb.c video: Add module.h to drivers/video files who really use it. 2011-10-31 19:31:33 -04:00
carminefb.h
carminefb_regs.h
cfbcopyarea.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cfbfillrect.c
cfbimgblt.c
cg3.c dt/video: Eliminate users of of_platform_{,un}register_driver 2011-02-28 13:22:45 -07:00
cg6.c video: add missing framebuffer_release in error path 2011-03-22 16:35:44 +09:00
cg14.c video: add missing framebuffer_release in error path 2011-03-22 16:35:44 +09:00
chipsfb.c console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
cirrusfb.c Merge branch 'fbdev-next' of git://github.com/schandinat/linux-2.6 2012-01-14 15:11:19 -08:00
clps711xfb.c clps711xfb: convert to proc_fops 2009-12-16 07:20:04 -08:00
cobalt_lcdfb.c video: Add module.h to drivers/video files who really use it. 2011-10-31 19:31:33 -04:00
controlfb.c Drivers: video: controlfb: fixed a brace coding style issue 2011-11-22 01:00:16 +00:00
controlfb.h
cyber2000fb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
cyber2000fb.h VIDEO: cyberpro: remove unused cyber2000fb_get_fb_var() 2011-02-11 10:16:07 +00:00
da8xx-fb.c fbdev: da8xx: add support for SP10Q010 display 2012-03-19 22:59:47 +00:00
dnfb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
edid.h video: Fix EDID macros H_SYNC_WIDTH and H_SYNC_OFFSET 2011-03-22 16:45:03 +09:00
efifb.c efifb: Fix call to wrong unregister function 2011-06-14 16:37:46 +09:00
ep93xx-fb.c ep93xx: Use ioremap for backlight driver 2012-03-14 11:41:10 +11:00
epson1355fb.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
fb-puv3.c fbdev: unicore32: use display information in info not in var for panning 2011-08-19 10:31:01 +02:00
fb_ddc.c video: Add module.h to drivers/video files who really use it. 2011-10-31 19:31:33 -04:00
fb_defio.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-3.x into fbdev-next 2011-08-29 09:14:30 +00:00
fb_draw.h
fb_notify.c video: Add export.h for THIS_MODULE/EXPORT_SYMBOL to drivers/video 2011-10-31 19:31:33 -04:00
fb_sys_fops.c
fbcmap.c framebuffer: fix fbcmap.c kernel-doc warning 2010-11-26 15:05:08 +09:00
fbcvt.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
fbmem.c udlfb: remove sysfs framebuffer device with USB .disconnect() 2012-03-15 13:35:22 +00:00
fbmon.c fbdev: fix parsing of standard timings 2011-09-01 00:31:05 +00:00
fbsysfs.c fb: avoid possible deadlock caused by fb_set_suspend 2011-09-02 17:58:29 +00:00
ffb.c video: ffb: fix ffb_probe error path 2011-03-22 16:18:51 +09:00
fm2fb.c Fix common misspellings 2011-03-31 11:26:23 -03:00
fsl-diu-fb.c drivers/video: compile fixes for fsl-diu-fb.c 2012-01-28 19:35:24 +00:00
g364fb.c g364fb: use display information in info not in var for panning 2011-08-19 10:31:09 +02:00
gbefb.c Fix common misspellings 2011-03-31 11:26:23 -03:00
grvga.c grvga: fix section mismatch warnings 2012-01-03 16:02:55 +00:00
gxt4500.c gxt4500: use display information in info not in var for panning 2011-08-19 10:31:17 +02:00
hecubafb.c hecubafb: add module_put on error path in hecubafb_probe() 2011-06-24 17:00:39 +09:00
hgafb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
hitfb.c hitfb: fix sections 2010-05-25 08:07:09 -07:00
hpfb.c video: hpfb: use resource_size() 2011-03-22 16:07:32 +09:00
i740_reg.h Resurrect Intel740 driver: i740fb 2012-02-15 04:31:21 +00:00
i740fb.c i740fb: fix compile error when CONFIG_MTRR is not selected 2012-02-19 19:11:51 +00:00
igafb.c doc: fix broken references 2011-09-27 18:08:04 +02:00
imsttfb.c imsttfb: use display information in info not in var for panning 2011-08-19 10:31:39 +02:00
imxfb.c drivers/video/imxfb.c: add missing clk_put 2011-06-02 17:07:41 +09:00
jz4740_fb.c console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
Kconfig ARM: global cleanups 2012-03-27 16:03:32 -07:00
leo.c dt/video: Eliminate users of of_platform_{,un}register_driver 2011-02-28 13:22:45 -07:00
macfb.c macfb: fix black and white modes 2012-01-22 14:50:02 +01:00
macmodes.c fbdev: add some missing mac modes 2010-02-27 18:31:14 +01:00
macmodes.h
Makefile Resurrect Intel740 driver: i740fb 2012-02-15 04:31:21 +00:00
maxinefb.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
metronomefb.c video: Convert vmalloc/memset to vzalloc 2011-06-02 17:25:35 +09:00
modedb.c fbdev: fix indentation in modedb.c 2011-09-14 16:40:52 +00:00
mx3fb.c dmaengine/dma_slave: introduce inline wrappers 2012-03-21 19:20:22 +05:30
mxsfb.c Merge branch 'fbdev-next' of git://github.com/schandinat/linux-2.6 2012-01-14 15:11:19 -08:00
n411.c
neofb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nuc900fb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
nuc900fb.h Fix common misspellings 2011-03-31 11:26:23 -03:00
offb.c offb: Fix setting of the pseudo-palette for >8bpp 2012-01-03 12:09:25 +11:00
output.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
p9100.c dt/video: Eliminate users of of_platform_{,un}register_driver 2011-02-28 13:22:45 -07:00
platinumfb.c video: platinumfb: Add __devexit_p at necessary place 2011-10-15 00:19:58 +00:00
platinumfb.h
pm2fb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pm3fb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pmag-aa-fb.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pmag-ba-fb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
pmagb-b-fb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ps3fb.c video: irq: Remove IRQF_DISABLED 2011-10-03 15:52:22 +00:00
pvr2fb.c drivers/video/pvr2fb.c: ensure arguments to request_irq and free_irq are compatible 2012-03-13 23:17:31 +00:00
pxa3xx-gcu.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
pxa3xx-gcu.h video: add driver for PXA3xx 2D graphics accelerator 2010-12-16 14:31:18 +08:00
pxa168fb.c drivers/video/pxa168fb.c: use devm_ functions 2012-02-24 00:49:59 +00:00
pxa168fb.h fb: add support of LCD display controller on pxa168/910 (base layer) 2009-06-13 00:09:09 +08:00
pxafb.c video: pxafb: add clk_prepare/clk_unprepare calls 2012-03-21 10:29:01 +00:00
pxafb.h ARM: pxafb: rework pxafb overlay memory management 2011-03-16 17:37:03 +08:00
q40fb.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
s1d13xxxfb.c s1d13xxxfb: drop unused code 2010-12-21 01:05:43 +09:00
s3c-fb.c video: s3c-fb: Add support EXYNOS5 FIMD 2012-03-06 11:57:14 +00:00
s3c2410fb.c video: s3c2410: fix checkpatch error and warnings 2011-12-03 22:10:43 +00:00
s3c2410fb.h s3c-fb: CPUFREQ frequency scaling support 2009-06-16 19:47:59 -07:00
s3fb.c s3fb: fix Virge/VX 2011-12-21 02:25:21 +00:00
sa1100fb.c FB: sa11x0: convert to use platform resource and ioremap() 2012-02-24 09:39:59 +00:00
sa1100fb.h FB: sa11x0: convert to use platform resource and ioremap() 2012-02-24 09:39:59 +00:00
sbuslib.c Drivers: video: sbuslib: fixed a brace coding style issue 2011-11-22 01:00:24 +00:00
sbuslib.h
sgivwfb.c sgivwfb: fix sections 2010-05-25 08:07:09 -07:00
sh7760fb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
sh_mipi_dsi.c fbdev: sh_mipi_dsi: add extra phyctrl for sh_mipi_dsi_info 2012-03-21 07:24:01 +00:00
sh_mobile_hdmi.c fbdev: sh_mobile_hdmi: Don't access LCDC fb_info 2012-03-12 22:40:54 +01:00
sh_mobile_lcdcfb.c fbdev: sh_mobile_meram: Remove unneeded sanity checks 2012-03-12 22:41:14 +01:00
sh_mobile_lcdcfb.h fbdev: sh_mobile_lcdc: Don't store copy of platform data 2012-03-12 22:41:12 +01:00
sh_mobile_meram.c fbdev: sh_mobile_meram: Implement system suspend/resume 2012-03-12 22:41:14 +01:00
skeletonfb.c video: Fix speficied typo 2011-06-24 17:14:39 +09:00
sm501fb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
smscufx.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
sstfb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
sticore.h Fix common misspellings 2011-03-31 11:26:23 -03:00
stifb.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
sunxvr500.c Merge branch 'master' into export-slabh 2010-04-05 11:37:28 +09:00
sunxvr1000.c dt/video: Eliminate users of of_platform_{,un}register_driver 2011-02-28 13:22:45 -07:00
sunxvr2500.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
svgalib.c svga: Make svga_set_timings() take an iomem regbase pointer. 2011-03-22 15:47:22 +09:00
syscopyarea.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysfillrect.c
sysimgblt.c
tcx.c video: add missing framebuffer_release in error path 2011-03-22 16:35:44 +09:00
tdfxfb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
tgafb.c fix typos concerning "initiali[zs]e" 2010-06-16 18:05:05 +02:00
tmiofb.c video: irq: Remove IRQF_DISABLED 2011-10-03 15:52:22 +00:00
tridentfb.c tridentfb: use display information in info not in var for panning 2011-08-19 10:35:18 +02:00
udlfb.c fbdev updates for 3.4 2012-03-22 20:43:40 -07:00
uvesafb.c connector/userns: replace netlink uses of cap_raised() with capable() 2012-05-10 23:21:39 -04:00
valkyriefb.c video: Fix speficied typo 2011-06-24 17:14:39 +09:00
valkyriefb.h valkyriefb: various fixes 2010-02-27 18:31:13 +01:00
vesafb.c vesafb: fix memory leak 2011-07-04 16:02:48 +09:00
vfb.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
vga16fb.c vga16fb: use display information in info not in var for panning 2011-08-19 10:35:34 +02:00
vgastate.c
vt8500lcdfb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
vt8500lcdfb.h ARM: Add support for the display controllers in VT8500 and WM8505 2010-11-09 18:52:07 +09:00
vt8623fb.c vt8623fb: use display information in info not in var for panning 2011-08-19 10:36:20 +02:00
w100fb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
w100fb.h
wm8505fb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
wm8505fb_regs.h ARM: Add support for the display controllers in VT8500 and WM8505 2010-11-09 18:52:07 +09:00
wmt_ge_rops.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00
wmt_ge_rops.h ARM: Add support for the display controllers in VT8500 and WM8505 2010-11-09 18:52:07 +09:00
xen-fbfront.c Xen: consolidate and simplify struct xenbus_driver instantiation 2012-01-04 17:01:17 -05:00
xilinxfb.c video: convert drivers/video/* to use module_platform_driver() 2011-12-03 22:08:42 +00:00