mirror of
https://github.com/torvalds/linux.git
synced 2024-12-30 14:52:05 +00:00
Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro: - a couple of ->i_link use-after-free fixes - regression fix for wrong errno on absent device name in mount(2) (this cycle stuff) - ancient UFS braino in large GID handling on Solaris UFS images (bogus cut'n'paste from large UID handling; wrong field checked to decide whether we should look at old (16bit) or new (32bit) field) * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour Abort file_remove_privs() for non-reg. files [fix] get rid of checking for absent device name in vfs_get_tree() apparmorfs: fix use-after-free on symlink traversal securityfs: fix use-after-free on symlink traversal
This commit is contained in:
commit
51987affd6
@ -1817,8 +1817,13 @@ int file_remove_privs(struct file *file)
|
||||
int kill;
|
||||
int error = 0;
|
||||
|
||||
/* Fast path for nothing security related */
|
||||
if (IS_NOSEC(inode))
|
||||
/*
|
||||
* Fast path for nothing security related.
|
||||
* As well for non-regular files, e.g. blkdev inodes.
|
||||
* For example, blkdev_write_iter() might get here
|
||||
* trying to remove privs which it is not allowed to.
|
||||
*/
|
||||
if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
|
||||
return 0;
|
||||
|
||||
kill = dentry_needs_remove_privs(dentry);
|
||||
|
@ -1467,11 +1467,6 @@ int vfs_get_tree(struct fs_context *fc)
|
||||
struct super_block *sb;
|
||||
int error;
|
||||
|
||||
if (fc->fs_type->fs_flags & FS_REQUIRES_DEV && !fc->source) {
|
||||
errorf(fc, "Filesystem requires source device");
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
if (fc->root)
|
||||
return -EBUSY;
|
||||
|
||||
|
@ -229,7 +229,7 @@ ufs_get_inode_gid(struct super_block *sb, struct ufs_inode *inode)
|
||||
case UFS_UID_44BSD:
|
||||
return fs32_to_cpu(sb, inode->ui_u3.ui_44.ui_gid);
|
||||
case UFS_UID_EFT:
|
||||
if (inode->ui_u1.oldids.ui_suid == 0xFFFF)
|
||||
if (inode->ui_u1.oldids.ui_sgid == 0xFFFF)
|
||||
return fs32_to_cpu(sb, inode->ui_u3.ui_sun.ui_gid);
|
||||
/* Fall through */
|
||||
default:
|
||||
|
@ -123,17 +123,22 @@ static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void aafs_evict_inode(struct inode *inode)
|
||||
static void aafs_i_callback(struct rcu_head *head)
|
||||
{
|
||||
truncate_inode_pages_final(&inode->i_data);
|
||||
clear_inode(inode);
|
||||
struct inode *inode = container_of(head, struct inode, i_rcu);
|
||||
if (S_ISLNK(inode->i_mode))
|
||||
kfree(inode->i_link);
|
||||
free_inode_nonrcu(inode);
|
||||
}
|
||||
|
||||
static void aafs_destroy_inode(struct inode *inode)
|
||||
{
|
||||
call_rcu(&inode->i_rcu, aafs_i_callback);
|
||||
}
|
||||
|
||||
static const struct super_operations aafs_super_ops = {
|
||||
.statfs = simple_statfs,
|
||||
.evict_inode = aafs_evict_inode,
|
||||
.destroy_inode = aafs_destroy_inode,
|
||||
.show_path = aafs_show_path,
|
||||
};
|
||||
|
||||
|
@ -27,17 +27,22 @@
|
||||
static struct vfsmount *mount;
|
||||
static int mount_count;
|
||||
|
||||
static void securityfs_evict_inode(struct inode *inode)
|
||||
static void securityfs_i_callback(struct rcu_head *head)
|
||||
{
|
||||
truncate_inode_pages_final(&inode->i_data);
|
||||
clear_inode(inode);
|
||||
struct inode *inode = container_of(head, struct inode, i_rcu);
|
||||
if (S_ISLNK(inode->i_mode))
|
||||
kfree(inode->i_link);
|
||||
free_inode_nonrcu(inode);
|
||||
}
|
||||
|
||||
static void securityfs_destroy_inode(struct inode *inode)
|
||||
{
|
||||
call_rcu(&inode->i_rcu, securityfs_i_callback);
|
||||
}
|
||||
|
||||
static const struct super_operations securityfs_super_operations = {
|
||||
.statfs = simple_statfs,
|
||||
.evict_inode = securityfs_evict_inode,
|
||||
.destroy_inode = securityfs_destroy_inode,
|
||||
};
|
||||
|
||||
static int fill_super(struct super_block *sb, void *data, int silent)
|
||||
|
Loading…
Reference in New Issue
Block a user