[thirdparty/kernel/stable-queue.git] / releases / 4.4.45 / tmpfs-clear-s_isgid-when-setting-posix-acls.patch

From 497de07d89c1410d76a15bec2bb41f24a2a89f31 Mon Sep 17 00:00:00 2001
From: Gu Zheng <guzheng1@huawei.com>
Date: Mon, 9 Jan 2017 09:34:48 +0800
Subject: tmpfs: clear S_ISGID when setting posix ACLs

From: Gu Zheng <guzheng1@huawei.com>

commit 497de07d89c1410d76a15bec2bb41f24a2a89f31 upstream.

This change was missed the tmpfs modification in In CVE-2016-7097
commit 073931017b49 ("posix_acl: Clear SGID bit when setting
file permissions")
It can test by xfstest generic/375, which failed to clear
setgid bit in the following test case on tmpfs:

  touch $testfile
  chown 100:100 $testfile
  chmod 2755 $testfile
  _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile

Signed-off-by: Gu Zheng <guzheng1@huawei.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/posix_acl.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -903,11 +903,10 @@ int simple_set_acl(struct inode *inode,
 	int error;
 
 	if (type == ACL_TYPE_ACCESS) {
-		error = posix_acl_equiv_mode(acl, &inode->i_mode);
-		if (error < 0)
-			return 0;
-		if (error == 0)
-			acl = NULL;
+		error = posix_acl_update_mode(inode,
+				&inode->i_mode, &acl);
+		if (error)
+			return error;
 	}
 
 	inode->i_ctime = CURRENT_TIME;
Commit	Line	Data
f68557eb GKH	1	From 497de07d89c1410d76a15bec2bb41f24a2a89f31 Mon Sep 17 00:00:00 2001
	2	From: Gu Zheng <guzheng1@huawei.com>
	3	Date: Mon, 9 Jan 2017 09:34:48 +0800
	4	Subject: tmpfs: clear S_ISGID when setting posix ACLs
	5
	6	From: Gu Zheng <guzheng1@huawei.com>
	7
	8	commit 497de07d89c1410d76a15bec2bb41f24a2a89f31 upstream.
	9
	10	This change was missed the tmpfs modification in In CVE-2016-7097
	11	commit 073931017b49 ("posix_acl: Clear SGID bit when setting
	12	file permissions")
	13	It can test by xfstest generic/375, which failed to clear
	14	setgid bit in the following test case on tmpfs:
	15
	16	touch $testfile
	17	chown 100:100 $testfile
	18	chmod 2755 $testfile
	19	_runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile
	20
	21	Signed-off-by: Gu Zheng <guzheng1@huawei.com>
	22	Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
	23	Cc: Brad Spengler <spender@grsecurity.net>
	24	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	25
	26	---
	27	fs/posix_acl.c \| 9 ++++-----
	28	1 file changed, 4 insertions(+), 5 deletions(-)
	29
	30	--- a/fs/posix_acl.c
	31	+++ b/fs/posix_acl.c
	32	@@ -903,11 +903,10 @@ int simple_set_acl(struct inode *inode,
	33	int error;
	34
	35	if (type == ACL_TYPE_ACCESS) {
	36	- error = posix_acl_equiv_mode(acl, &inode->i_mode);
	37	- if (error < 0)
	38	- return 0;
	39	- if (error == 0)
	40	- acl = NULL;
	41	+ error = posix_acl_update_mode(inode,
	42	+ &inode->i_mode, &acl);
	43	+ if (error)
	44	+ return error;
	45	}
	46
	47	inode->i_ctime = CURRENT_TIME;