3.12-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)
diff --git a/queue-3.12/series b/queue-3.12/series

index 355976c2afb0093a987a040cb1ad505c334484cb..dd7a149344f22af67eeceb799dbefdd442e28d6c 100644 (file)
--- a/queue-3.12/series
+++ b/queue-3.12/series
@@ -58,3 +58,4 @@ inet-fix-possible-seqlock-deadlocks.patch
  ipv6-fix-possible-seqlock-deadlock-in-ip6_finish_output2.patch
  pktgen-xfrm-update-ipv4-header-total-len-and-checksum-after-tranformation.patch
  xfrm-fix-null-pointer-dereference-when-decoding-sessions.patch
+xfs-add-capability-check-to-free-eofblocks-ioctl.patch
diff --git a/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch b/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch

new file mode 100644 (file)

index 0000000..d42731c
--- /dev/null
+++ b/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch
@@ -0,0 +1,45 @@
+From 8c567a7fab6e086a0284eee2db82348521e7120c Mon Sep 17 00:00:00 2001
+From: Dwight Engen <dwight.engen@oracle.com>
+Date: Thu, 15 Aug 2013 14:08:03 -0400
+Subject: xfs: add capability check to free eofblocks ioctl
+
+From: Dwight Engen <dwight.engen@oracle.com>
+
+commit 8c567a7fab6e086a0284eee2db82348521e7120c upstream.
+
+Check for CAP_SYS_ADMIN since the caller can truncate preallocated
+blocks from files they do not own nor have write access to. A more
+fine grained access check was considered: require the caller to
+specify their own uid/gid and to use inode_permission to check for
+write, but this would not catch the case of an inode not reachable
+via path traversal from the callers mount namespace.
+
+Add check for read-only filesystem to free eofblocks ioctl.
+
+Reviewed-by: Brian Foster <bfoster@redhat.com>
+Reviewed-by: Dave Chinner <dchinner@redhat.com>
+Reviewed-by: Gao feng <gaofeng@cn.fujitsu.com>
+Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
+Signed-off-by: Ben Myers <bpm@sgi.com>
+Cc: Kees Cook <keescook@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/xfs/xfs_ioctl.c
++++ b/fs/xfs/xfs_ioctl.c
+@@ -1717,6 +1717,12 @@ xfs_file_ioctl(
+               if (mp->m_flags & XFS_MOUNT_RDONLY)
+                       return -XFS_ERROR(EROFS);
+ 
++              if (!capable(CAP_SYS_ADMIN))
++                      return -EPERM;
++
++              if (mp->m_flags & XFS_MOUNT_RDONLY)
++                      return -XFS_ERROR(EROFS);
++
+               if (copy_from_user(&eofb, arg, sizeof(eofb)))
+                       return -XFS_ERROR(EFAULT);
+
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 6 Dec 2013 17:48:32 +0000 (09:48 -0800)
queue-3.12/series		patch \| blob \| blame \| history
queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch	[new file with mode: 0644]	patch \| blob