4.4-stable patches

added patches:
	proc-only-require-mm_struct-for-writing.patch

diff --git a/queue-4.4/proc-only-require-mm_struct-for-writing.patch b/queue-4.4/proc-only-require-mm_struct-for-writing.patch
new file mode 100644 (file)
index 0000000..86392aa
--- /dev/null
+++ b/queue-4.4/proc-only-require-mm_struct-for-writing.patch
@@ -0,0 +1,48 @@
+From 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 15 Jun 2021 09:26:19 -0700
+Subject: proc: only require mm_struct for writing
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 upstream.
+
+Commit 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct") we
+started using __mem_open() to track the mm_struct at open-time, so that
+we could then check it for writes.
+
+But that also ended up making the permission checks at open time much
+stricter - and not just for writes, but for reads too.  And that in turn
+caused a regression for at least Fedora 29, where NIC interfaces fail to
+start when using NetworkManager.
+
+Since only the write side wanted the mm_struct test, ignore any failures
+by __mem_open() at open time, leaving reads unaffected.  The write()
+time verification of the mm_struct pointer will then catch the failure
+case because a NULL pointer will not match a valid 'current->mm'.
+
+Link: https://lore.kernel.org/netdev/YMjTlp2FSJYvoyFa@unreal/
+Fixes: 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct")
+Reported-and-tested-by: Leon Romanovsky <leon@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Christian Brauner <christian.brauner@ubuntu.com>
+Cc: Andrea Righi <andrea.righi@canonical.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/proc/base.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -2386,7 +2386,9 @@ out:
+ #ifdef CONFIG_SECURITY
+ static int proc_pid_attr_open(struct inode *inode, struct file *file)
+ {
+-      return __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS);
++      file->private_data = NULL;
++      __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS);
++      return 0;
+ }
+ 
+ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,

diff --git a/queue-4.4/series b/queue-4.4/series
index 5cbcf528819985258b83855ec954947803b75e76..3fc8419f934fcf523bd7fa52a6a491c03f7cd57c 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -32,3 +32,4 @@ kvm-fix-previous-commit-for-32-bit-builds.patch
 nfsv4-nfs4_proc_set_acl-needs-to-restore-nfs_cap_uidgid_nomap-on-error.patch
 scsi-core-only-put-parent-device-if-host-state-differs-from-shost_created.patch
 ftrace-do-not-blindly-read-the-ip-address-in-ftrace_bug.patch
+proc-only-require-mm_struct-for-writing.patch