+++ /dev/null
-From foo@baz Sat Sep 29 04:32:11 PDT 2018
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-Date: Tue, 5 Jun 2018 11:00:10 +0200
-Subject: audit: Fix extended comparison of GID/EGID
-
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-
-[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
-
-The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
-functions to check GID/EGID match, but these functions use the current
-task's credentials, while the comparison should use the credentials of
-the task given to audit_filter_rules() as a parameter (tsk).
-
-Note that we can use group_search(cred->group_info, ...) as a
-replacement for both in_group_p and in_egroup_p as these functions only
-compare the parameter to cred->fsgid/egid and then call group_search.
-
-In fact, the usage of in_group_p was even more incorrect: it compares to
-cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
-
-GitHub issue:
-https://github.com/linux-audit/audit-kernel/issues/82
-
-Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/auditsc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -484,20 +484,20 @@ static int audit_filter_rules(struct tas
- result = audit_gid_comparator(cred->gid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_group_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_group_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_EGID:
- result = audit_gid_comparator(cred->egid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_egroup_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_egroup_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_SGID:
arm-mvebu-declare-asm-symbols-as-character-arrays-in-pmsu.c.patch
hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch
scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch
-audit-fix-extended-comparison-of-gid-egid.patch
asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch
module-exclude-shn_undef-symbols-from-kallsyms-api.patch
nfsd-fix-corrupted-reply-to-badly-ordered-compound.patch
+++ /dev/null
-From foo@baz Sat Sep 29 04:27:59 PDT 2018
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-Date: Tue, 5 Jun 2018 11:00:10 +0200
-Subject: audit: Fix extended comparison of GID/EGID
-
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-
-[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
-
-The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
-functions to check GID/EGID match, but these functions use the current
-task's credentials, while the comparison should use the credentials of
-the task given to audit_filter_rules() as a parameter (tsk).
-
-Note that we can use group_search(cred->group_info, ...) as a
-replacement for both in_group_p and in_egroup_p as these functions only
-compare the parameter to cred->fsgid/egid and then call group_search.
-
-In fact, the usage of in_group_p was even more incorrect: it compares to
-cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
-
-GitHub issue:
-https://github.com/linux-audit/audit-kernel/issues/82
-
-Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/auditsc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -490,20 +490,20 @@ static int audit_filter_rules(struct tas
- result = audit_gid_comparator(cred->gid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_group_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_group_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_EGID:
- result = audit_gid_comparator(cred->egid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_egroup_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_egroup_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_SGID:
perf-x86-intel-lbr-fix-incomplete-lbr-call-stack.patch
scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch
iomap-complete-partial-direct-i-o-writes-synchronously.patch
-audit-fix-extended-comparison-of-gid-egid.patch
scsi-megaraid_sas-update-controller-info-during-resume.patch
edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch
asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch
+++ /dev/null
-From foo@baz Sat Sep 29 04:24:28 PDT 2018
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-Date: Tue, 5 Jun 2018 11:00:10 +0200
-Subject: audit: Fix extended comparison of GID/EGID
-
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-
-[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
-
-The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
-functions to check GID/EGID match, but these functions use the current
-task's credentials, while the comparison should use the credentials of
-the task given to audit_filter_rules() as a parameter (tsk).
-
-Note that we can use group_search(cred->group_info, ...) as a
-replacement for both in_group_p and in_egroup_p as these functions only
-compare the parameter to cred->fsgid/egid and then call group_search.
-
-In fact, the usage of in_group_p was even more incorrect: it compares to
-cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
-
-GitHub issue:
-https://github.com/linux-audit/audit-kernel/issues/82
-
-Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/auditsc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -494,20 +494,20 @@ static int audit_filter_rules(struct tas
- result = audit_gid_comparator(cred->gid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_group_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_group_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_EGID:
- result = audit_gid_comparator(cred->egid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_egroup_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_egroup_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_SGID:
scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch
iomap-complete-partial-direct-i-o-writes-synchronously.patch
scsi-hisi_sas-fix-the-conflict-between-dev-gone-and-host-reset.patch
-audit-fix-extended-comparison-of-gid-egid.patch
spi-orion-fix-cs-gpio-handling-again.patch
scsi-megaraid_sas-update-controller-info-during-resume.patch
asoc-intel-bytcr_rt5640-fix-acer-iconia-8-over-current-detect-threshold.patch
+++ /dev/null
-From foo@baz Sat Sep 29 04:30:43 PDT 2018
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-Date: Tue, 5 Jun 2018 11:00:10 +0200
-Subject: audit: Fix extended comparison of GID/EGID
-
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-
-[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
-
-The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
-functions to check GID/EGID match, but these functions use the current
-task's credentials, while the comparison should use the credentials of
-the task given to audit_filter_rules() as a parameter (tsk).
-
-Note that we can use group_search(cred->group_info, ...) as a
-replacement for both in_group_p and in_egroup_p as these functions only
-compare the parameter to cred->fsgid/egid and then call group_search.
-
-In fact, the usage of in_group_p was even more incorrect: it compares to
-cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
-
-GitHub issue:
-https://github.com/linux-audit/audit-kernel/issues/82
-
-Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/auditsc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -489,20 +489,20 @@ static int audit_filter_rules(struct tas
- result = audit_gid_comparator(cred->gid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_group_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_group_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_EGID:
- result = audit_gid_comparator(cred->egid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_egroup_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_egroup_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_SGID:
arm-mvebu-declare-asm-symbols-as-character-arrays-in-pmsu.c.patch
hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch
scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch
-audit-fix-extended-comparison-of-gid-egid.patch
edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch
asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch
module-exclude-shn_undef-symbols-from-kallsyms-api.patch
+++ /dev/null
-From foo@baz Sat Sep 29 04:29:21 PDT 2018
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-Date: Tue, 5 Jun 2018 11:00:10 +0200
-Subject: audit: Fix extended comparison of GID/EGID
-
-From: "Ondrej Mosnáček" <omosnace@redhat.com>
-
-[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
-
-The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
-functions to check GID/EGID match, but these functions use the current
-task's credentials, while the comparison should use the credentials of
-the task given to audit_filter_rules() as a parameter (tsk).
-
-Note that we can use group_search(cred->group_info, ...) as a
-replacement for both in_group_p and in_egroup_p as these functions only
-compare the parameter to cred->fsgid/egid and then call group_search.
-
-In fact, the usage of in_group_p was even more incorrect: it compares to
-cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
-
-GitHub issue:
-https://github.com/linux-audit/audit-kernel/issues/82
-
-Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/auditsc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -488,20 +488,20 @@ static int audit_filter_rules(struct tas
- result = audit_gid_comparator(cred->gid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_group_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_group_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_EGID:
- result = audit_gid_comparator(cred->egid, f->op, f->gid);
- if (f->op == Audit_equal) {
- if (!result)
-- result = in_egroup_p(f->gid);
-+ result = groups_search(cred->group_info, f->gid);
- } else if (f->op == Audit_not_equal) {
- if (result)
-- result = !in_egroup_p(f->gid);
-+ result = !groups_search(cred->group_info, f->gid);
- }
- break;
- case AUDIT_SGID:
hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch
perf-x86-intel-lbr-fix-incomplete-lbr-call-stack.patch
scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch
-audit-fix-extended-comparison-of-gid-egid.patch
scsi-megaraid_sas-update-controller-info-during-resume.patch
edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch
asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
