From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 6 Dec 2013 17:48:32 +0000 (-0800)
Subject: 3.12-stable patches
X-Git-Tag: v3.4.73~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1899c00e10c88b566f0d760ddb9fe6fd83737084;p=thirdparty%2Fkernel%2Fstable-queue.git

3.12-stable patches

added patches:
	xfs-add-capability-check-to-free-eofblocks-ioctl.patch
---

diff --git a/queue-3.12/series b/queue-3.12/series
index 355976c2afb..dd7a149344f 100644
--- a/queue-3.12/series
+++ b/queue-3.12/series
@@ -58,3 +58,4 @@ inet-fix-possible-seqlock-deadlocks.patch
 ipv6-fix-possible-seqlock-deadlock-in-ip6_finish_output2.patch
 pktgen-xfrm-update-ipv4-header-total-len-and-checksum-after-tranformation.patch
 xfrm-fix-null-pointer-dereference-when-decoding-sessions.patch
+xfs-add-capability-check-to-free-eofblocks-ioctl.patch
diff --git a/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch b/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch
new file mode 100644
index 00000000000..d42731c8e02
--- /dev/null
+++ b/queue-3.12/xfs-add-capability-check-to-free-eofblocks-ioctl.patch
@@ -0,0 +1,45 @@
+From 8c567a7fab6e086a0284eee2db82348521e7120c Mon Sep 17 00:00:00 2001
+From: Dwight Engen <dwight.engen@oracle.com>
+Date: Thu, 15 Aug 2013 14:08:03 -0400
+Subject: xfs: add capability check to free eofblocks ioctl
+
+From: Dwight Engen <dwight.engen@oracle.com>
+
+commit 8c567a7fab6e086a0284eee2db82348521e7120c upstream.
+
+Check for CAP_SYS_ADMIN since the caller can truncate preallocated
+blocks from files they do not own nor have write access to. A more
+fine grained access check was considered: require the caller to
+specify their own uid/gid and to use inode_permission to check for
+write, but this would not catch the case of an inode not reachable
+via path traversal from the callers mount namespace.
+
+Add check for read-only filesystem to free eofblocks ioctl.
+
+Reviewed-by: Brian Foster <bfoster@redhat.com>
+Reviewed-by: Dave Chinner <dchinner@redhat.com>
+Reviewed-by: Gao feng <gaofeng@cn.fujitsu.com>
+Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
+Signed-off-by: Ben Myers <bpm@sgi.com>
+Cc: Kees Cook <keescook@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/xfs/xfs_ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/xfs/xfs_ioctl.c
++++ b/fs/xfs/xfs_ioctl.c
+@@ -1717,6 +1717,12 @@ xfs_file_ioctl(
+ 		if (mp->m_flags & XFS_MOUNT_RDONLY)
+ 			return -XFS_ERROR(EROFS);
+ 
++		if (!capable(CAP_SYS_ADMIN))
++			return -EPERM;
++
++		if (mp->m_flags & XFS_MOUNT_RDONLY)
++			return -XFS_ERROR(EROFS);
++
+ 		if (copy_from_user(&eofb, arg, sizeof(eofb)))
+ 			return -XFS_ERROR(EFAULT);
+