From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Jan 2018 13:54:18 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.114~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d6bca7a164d30687fd98e3cc6a6a538254e9bdf;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	nfsd-auth-fix-gid-sorting-when-rootsquash-enabled.patch
---

diff --git a/queue-4.9/nfsd-auth-fix-gid-sorting-when-rootsquash-enabled.patch b/queue-4.9/nfsd-auth-fix-gid-sorting-when-rootsquash-enabled.patch
new file mode 100644
index 00000000000..e328c690f6a
--- /dev/null
+++ b/queue-4.9/nfsd-auth-fix-gid-sorting-when-rootsquash-enabled.patch
@@ -0,0 +1,47 @@
+From 1995266727fa8143897e89b55f5d3c79aa828420 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Date: Mon, 22 Jan 2018 20:11:06 +0000
+Subject: nfsd: auth: Fix gid sorting when rootsquash enabled
+
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+
+commit 1995266727fa8143897e89b55f5d3c79aa828420 upstream.
+
+Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
+group_info allocators") appears to break nfsd rootsquash in a pretty
+major way.
+
+It adds a call to groups_sort() inside the loop that copies/squashes
+gids, which means the valid gids are sorted along with the following
+garbage.  The net result is that the highest numbered valid gids are
+replaced with any lower-valued garbage gids, possibly including 0.
+
+We should sort only once, after filling in all the gids.
+
+Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility ...")
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Acked-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Wolfgang Walter <linux@stwm.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/auth.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/nfsd/auth.c
++++ b/fs/nfsd/auth.c
+@@ -59,10 +59,10 @@ int nfsd_setuser(struct svc_rqst *rqstp,
+ 				gi->gid[i] = exp->ex_anon_gid;
+ 			else
+ 				gi->gid[i] = rqgi->gid[i];
+-
+-			/* Each thread allocates its own gi, no race */
+-			groups_sort(gi);
+ 		}
++
++		/* Each thread allocates its own gi, no race */
++		groups_sort(gi);
+ 	} else {
+ 		gi = get_group_info(rqgi);
+ 	}
diff --git a/queue-4.9/series b/queue-4.9/series
index 6748886e487..422dff7a077 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -64,3 +64,4 @@ bpf-avoid-false-sharing-of-map-refcount-with-max_entries.patch
 bpf-fix-divides-by-zero.patch
 bpf-fix-32-bit-divide-by-zero.patch
 bpf-reject-stores-into-ctx-via-st-and-xadd.patch
+nfsd-auth-fix-gid-sorting-when-rootsquash-enabled.patch