From: Greg Kroah-Hartman Date: Tue, 23 Jul 2019 11:06:27 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v5.2.3~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=703ae76092e60fc6f9cd16ee1e0175366d75a000;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm64-tegra-fix-agic-register-range.patch fs-proc-proc_sysctl.c-fix-the-default-values-of-i_uid-i_gid-on-proc-sys-inodes.patch --- diff --git a/queue-4.14/arm64-tegra-fix-agic-register-range.patch b/queue-4.14/arm64-tegra-fix-agic-register-range.patch new file mode 100644 index 00000000000..32b01558a65 --- /dev/null +++ b/queue-4.14/arm64-tegra-fix-agic-register-range.patch @@ -0,0 +1,38 @@ +From ba24eee6686f6ed3738602b54d959253316a9541 Mon Sep 17 00:00:00 2001 +From: Jon Hunter +Date: Thu, 20 Jun 2019 09:17:00 +0100 +Subject: arm64: tegra: Fix AGIC register range + +From: Jon Hunter + +commit ba24eee6686f6ed3738602b54d959253316a9541 upstream. + +The Tegra AGIC interrupt controller is an ARM GIC400 interrupt +controller. Per the ARM GIC device-tree binding, the first address +region is for the GIC distributor registers and the second address +region is for the GIC CPU interface registers. The address space for +the distributor registers is 4kB, but currently this is incorrectly +defined as 8kB for the Tegra AGIC and overlaps with the CPU interface +registers. Correct the address space for the distributor to be 4kB. + +Cc: stable@vger.kernel.org +Signed-off-by: Jon Hunter +Fixes: bcdbde433542 ("arm64: tegra: Add AGIC node for Tegra210") +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/nvidia/tegra210.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/boot/dts/nvidia/tegra210.dtsi ++++ b/arch/arm64/boot/dts/nvidia/tegra210.dtsi +@@ -1103,7 +1103,7 @@ + compatible = "nvidia,tegra210-agic"; + #interrupt-cells = <3>; + interrupt-controller; +- reg = <0x702f9000 0x2000>, ++ reg = <0x702f9000 0x1000>, + <0x702fa000 0x2000>; + interrupts = ; + clocks = <&tegra_car TEGRA210_CLK_APE>; diff --git a/queue-4.14/fs-proc-proc_sysctl.c-fix-the-default-values-of-i_uid-i_gid-on-proc-sys-inodes.patch b/queue-4.14/fs-proc-proc_sysctl.c-fix-the-default-values-of-i_uid-i_gid-on-proc-sys-inodes.patch new file mode 100644 index 00000000000..c0345a3de93 --- /dev/null +++ b/queue-4.14/fs-proc-proc_sysctl.c-fix-the-default-values-of-i_uid-i_gid-on-proc-sys-inodes.patch @@ -0,0 +1,87 @@ +From 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf Mon Sep 17 00:00:00 2001 +From: Radoslaw Burny +Date: Tue, 16 Jul 2019 16:26:51 -0700 +Subject: fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes. + +From: Radoslaw Burny + +commit 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf upstream. + +Normally, the inode's i_uid/i_gid are translated relative to s_user_ns, +but this is not a correct behavior for proc. Since sysctl permission +check in test_perm is done against GLOBAL_ROOT_[UG]ID, it makes more +sense to use these values in u_[ug]id of proc inodes. In other words: +although uid/gid in the inode is not read during test_perm, the inode +logically belongs to the root of the namespace. I have confirmed this +with Eric Biederman at LPC and in this thread: + https://lore.kernel.org/lkml/87k1kzjdff.fsf@xmission.com + +Consequences +============ + +Since the i_[ug]id values of proc nodes are not used for permissions +checks, this change usually makes no functional difference. However, it +causes an issue in a setup where: + + * a namespace container is created without root user in container - + hence the i_[ug]id of proc nodes are set to INVALID_[UG]ID + + * container creator tries to configure it by writing /proc/sys files, + e.g. writing /proc/sys/kernel/shmmax to configure shared memory limit + +Kernel does not allow to open an inode for writing if its i_[ug]id are +invalid, making it impossible to write shmmax and thus - configure the +container. + +Using a container with no root mapping is apparently rare, but we do use +this configuration at Google. Also, we use a generic tool to configure +the container limits, and the inability to write any of them causes a +failure. + +History +======= + +The invalid uids/gids in inodes first appeared due to 81754357770e (fs: +Update i_[ug]id_(read|write) to translate relative to s_user_ns). +However, AFAIK, this did not immediately cause any issues. The +inability to write to these "invalid" inodes was only caused by a later +commit 0bd23d09b874 (vfs: Don't modify inodes with a uid or gid unknown +to the vfs). + +Tested: Used a repro program that creates a user namespace without any +mapping and stat'ed /proc/$PID/root/proc/sys/kernel/shmmax from outside. +Before the change, it shows the overflow uid, with the change it's 0. +The overflow uid indicates that the uid in the inode is not correct and +thus it is not possible to open the file for writing. + +Link: http://lkml.kernel.org/r/20190708115130.250149-1-rburny@google.com +Fixes: 0bd23d09b874 ("vfs: Don't modify inodes with a uid or gid unknown to the vfs") +Signed-off-by: Radoslaw Burny +Acked-by: Luis Chamberlain +Cc: Kees Cook +Cc: "Eric W . Biederman" +Cc: Seth Forshee +Cc: John Sperbeck +Cc: Alexey Dobriyan +Cc: [4.8+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/proc/proc_sysctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/proc/proc_sysctl.c ++++ b/fs/proc/proc_sysctl.c +@@ -498,6 +498,10 @@ static struct inode *proc_sys_make_inode + + if (root->set_ownership) + root->set_ownership(head, table, &inode->i_uid, &inode->i_gid); ++ else { ++ inode->i_uid = GLOBAL_ROOT_UID; ++ inode->i_gid = GLOBAL_ROOT_GID; ++ } + + return inode; + } diff --git a/queue-4.14/series b/queue-4.14/series index 4e1d15980a4..9d2d99277e1 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -142,3 +142,5 @@ alsa-hda-realtek-apply-alc891-headset-fixup-to-one-dell-machine.patch media-v4l2-test-type-instead-of-cfg-type-in-v4l2_ctrl_new_custom.patch media-coda-remove-unbalanced-and-unneeded-mutex-unlock.patch kvm-x86-vpmu-refine-kvm_pmu-err-msg-when-event-creation-failed.patch +arm64-tegra-fix-agic-register-range.patch +fs-proc-proc_sysctl.c-fix-the-default-values-of-i_uid-i_gid-on-proc-sys-inodes.patch