From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 16 Jun 2021 07:44:41 +0000 (+0200)
Subject: 5.12-stable patches
X-Git-Tag: v4.4.273~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e0b5aa2e55f8dddb737ae61b461d0cfb7ec1bb5;p=thirdparty%2Fkernel%2Fstable-queue.git

5.12-stable patches

added patches:
	proc-only-require-mm_struct-for-writing.patch
---

diff --git a/queue-5.12/proc-only-require-mm_struct-for-writing.patch b/queue-5.12/proc-only-require-mm_struct-for-writing.patch
new file mode 100644
index 00000000000..05d50286473
--- /dev/null
+++ b/queue-5.12/proc-only-require-mm_struct-for-writing.patch
@@ -0,0 +1,48 @@
+From 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 15 Jun 2021 09:26:19 -0700
+Subject: proc: only require mm_struct for writing
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 upstream.
+
+Commit 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct") we
+started using __mem_open() to track the mm_struct at open-time, so that
+we could then check it for writes.
+
+But that also ended up making the permission checks at open time much
+stricter - and not just for writes, but for reads too.  And that in turn
+caused a regression for at least Fedora 29, where NIC interfaces fail to
+start when using NetworkManager.
+
+Since only the write side wanted the mm_struct test, ignore any failures
+by __mem_open() at open time, leaving reads unaffected.  The write()
+time verification of the mm_struct pointer will then catch the failure
+case because a NULL pointer will not match a valid 'current->mm'.
+
+Link: https://lore.kernel.org/netdev/YMjTlp2FSJYvoyFa@unreal/
+Fixes: 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct")
+Reported-and-tested-by: Leon Romanovsky <leon@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Christian Brauner <christian.brauner@ubuntu.com>
+Cc: Andrea Righi <andrea.righi@canonical.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/proc/base.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -2676,7 +2676,9 @@ out:
+ #ifdef CONFIG_SECURITY
+ static int proc_pid_attr_open(struct inode *inode, struct file *file)
+ {
+-	return __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS);
++	file->private_data = NULL;
++	__mem_open(inode, file, PTRACE_MODE_READ_FSCREDS);
++	return 0;
+ }
+ 
+ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
diff --git a/queue-5.12/series b/queue-5.12/series
index 6358ba3ec5f..b341cd76836 100644
--- a/queue-5.12/series
+++ b/queue-5.12/series
@@ -170,3 +170,4 @@ scsi-core-fix-error-handling-of-scsi_host_alloc.patch
 scsi-core-fix-failure-handling-of-scsi_add_host_with_dma.patch
 scsi-core-put-.shost_dev-in-failure-path-if-host-state-changes-to-running.patch
 scsi-core-only-put-parent-device-if-host-state-differs-from-shost_created.patch
+proc-only-require-mm_struct-for-writing.patch