From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 3 Aug 2016 13:28:04 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v3.14.75~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=956a83c5b87e8bd4e9ee7c90790d6fda08b8a5d3;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ovl-handle-attr_kill.patch
---

diff --git a/queue-4.4/ovl-handle-attr_kill.patch b/queue-4.4/ovl-handle-attr_kill.patch
new file mode 100644
index 00000000000..6e155872168
--- /dev/null
+++ b/queue-4.4/ovl-handle-attr_kill.patch
@@ -0,0 +1,43 @@
+From b99c2d913810e56682a538c9f2394d76fca808f8 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Mon, 4 Jul 2016 16:49:48 +0200
+Subject: ovl: handle ATTR_KILL*
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit b99c2d913810e56682a538c9f2394d76fca808f8 upstream.
+
+Before 4bacc9c9234c ("overlayfs: Make f_path...") file->f_path pointed to
+the underlying file, hence suid/sgid removal on write worked fine.
+
+After that patch file->f_path pointed to the overlay file, and the file
+mode bits weren't copied to overlay_inode->i_mode.  So the suid/sgid
+removal simply stopped working.
+
+The fix is to copy the mode bits, but then ovl_setattr() needs to clear
+ATTR_MODE to avoid the BUG() in notify_change().  So do this first, then in
+the next patch copy the mode.
+
+Reported-by: Eryu Guan <eguan@redhat.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
+Cc: Eric Schultz <eric@startuperic.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/overlayfs/inode.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/overlayfs/inode.c
++++ b/fs/overlayfs/inode.c
+@@ -63,6 +63,9 @@ int ovl_setattr(struct dentry *dentry, s
+ 	if (!err) {
+ 		upperdentry = ovl_dentry_upper(dentry);
+ 
++		if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
++			attr->ia_valid &= ~ATTR_MODE;
++
+ 		mutex_lock(&upperdentry->d_inode->i_mutex);
+ 		err = notify_change(upperdentry, attr, NULL);
+ 		if (!err)
diff --git a/queue-4.4/series b/queue-4.4/series
index 543f29e144c..c72620ab7b8 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -48,3 +48,4 @@ qeth-delete-napi-struct-when-removing-a-qeth-device.patch
 block-fix-use-after-free-in-sys_ioprio_get.patch
 mmc-block-fix-packed-command-header-endianness.patch
 sched-fair-fix-effective_load-to-consistently-use-smoothed-load.patch
+ovl-handle-attr_kill.patch