From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 14 Oct 2016 10:17:08 +0000 (+0200)
Subject: 4.7-stable patches
X-Git-Tag: v4.4.25~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbeb570caa68b234107201158188af3bd8bab483;p=thirdparty%2Fkernel%2Fstable-queue.git

4.7-stable patches

added patches:
	ima-use-file_dentry.patch
---

diff --git a/queue-4.7/ima-use-file_dentry.patch b/queue-4.7/ima-use-file_dentry.patch
new file mode 100644
index 00000000000..c8b42d6ffd5
--- /dev/null
+++ b/queue-4.7/ima-use-file_dentry.patch
@@ -0,0 +1,54 @@
+From e71b9dff0634edb127f449e076e883ef24a8c76c Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Fri, 16 Sep 2016 12:44:20 +0200
+Subject: ima: use file_dentry()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit e71b9dff0634edb127f449e076e883ef24a8c76c upstream.
+
+Ima tries to call ->setxattr() on overlayfs dentry after having locked
+underlying inode, which results in a deadlock.
+
+Reported-by: Krisztian Litkey <kli@iki.fi>
+Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima_appraise.c |    4 ++--
+ security/integrity/ima/ima_main.c     |    2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/security/integrity/ima/ima_appraise.c
++++ b/security/integrity/ima/ima_appraise.c
+@@ -190,7 +190,7 @@ int ima_appraise_measurement(enum ima_ho
+ {
+ 	static const char op[] = "appraise_data";
+ 	char *cause = "unknown";
+-	struct dentry *dentry = file->f_path.dentry;
++	struct dentry *dentry = file_dentry(file);
+ 	struct inode *inode = d_backing_inode(dentry);
+ 	enum integrity_status status = INTEGRITY_UNKNOWN;
+ 	int rc = xattr_len, hash_start = 0;
+@@ -295,7 +295,7 @@ out:
+  */
+ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
+ {
+-	struct dentry *dentry = file->f_path.dentry;
++	struct dentry *dentry = file_dentry(file);
+ 	int rc = 0;
+ 
+ 	/* do not collect and update hash for digital signatures */
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -222,7 +222,7 @@ static int process_measurement(struct fi
+ 	if ((action & IMA_APPRAISE_SUBMASK) ||
+ 		    strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
+ 		/* read 'security.ima' */
+-		xattr_len = ima_read_xattr(file->f_path.dentry, &xattr_value);
++		xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
+ 
+ 	hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
+ 
diff --git a/queue-4.7/series b/queue-4.7/series
index 6ccc72490ac..3b89bf8aa4c 100644
--- a/queue-4.7/series
+++ b/queue-4.7/series
@@ -26,3 +26,4 @@ x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch
 arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch
 arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch
 arm-cpuidle-fix-error-return-code.patch
+ima-use-file_dentry.patch