From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 15 Mar 2023 07:46:48 +0000 (+0100)
Subject: 5.15-stable patches
X-Git-Tag: v4.14.310~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df44b9b02391ac505a68d666271756d283a56bb5;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	filelocks-use-mount-idmapping-for-setlease-permission-check.patch
---

diff --git a/queue-5.15/filelocks-use-mount-idmapping-for-setlease-permission-check.patch b/queue-5.15/filelocks-use-mount-idmapping-for-setlease-permission-check.patch
new file mode 100644
index 00000000000..92ccb195432
--- /dev/null
+++ b/queue-5.15/filelocks-use-mount-idmapping-for-setlease-permission-check.patch
@@ -0,0 +1,39 @@
+From 42d0c4bdf753063b6eec55415003184d3ca24f6e Mon Sep 17 00:00:00 2001
+From: Seth Forshee <sforshee@kernel.org>
+Date: Thu, 9 Mar 2023 14:39:09 -0600
+Subject: filelocks: use mount idmapping for setlease permission check
+
+From: Seth Forshee <sforshee@kernel.org>
+
+commit 42d0c4bdf753063b6eec55415003184d3ca24f6e upstream.
+
+A user should be allowed to take out a lease via an idmapped mount if
+the fsuid matches the mapped uid of the inode. generic_setlease() is
+checking the unmapped inode uid, causing these operations to be denied.
+
+Fix this by comparing against the mapped inode uid instead of the
+unmapped uid.
+
+Fixes: 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP")
+Cc: stable@vger.kernel.org
+Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
+Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/locks.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/locks.c
++++ b/fs/locks.c
+@@ -1901,9 +1901,10 @@ int generic_setlease(struct file *filp,
+ 			void **priv)
+ {
+ 	struct inode *inode = locks_inode(filp);
++	vfsuid_t vfsuid = i_uid_into_vfsuid(file_mnt_user_ns(filp), inode);
+ 	int error;
+ 
+-	if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
++	if ((!vfsuid_eq_kuid(vfsuid, current_fsuid())) && !capable(CAP_LEASE))
+ 		return -EACCES;
+ 	if (!S_ISREG(inode->i_mode))
+ 		return -EINVAL;
diff --git a/queue-5.15/series b/queue-5.15/series
index e325be13a1c..baadd6c6a4f 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -114,3 +114,4 @@ pci-avoid-flr-for-solidrun-snet-dpu-rev-1.patch
 scripts-handle-brokenpipeerror-for-python-scripts.patch
 media-ov5640-fix-analogue-gain-control.patch
 media-rc-gpio-ir-recv-add-remove-function.patch
+filelocks-use-mount-idmapping-for-setlease-permission-check.patch