From: Greg Kroah-Hartman Date: Tue, 4 Feb 2014 19:50:23 +0000 (-0800) Subject: 3.10-stable patches X-Git-Tag: v3.4.79~1^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e495631df271aebb3a59f7e27d1fe390f58b7520;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch btrfs-restrict-snapshotting-to-own-subvolumes.patch --- diff --git a/queue-3.10/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch b/queue-3.10/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch new file mode 100644 index 00000000000..5ba1e0aa02f --- /dev/null +++ b/queue-3.10/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch @@ -0,0 +1,32 @@ +From 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 Mon Sep 17 00:00:00 2001 +From: Wang Shilong +Date: Tue, 7 Jan 2014 17:26:58 +0800 +Subject: Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot() + +From: Wang Shilong + +commit 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 upstream. + +We may return early in btrfs_drop_snapshot(), we shouldn't +call btrfs_std_err() for this case, fix it. + +Signed-off-by: Wang Shilong +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/extent-tree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -7491,7 +7491,7 @@ out: + */ + if (root_dropped == false) + btrfs_add_dead_root(root); +- if (err) ++ if (err && err != -EAGAIN) + btrfs_std_error(root->fs_info, err); + return err; + } diff --git a/queue-3.10/btrfs-restrict-snapshotting-to-own-subvolumes.patch b/queue-3.10/btrfs-restrict-snapshotting-to-own-subvolumes.patch new file mode 100644 index 00000000000..619e255caec --- /dev/null +++ b/queue-3.10/btrfs-restrict-snapshotting-to-own-subvolumes.patch @@ -0,0 +1,49 @@ +From d024206133ce21936b3d5780359afc00247655b7 Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Wed, 15 Jan 2014 18:15:52 +0100 +Subject: btrfs: restrict snapshotting to own subvolumes + +From: David Sterba + +commit d024206133ce21936b3d5780359afc00247655b7 upstream. + +Currently, any user can snapshot any subvolume if the path is accessible and +thus indirectly create and keep files he does not own under his direcotries. +This is not possible with traditional directories. + +In security context, a user can snapshot root filesystem and pin any +potentially buggy binaries, even if the updates are applied. + +All the snapshots are visible to the administrator, so it's possible to +verify if there are suspicious snapshots. + +Another more practical problem is that any user can pin the space used +by eg. root and cause ENOSPC. + +Original report: +https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/484786 + +Signed-off-by: David Sterba +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/ioctl.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -1528,6 +1528,12 @@ static noinline int btrfs_ioctl_snap_cre + printk(KERN_INFO "btrfs: Snapshot src from " + "another FS\n"); + ret = -EINVAL; ++ } else if (!inode_owner_or_capable(src_inode)) { ++ /* ++ * Subvolume creation is not restricted, but snapshots ++ * are limited to own subvolumes only ++ */ ++ ret = -EPERM; + } else { + ret = btrfs_mksubvol(&file->f_path, name, namelen, + BTRFS_I(src_inode)->root, diff --git a/queue-3.10/series b/queue-3.10/series index ba55d979553..a079bcd6a78 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -98,3 +98,5 @@ usb-core-get-config-and-string-descriptors-for-unauthorized-devices.patch scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch virtio-scsi-fix-hotcpu_notifier-use-after-free-with-virtscsi_freeze.patch target-iscsi-fix-network-portal-creation-race.patch +btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch +btrfs-restrict-snapshotting-to-own-subvolumes.patch