From 09cefcddf38db51f7b3168a17572d138279ab01c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 20 Jun 2019 18:49:36 +0200
Subject: [PATCH] 4.9-stable patches

added patches:
	abort-file_remove_privs-for-non-reg.-files.patch
---
 ...file_remove_privs-for-non-reg.-files.patch | 51 +++++++++++++++++++
 queue-4.9/series                              |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 queue-4.9/abort-file_remove_privs-for-non-reg.-files.patch

diff --git a/queue-4.9/abort-file_remove_privs-for-non-reg.-files.patch b/queue-4.9/abort-file_remove_privs-for-non-reg.-files.patch
new file mode 100644
index 00000000000..569f4d5bd3a
--- /dev/null
+++ b/queue-4.9/abort-file_remove_privs-for-non-reg.-files.patch
@@ -0,0 +1,51 @@
+From f69e749a49353d96af1a293f56b5b56de59c668a Mon Sep 17 00:00:00 2001
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Date: Fri, 14 Dec 2018 11:55:52 +0100
+Subject: Abort file_remove_privs() for non-reg. files
+
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+
+commit f69e749a49353d96af1a293f56b5b56de59c668a upstream.
+
+file_remove_privs() might be called for non-regular files, e.g.
+blkdev inode. There is no reason to do its job on things
+like blkdev inodes, pipes, or cdevs. Hence, abort if
+file does not refer to a regular inode.
+
+AV: more to the point, for devices there might be any number of
+inodes refering to given device.  Which one to strip the permissions
+from, even if that made any sense in the first place?  All of them
+will be observed with contents modified, after all.
+
+Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
+Spinczyk)
+
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1804,8 +1804,13 @@ int file_remove_privs(struct file *file)
+ 	int kill;
+ 	int error = 0;
+ 
+-	/* Fast path for nothing security related */
+-	if (IS_NOSEC(inode))
++	/*
++	 * Fast path for nothing security related.
++	 * As well for non-regular files, e.g. blkdev inodes.
++	 * For example, blkdev_write_iter() might get here
++	 * trying to remove privs which it is not allowed to.
++	 */
++	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
+ 		return 0;
+ 
+ 	kill = dentry_needs_remove_privs(dentry);
diff --git a/queue-4.9/series b/queue-4.9/series
index df40140be8d..140b24d38ba 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -114,3 +114,4 @@ scsi-libcxgbi-add-a-check-for-null-pointer-in-cxgbi_.patch
 scsi-smartpqi-properly-set-both-the-dma-mask-and-the.patch
 scsi-libsas-delete-sas-port-if-expander-discover-fai.patch
 mlxsw-spectrum-prevent-force-of-56g.patch
+abort-file_remove_privs-for-non-reg.-files.patch
-- 
2.47.3