From 4d1446d2d3bbfb643bebcc7d07807163577a5ac9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 16 Jun 2021 09:43:38 +0200 Subject: [PATCH] 4.14-stable patches added patches: proc-only-require-mm_struct-for-writing.patch --- ...c-only-require-mm_struct-for-writing.patch | 48 +++++++++++++++++++ queue-4.14/series | 1 + 2 files changed, 49 insertions(+) create mode 100644 queue-4.14/proc-only-require-mm_struct-for-writing.patch diff --git a/queue-4.14/proc-only-require-mm_struct-for-writing.patch b/queue-4.14/proc-only-require-mm_struct-for-writing.patch new file mode 100644 index 00000000000..a1819c19f03 --- /dev/null +++ b/queue-4.14/proc-only-require-mm_struct-for-writing.patch @@ -0,0 +1,48 @@ +From 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 15 Jun 2021 09:26:19 -0700 +Subject: proc: only require mm_struct for writing + +From: Linus Torvalds + +commit 94f0b2d4a1d0c52035aef425da5e022bd2cb1c71 upstream. + +Commit 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct") we +started using __mem_open() to track the mm_struct at open-time, so that +we could then check it for writes. + +But that also ended up making the permission checks at open time much +stricter - and not just for writes, but for reads too. And that in turn +caused a regression for at least Fedora 29, where NIC interfaces fail to +start when using NetworkManager. + +Since only the write side wanted the mm_struct test, ignore any failures +by __mem_open() at open time, leaving reads unaffected. The write() +time verification of the mm_struct pointer will then catch the failure +case because a NULL pointer will not match a valid 'current->mm'. + +Link: https://lore.kernel.org/netdev/YMjTlp2FSJYvoyFa@unreal/ +Fixes: 591a22c14d3f ("proc: Track /proc/$pid/attr/ opener mm_struct") +Reported-and-tested-by: Leon Romanovsky +Cc: Kees Cook +Cc: Christian Brauner +Cc: Andrea Righi +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/proc/base.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -2530,7 +2530,9 @@ out: + #ifdef CONFIG_SECURITY + static int proc_pid_attr_open(struct inode *inode, struct file *file) + { +- return __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS); ++ file->private_data = NULL; ++ __mem_open(inode, file, PTRACE_MODE_READ_FSCREDS); ++ return 0; + } + + static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, diff --git a/queue-4.14/series b/queue-4.14/series index ab10c39ad3c..2629332d743 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -47,3 +47,4 @@ scsi-core-put-.shost_dev-in-failure-path-if-host-state-changes-to-running.patch scsi-core-only-put-parent-device-if-host-state-differs-from-shost_created.patch ftrace-do-not-blindly-read-the-ip-address-in-ftrace_bug.patch tracing-correct-the-length-check-which-causes-memory-corruption.patch +proc-only-require-mm_struct-for-writing.patch -- 2.47.3