--- /dev/null
+From f69e749a49353d96af1a293f56b5b56de59c668a Mon Sep 17 00:00:00 2001
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Date: Fri, 14 Dec 2018 11:55:52 +0100
+Subject: Abort file_remove_privs() for non-reg. files
+
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+
+commit f69e749a49353d96af1a293f56b5b56de59c668a upstream.
+
+file_remove_privs() might be called for non-regular files, e.g.
+blkdev inode. There is no reason to do its job on things
+like blkdev inodes, pipes, or cdevs. Hence, abort if
+file does not refer to a regular inode.
+
+AV: more to the point, for devices there might be any number of
+inodes refering to given device. Which one to strip the permissions
+from, even if that made any sense in the first place? All of them
+will be observed with contents modified, after all.
+
+Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
+Spinczyk)
+
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1804,8 +1804,13 @@ int file_remove_privs(struct file *file)
+ int kill;
+ int error = 0;
+
+- /* Fast path for nothing security related */
+- if (IS_NOSEC(inode))
++ /*
++ * Fast path for nothing security related.
++ * As well for non-regular files, e.g. blkdev inodes.
++ * For example, blkdev_write_iter() might get here
++ * trying to remove privs which it is not allowed to.
++ */
++ if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
+ return 0;
+
+ kill = dentry_needs_remove_privs(dentry);
projects / thirdparty / kernel / stable-queue.git / commitdiff
