--- /dev/null
+From f69e749a49353d96af1a293f56b5b56de59c668a Mon Sep 17 00:00:00 2001
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Date: Fri, 14 Dec 2018 11:55:52 +0100
+Subject: Abort file_remove_privs() for non-reg. files
+
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+
+commit f69e749a49353d96af1a293f56b5b56de59c668a upstream.
+
+file_remove_privs() might be called for non-regular files, e.g.
+blkdev inode. There is no reason to do its job on things
+like blkdev inodes, pipes, or cdevs. Hence, abort if
+file does not refer to a regular inode.
+
+AV: more to the point, for devices there might be any number of
+inodes refering to given device. Which one to strip the permissions
+from, even if that made any sense in the first place? All of them
+will be observed with contents modified, after all.
+
+Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
+Spinczyk)
+
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1817,8 +1817,13 @@ int file_remove_privs(struct file *file)
+ int kill;
+ int error = 0;
+
+- /* Fast path for nothing security related */
+- if (IS_NOSEC(inode))
++ /*
++ * Fast path for nothing security related.
++ * As well for non-regular files, e.g. blkdev inodes.
++ * For example, blkdev_write_iter() might get here
++ * trying to remove privs which it is not allowed to.
++ */
++ if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
+ return 0;
+
+ kill = dentry_needs_remove_privs(dentry);
+++ /dev/null
-From foo@baz Wed 19 Jun 2019 02:34:37 PM CEST
-From: Ioana Ciornei <ioana.ciornei@nxp.com>
-Date: Thu, 13 Jun 2019 09:37:51 +0300
-Subject: net: phylink: set the autoneg state in phylink_phy_change
-
-From: Ioana Ciornei <ioana.ciornei@nxp.com>
-
-[ Upstream commit ef7bfa84725d891bbdb88707ed55b2cbf94942bb ]
-
-The phy_state field of phylink should carry only valid information
-especially when this can be passed to the .mac_config callback.
-Update the an_enabled field with the autoneg state in the
-phylink_phy_change function.
-
-Fixes: 9525ae83959b ("phylink: add phylink infrastructure")
-Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/net/phy/phylink.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/net/phy/phylink.c
-+++ b/drivers/net/phy/phylink.c
-@@ -662,6 +662,7 @@ static void phylink_phy_change(struct ph
- pl->phy_state.pause |= MLO_PAUSE_ASYM;
- pl->phy_state.interface = phydev->interface;
- pl->phy_state.link = up;
-+ pl->phy_state.an_enabled = phydev->autoneg;
- mutex_unlock(&pl->state_mutex);
-
- phylink_run_resolve(pl);
neigh-fix-use-after-free-read-in-pneigh_get_next.patch
net-dsa-rtl8366-fix-up-vlan-filtering.patch
net-openvswitch-do-not-free-vport-if-register_netdevice-is-failed.patch
-net-phylink-set-the-autoneg-state-in-phylink_phy_change.patch
nfc-ensure-presence-of-required-attributes-in-the-deactivate_target-handler.patch
sctp-free-cookie-before-we-memdup-a-new-one.patch
sunhv-fix-device-naming-inconsistency-between-sunhv_console-and-sunhv_reg.patch
mlxsw-spectrum-prevent-force-of-56g.patch
ocfs2-fix-error-path-kobject-memory-leak.patch
coredump-fix-race-condition-between-collapse_huge_page-and-core-dumping.patch
+abort-file_remove_privs-for-non-reg.-files.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
