From 458178a58312dbb2db716e767d068d218a9c0a9c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 20 Jun 2019 18:49:18 +0200
Subject: [PATCH] 4.4-stable patches

added patches:
	abort-file_remove_privs-for-non-reg.-files.patch
---
 ...file_remove_privs-for-non-reg.-files.patch | 51 +++++++++++++++++++
 queue-4.4/series                              |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 queue-4.4/abort-file_remove_privs-for-non-reg.-files.patch

diff --git a/queue-4.4/abort-file_remove_privs-for-non-reg.-files.patch b/queue-4.4/abort-file_remove_privs-for-non-reg.-files.patch
new file mode 100644
index 0000000000..346bed2c3f
--- /dev/null
+++ b/queue-4.4/abort-file_remove_privs-for-non-reg.-files.patch
@@ -0,0 +1,51 @@
+From f69e749a49353d96af1a293f56b5b56de59c668a Mon Sep 17 00:00:00 2001
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Date: Fri, 14 Dec 2018 11:55:52 +0100
+Subject: Abort file_remove_privs() for non-reg. files
+
+From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+
+commit f69e749a49353d96af1a293f56b5b56de59c668a upstream.
+
+file_remove_privs() might be called for non-regular files, e.g.
+blkdev inode. There is no reason to do its job on things
+like blkdev inodes, pipes, or cdevs. Hence, abort if
+file does not refer to a regular inode.
+
+AV: more to the point, for devices there might be any number of
+inodes refering to given device.  Which one to strip the permissions
+from, even if that made any sense in the first place?  All of them
+will be observed with contents modified, after all.
+
+Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
+Spinczyk)
+
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
+Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1744,8 +1744,13 @@ int file_remove_privs(struct file *file)
+ 	int kill;
+ 	int error = 0;
+ 
+-	/* Fast path for nothing security related */
+-	if (IS_NOSEC(inode))
++	/*
++	 * Fast path for nothing security related.
++	 * As well for non-regular files, e.g. blkdev inodes.
++	 * For example, blkdev_write_iter() might get here
++	 * trying to remove privs which it is not allowed to.
++	 */
++	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
+ 		return 0;
+ 
+ 	kill = dentry_needs_remove_privs(dentry);
diff --git a/queue-4.4/series b/queue-4.4/series
index 8197be68b9..3e31107c35 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -81,3 +81,4 @@ scsi-libcxgbi-add-a-check-for-null-pointer-in-cxgbi_.patch
 scsi-libsas-delete-sas-port-if-expander-discover-fai.patch
 revert-crypto-crypto4xx-properly-set-iv-after-de-and-encrypt.patch
 coredump-fix-race-condition-between-mmget_not_zero-get_task_mm-and-core-dumping.patch
+abort-file_remove_privs-for-non-reg.-files.patch
-- 
2.39.2