+++ /dev/null
-From 0a960ba49869ebe8ff859d000351504dd6b93b68 Mon Sep 17 00:00:00 2001
-From: "Tyler Hicks (Microsoft)" <code@tyhicks.com>
-Date: Tue, 30 Apr 2024 19:56:46 -0500
-Subject: proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Tyler Hicks (Microsoft) <code@tyhicks.com>
-
-commit 0a960ba49869ebe8ff859d000351504dd6b93b68 upstream.
-
-The following commits loosened the permissions of /proc/<PID>/fdinfo/
-directory, as well as the files within it, from 0500 to 0555 while also
-introducing a PTRACE_MODE_READ check between the current task and
-<PID>'s task:
-
- - commit 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ")
- - commit 1927e498aee1 ("procfs: prevent unprivileged processes accessing fdinfo dir")
-
-Before those changes, inode based system calls like inotify_add_watch(2)
-would fail when the current task didn't have sufficient read permissions:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied)
- [...]
-
-This matches the documented behavior in the inotify_add_watch(2) man
-page:
-
- ERRORS
- EACCES Read access to the given file is not permitted.
-
-After those changes, inotify_add_watch(2) started succeeding despite the
-current task not having PTRACE_MODE_READ privileges on the target task:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = 1757
- openat(AT_FDCWD, "/proc/1/task/1/fdinfo",
- O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied)
- [...]
-
-This change in behavior broke .NET prior to v7. See the github link
-below for the v7 commit that inadvertently/quietly (?) fixed .NET after
-the kernel changes mentioned above.
-
-Return to the old behavior by moving the PTRACE_MODE_READ check out of
-the file .open operation and into the inode .permission operation:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied)
- [...]
-
-Reported-by: Kevin Parsons (Microsoft) <parsonskev@gmail.com>
-Link: https://github.com/dotnet/runtime/commit/89e5469ac591b82d38510fe7de98346cce74ad4f
-Link: https://stackoverflow.com/questions/75379065/start-self-contained-net6-build-exe-as-service-on-raspbian-system-unauthorizeda
-Fixes: 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ")
-Cc: stable@vger.kernel.org
-Cc: Christian Brauner <brauner@kernel.org>
-Cc: Christian König <christian.koenig@amd.com>
-Cc: Jann Horn <jannh@google.com>
-Cc: Kalesh Singh <kaleshsingh@google.com>
-Cc: Hardik Garg <hargar@linux.microsoft.com>
-Cc: Allen Pais <apais@linux.microsoft.com>
-Signed-off-by: Tyler Hicks (Microsoft) <code@tyhicks.com>
-Link: https://lore.kernel.org/r/20240501005646.745089-1-code@tyhicks.com
-Signed-off-by: Christian Brauner <brauner@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/proc/fd.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-
---- a/fs/proc/fd.c
-+++ b/fs/proc/fd.c
-@@ -72,7 +72,18 @@ out:
- return 0;
- }
-
--static int proc_fdinfo_access_allowed(struct inode *inode)
-+static int seq_fdinfo_open(struct inode *inode, struct file *file)
-+{
-+ return single_open(file, seq_show, inode);
-+}
-+
-+/**
-+ * Shared /proc/pid/fdinfo and /proc/pid/fdinfo/fd permission helper to ensure
-+ * that the current task has PTRACE_MODE_READ in addition to the normal
-+ * POSIX-like checks.
-+ */
-+static int proc_fdinfo_permission(struct mnt_idmap *idmap, struct inode *inode,
-+ int mask)
- {
- bool allowed = false;
- struct task_struct *task = get_proc_task(inode);
-@@ -86,18 +97,13 @@ static int proc_fdinfo_access_allowed(st
- if (!allowed)
- return -EACCES;
-
-- return 0;
-+ return generic_permission(idmap, inode, mask);
- }
-
--static int seq_fdinfo_open(struct inode *inode, struct file *file)
--{
-- int ret = proc_fdinfo_access_allowed(inode);
--
-- if (ret)
-- return ret;
--
-- return single_open(file, seq_show, inode);
--}
-+static const struct inode_operations proc_fdinfo_file_inode_operations = {
-+ .permission = proc_fdinfo_permission,
-+ .setattr = proc_setattr,
-+};
-
- static const struct file_operations proc_fdinfo_file_operations = {
- .open = seq_fdinfo_open,
-@@ -339,6 +345,8 @@ static struct dentry *proc_fdinfo_instan
- ei = PROC_I(inode);
- ei->fd = data->fd;
-
-+ inode->i_op = &proc_fdinfo_file_inode_operations;
-+
- inode->i_fop = &proc_fdinfo_file_operations;
- tid_fd_update_inode(task, inode, 0);
-
-@@ -358,23 +366,13 @@ static int proc_readfdinfo(struct file *
- proc_fdinfo_instantiate);
- }
-
--static int proc_open_fdinfo(struct inode *inode, struct file *file)
--{
-- int ret = proc_fdinfo_access_allowed(inode);
--
-- if (ret)
-- return ret;
--
-- return 0;
--}
--
- const struct inode_operations proc_fdinfo_inode_operations = {
- .lookup = proc_lookupfdinfo,
-+ .permission = proc_fdinfo_permission,
- .setattr = proc_setattr,
- };
-
- const struct file_operations proc_fdinfo_operations = {
-- .open = proc_open_fdinfo,
- .read = generic_read_dir,
- .iterate_shared = proc_readfdinfo,
- .llseek = generic_file_llseek,
drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
bcache-fix-variable-length-array-abuse-in-btree_iter.patch
ata-pata_legacy-make-legacy_exit-work-again.patch
-proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch
thermal-drivers-qcom-lmh-check-for-scm-availability-at-probe.patch
soc-qcom-rpmh-rsc-enhance-check-for-vrm-in-flight-request.patch
acpi-resource-do-irq-override-on-tongfang-gxxhrxx-and-gmxhgxx.patch
+++ /dev/null
-From 0a960ba49869ebe8ff859d000351504dd6b93b68 Mon Sep 17 00:00:00 2001
-From: "Tyler Hicks (Microsoft)" <code@tyhicks.com>
-Date: Tue, 30 Apr 2024 19:56:46 -0500
-Subject: proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Tyler Hicks (Microsoft) <code@tyhicks.com>
-
-commit 0a960ba49869ebe8ff859d000351504dd6b93b68 upstream.
-
-The following commits loosened the permissions of /proc/<PID>/fdinfo/
-directory, as well as the files within it, from 0500 to 0555 while also
-introducing a PTRACE_MODE_READ check between the current task and
-<PID>'s task:
-
- - commit 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ")
- - commit 1927e498aee1 ("procfs: prevent unprivileged processes accessing fdinfo dir")
-
-Before those changes, inode based system calls like inotify_add_watch(2)
-would fail when the current task didn't have sufficient read permissions:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied)
- [...]
-
-This matches the documented behavior in the inotify_add_watch(2) man
-page:
-
- ERRORS
- EACCES Read access to the given file is not permitted.
-
-After those changes, inotify_add_watch(2) started succeeding despite the
-current task not having PTRACE_MODE_READ privileges on the target task:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = 1757
- openat(AT_FDCWD, "/proc/1/task/1/fdinfo",
- O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied)
- [...]
-
-This change in behavior broke .NET prior to v7. See the github link
-below for the v7 commit that inadvertently/quietly (?) fixed .NET after
-the kernel changes mentioned above.
-
-Return to the old behavior by moving the PTRACE_MODE_READ check out of
-the file .open operation and into the inode .permission operation:
-
- [...]
- lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
- inotify_add_watch(64, "/proc/1/task/1/fdinfo",
- IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|
- IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied)
- [...]
-
-Reported-by: Kevin Parsons (Microsoft) <parsonskev@gmail.com>
-Link: https://github.com/dotnet/runtime/commit/89e5469ac591b82d38510fe7de98346cce74ad4f
-Link: https://stackoverflow.com/questions/75379065/start-self-contained-net6-build-exe-as-service-on-raspbian-system-unauthorizeda
-Fixes: 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ")
-Cc: stable@vger.kernel.org
-Cc: Christian Brauner <brauner@kernel.org>
-Cc: Christian König <christian.koenig@amd.com>
-Cc: Jann Horn <jannh@google.com>
-Cc: Kalesh Singh <kaleshsingh@google.com>
-Cc: Hardik Garg <hargar@linux.microsoft.com>
-Cc: Allen Pais <apais@linux.microsoft.com>
-Signed-off-by: Tyler Hicks (Microsoft) <code@tyhicks.com>
-Link: https://lore.kernel.org/r/20240501005646.745089-1-code@tyhicks.com
-Signed-off-by: Christian Brauner <brauner@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/proc/fd.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-
---- a/fs/proc/fd.c
-+++ b/fs/proc/fd.c
-@@ -72,7 +72,18 @@ out:
- return 0;
- }
-
--static int proc_fdinfo_access_allowed(struct inode *inode)
-+static int seq_fdinfo_open(struct inode *inode, struct file *file)
-+{
-+ return single_open(file, seq_show, inode);
-+}
-+
-+/**
-+ * Shared /proc/pid/fdinfo and /proc/pid/fdinfo/fd permission helper to ensure
-+ * that the current task has PTRACE_MODE_READ in addition to the normal
-+ * POSIX-like checks.
-+ */
-+static int proc_fdinfo_permission(struct mnt_idmap *idmap, struct inode *inode,
-+ int mask)
- {
- bool allowed = false;
- struct task_struct *task = get_proc_task(inode);
-@@ -86,18 +97,13 @@ static int proc_fdinfo_access_allowed(st
- if (!allowed)
- return -EACCES;
-
-- return 0;
-+ return generic_permission(idmap, inode, mask);
- }
-
--static int seq_fdinfo_open(struct inode *inode, struct file *file)
--{
-- int ret = proc_fdinfo_access_allowed(inode);
--
-- if (ret)
-- return ret;
--
-- return single_open(file, seq_show, inode);
--}
-+static const struct inode_operations proc_fdinfo_file_inode_operations = {
-+ .permission = proc_fdinfo_permission,
-+ .setattr = proc_setattr,
-+};
-
- static const struct file_operations proc_fdinfo_file_operations = {
- .open = seq_fdinfo_open,
-@@ -339,6 +345,8 @@ static struct dentry *proc_fdinfo_instan
- ei = PROC_I(inode);
- ei->fd = data->fd;
-
-+ inode->i_op = &proc_fdinfo_file_inode_operations;
-+
- inode->i_fop = &proc_fdinfo_file_operations;
- tid_fd_update_inode(task, inode, 0);
-
-@@ -358,23 +366,13 @@ static int proc_readfdinfo(struct file *
- proc_fdinfo_instantiate);
- }
-
--static int proc_open_fdinfo(struct inode *inode, struct file *file)
--{
-- int ret = proc_fdinfo_access_allowed(inode);
--
-- if (ret)
-- return ret;
--
-- return 0;
--}
--
- const struct inode_operations proc_fdinfo_inode_operations = {
- .lookup = proc_lookupfdinfo,
-+ .permission = proc_fdinfo_permission,
- .setattr = proc_setattr,
- };
-
- const struct file_operations proc_fdinfo_operations = {
-- .open = proc_open_fdinfo,
- .read = generic_read_dir,
- .iterate_shared = proc_readfdinfo,
- .llseek = generic_file_llseek,
bcache-fix-variable-length-array-abuse-in-btree_iter.patch
wifi-rtw89-correct-asifstime-for-6ghz-band.patch
ata-pata_legacy-make-legacy_exit-work-again.patch
-proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch
thermal-drivers-qcom-lmh-check-for-scm-availability-at-probe.patch
soc-qcom-rpmh-rsc-enhance-check-for-vrm-in-flight-request.patch
acpi-resource-do-irq-override-on-tongfang-gxxhrxx-and-gmxhgxx.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
