From: Greg Kroah-Hartman Date: Tue, 4 Feb 2014 19:50:26 +0000 (-0800) Subject: 3.12-stable patches X-Git-Tag: v3.4.79~1^2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b0374bce349cca26ba4905da6937441b82ce7c0;p=thirdparty%2Fkernel%2Fstable-queue.git 3.12-stable patches added patches: btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch btrfs-restrict-snapshotting-to-own-subvolumes.patch --- diff --git a/queue-3.12/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch b/queue-3.12/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch new file mode 100644 index 00000000000..caf0d318a11 --- /dev/null +++ b/queue-3.12/btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch @@ -0,0 +1,32 @@ +From 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 Mon Sep 17 00:00:00 2001 +From: Wang Shilong +Date: Tue, 7 Jan 2014 17:26:58 +0800 +Subject: Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot() + +From: Wang Shilong + +commit 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 upstream. + +We may return early in btrfs_drop_snapshot(), we shouldn't +call btrfs_std_err() for this case, fix it. + +Signed-off-by: Wang Shilong +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/extent-tree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -7718,7 +7718,7 @@ out: + */ + if (!for_reloc && root_dropped == false) + btrfs_add_dead_root(root); +- if (err) ++ if (err && err != -EAGAIN) + btrfs_std_error(root->fs_info, err); + return err; + } diff --git a/queue-3.12/btrfs-restrict-snapshotting-to-own-subvolumes.patch b/queue-3.12/btrfs-restrict-snapshotting-to-own-subvolumes.patch new file mode 100644 index 00000000000..3fc735fd8e2 --- /dev/null +++ b/queue-3.12/btrfs-restrict-snapshotting-to-own-subvolumes.patch @@ -0,0 +1,49 @@ +From d024206133ce21936b3d5780359afc00247655b7 Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Wed, 15 Jan 2014 18:15:52 +0100 +Subject: btrfs: restrict snapshotting to own subvolumes + +From: David Sterba + +commit d024206133ce21936b3d5780359afc00247655b7 upstream. + +Currently, any user can snapshot any subvolume if the path is accessible and +thus indirectly create and keep files he does not own under his direcotries. +This is not possible with traditional directories. + +In security context, a user can snapshot root filesystem and pin any +potentially buggy binaries, even if the updates are applied. + +All the snapshots are visible to the administrator, so it's possible to +verify if there are suspicious snapshots. + +Another more practical problem is that any user can pin the space used +by eg. root and cause ENOSPC. + +Original report: +https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/484786 + +Signed-off-by: David Sterba +Signed-off-by: Josef Bacik +Signed-off-by: Chris Mason +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/ioctl.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -1548,6 +1548,12 @@ static noinline int btrfs_ioctl_snap_cre + printk(KERN_INFO "btrfs: Snapshot src from " + "another FS\n"); + ret = -EINVAL; ++ } else if (!inode_owner_or_capable(src_inode)) { ++ /* ++ * Subvolume creation is not restricted, but snapshots ++ * are limited to own subvolumes only ++ */ ++ ret = -EPERM; + } else { + ret = btrfs_mksubvol(&file->f_path, name, namelen, + BTRFS_I(src_inode)->root, diff --git a/queue-3.12/series b/queue-3.12/series index 25d47c660cc..ce5efd7a38e 100644 --- a/queue-3.12/series +++ b/queue-3.12/series @@ -127,3 +127,5 @@ scsi-bfa-chinook-quad-port-16g-fc-hba-claim-issue.patch virtio-scsi-fix-hotcpu_notifier-use-after-free-with-virtscsi_freeze.patch iscsi-target-pre-allocate-more-tags-to-avoid-ack-starvation.patch target-iscsi-fix-network-portal-creation-race.patch +btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch +btrfs-restrict-snapshotting-to-own-subvolumes.patch