From 134bd59979e3159c34d2db0d2dfd777f740d6e62 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 12 Jun 2024 17:52:00 +0200 Subject: [PATCH] drop proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch from 5.15 and 6.1 --- ...into-the-inode-.permission-operation.patch | 161 ------------------ queue-5.15/series | 1 - ...into-the-inode-.permission-operation.patch | 161 ------------------ queue-6.1/series | 1 - 4 files changed, 324 deletions(-) delete mode 100644 queue-5.15/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch delete mode 100644 queue-6.1/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch diff --git a/queue-5.15/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch b/queue-5.15/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch deleted file mode 100644 index e427aba0e3a..00000000000 --- a/queue-5.15/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 0a960ba49869ebe8ff859d000351504dd6b93b68 Mon Sep 17 00:00:00 2001 -From: "Tyler Hicks (Microsoft)" -Date: Tue, 30 Apr 2024 19:56:46 -0500 -Subject: proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Tyler Hicks (Microsoft) - -commit 0a960ba49869ebe8ff859d000351504dd6b93b68 upstream. - -The following commits loosened the permissions of /proc//fdinfo/ -directory, as well as the files within it, from 0500 to 0555 while also -introducing a PTRACE_MODE_READ check between the current task and -'s task: - - - commit 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") - - commit 1927e498aee1 ("procfs: prevent unprivileged processes accessing fdinfo dir") - -Before those changes, inode based system calls like inotify_add_watch(2) -would fail when the current task didn't have sufficient read permissions: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) - [...] - -This matches the documented behavior in the inotify_add_watch(2) man -page: - - ERRORS - EACCES Read access to the given file is not permitted. - -After those changes, inotify_add_watch(2) started succeeding despite the -current task not having PTRACE_MODE_READ privileges on the target task: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = 1757 - openat(AT_FDCWD, "/proc/1/task/1/fdinfo", - O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied) - [...] - -This change in behavior broke .NET prior to v7. See the github link -below for the v7 commit that inadvertently/quietly (?) fixed .NET after -the kernel changes mentioned above. - -Return to the old behavior by moving the PTRACE_MODE_READ check out of -the file .open operation and into the inode .permission operation: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) - [...] - -Reported-by: Kevin Parsons (Microsoft) -Link: https://github.com/dotnet/runtime/commit/89e5469ac591b82d38510fe7de98346cce74ad4f -Link: https://stackoverflow.com/questions/75379065/start-self-contained-net6-build-exe-as-service-on-raspbian-system-unauthorizeda -Fixes: 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") -Cc: stable@vger.kernel.org -Cc: Christian Brauner -Cc: Christian König -Cc: Jann Horn -Cc: Kalesh Singh -Cc: Hardik Garg -Cc: Allen Pais -Signed-off-by: Tyler Hicks (Microsoft) -Link: https://lore.kernel.org/r/20240501005646.745089-1-code@tyhicks.com -Signed-off-by: Christian Brauner -Signed-off-by: Greg Kroah-Hartman ---- - fs/proc/fd.c | 42 ++++++++++++++++++++---------------------- - 1 file changed, 20 insertions(+), 22 deletions(-) - ---- a/fs/proc/fd.c -+++ b/fs/proc/fd.c -@@ -72,7 +72,18 @@ out: - return 0; - } - --static int proc_fdinfo_access_allowed(struct inode *inode) -+static int seq_fdinfo_open(struct inode *inode, struct file *file) -+{ -+ return single_open(file, seq_show, inode); -+} -+ -+/** -+ * Shared /proc/pid/fdinfo and /proc/pid/fdinfo/fd permission helper to ensure -+ * that the current task has PTRACE_MODE_READ in addition to the normal -+ * POSIX-like checks. -+ */ -+static int proc_fdinfo_permission(struct mnt_idmap *idmap, struct inode *inode, -+ int mask) - { - bool allowed = false; - struct task_struct *task = get_proc_task(inode); -@@ -86,18 +97,13 @@ static int proc_fdinfo_access_allowed(st - if (!allowed) - return -EACCES; - -- return 0; -+ return generic_permission(idmap, inode, mask); - } - --static int seq_fdinfo_open(struct inode *inode, struct file *file) --{ -- int ret = proc_fdinfo_access_allowed(inode); -- -- if (ret) -- return ret; -- -- return single_open(file, seq_show, inode); --} -+static const struct inode_operations proc_fdinfo_file_inode_operations = { -+ .permission = proc_fdinfo_permission, -+ .setattr = proc_setattr, -+}; - - static const struct file_operations proc_fdinfo_file_operations = { - .open = seq_fdinfo_open, -@@ -339,6 +345,8 @@ static struct dentry *proc_fdinfo_instan - ei = PROC_I(inode); - ei->fd = data->fd; - -+ inode->i_op = &proc_fdinfo_file_inode_operations; -+ - inode->i_fop = &proc_fdinfo_file_operations; - tid_fd_update_inode(task, inode, 0); - -@@ -358,23 +366,13 @@ static int proc_readfdinfo(struct file * - proc_fdinfo_instantiate); - } - --static int proc_open_fdinfo(struct inode *inode, struct file *file) --{ -- int ret = proc_fdinfo_access_allowed(inode); -- -- if (ret) -- return ret; -- -- return 0; --} -- - const struct inode_operations proc_fdinfo_inode_operations = { - .lookup = proc_lookupfdinfo, -+ .permission = proc_fdinfo_permission, - .setattr = proc_setattr, - }; - - const struct file_operations proc_fdinfo_operations = { -- .open = proc_open_fdinfo, - .read = generic_read_dir, - .iterate_shared = proc_readfdinfo, - .llseek = generic_file_llseek, diff --git a/queue-5.15/series b/queue-5.15/series index 3f3acc60138..c39fde26daa 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -355,7 +355,6 @@ media-lgdt3306a-add-a-check-against-null-pointer-def.patch drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch bcache-fix-variable-length-array-abuse-in-btree_iter.patch ata-pata_legacy-make-legacy_exit-work-again.patch -proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch thermal-drivers-qcom-lmh-check-for-scm-availability-at-probe.patch soc-qcom-rpmh-rsc-enhance-check-for-vrm-in-flight-request.patch acpi-resource-do-irq-override-on-tongfang-gxxhrxx-and-gmxhgxx.patch diff --git a/queue-6.1/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch b/queue-6.1/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch deleted file mode 100644 index e427aba0e3a..00000000000 --- a/queue-6.1/proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 0a960ba49869ebe8ff859d000351504dd6b93b68 Mon Sep 17 00:00:00 2001 -From: "Tyler Hicks (Microsoft)" -Date: Tue, 30 Apr 2024 19:56:46 -0500 -Subject: proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Tyler Hicks (Microsoft) - -commit 0a960ba49869ebe8ff859d000351504dd6b93b68 upstream. - -The following commits loosened the permissions of /proc//fdinfo/ -directory, as well as the files within it, from 0500 to 0555 while also -introducing a PTRACE_MODE_READ check between the current task and -'s task: - - - commit 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") - - commit 1927e498aee1 ("procfs: prevent unprivileged processes accessing fdinfo dir") - -Before those changes, inode based system calls like inotify_add_watch(2) -would fail when the current task didn't have sufficient read permissions: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) - [...] - -This matches the documented behavior in the inotify_add_watch(2) man -page: - - ERRORS - EACCES Read access to the given file is not permitted. - -After those changes, inotify_add_watch(2) started succeeding despite the -current task not having PTRACE_MODE_READ privileges on the target task: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = 1757 - openat(AT_FDCWD, "/proc/1/task/1/fdinfo", - O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied) - [...] - -This change in behavior broke .NET prior to v7. See the github link -below for the v7 commit that inadvertently/quietly (?) fixed .NET after -the kernel changes mentioned above. - -Return to the old behavior by moving the PTRACE_MODE_READ check out of -the file .open operation and into the inode .permission operation: - - [...] - lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 - inotify_add_watch(64, "/proc/1/task/1/fdinfo", - IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| - IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) - [...] - -Reported-by: Kevin Parsons (Microsoft) -Link: https://github.com/dotnet/runtime/commit/89e5469ac591b82d38510fe7de98346cce74ad4f -Link: https://stackoverflow.com/questions/75379065/start-self-contained-net6-build-exe-as-service-on-raspbian-system-unauthorizeda -Fixes: 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") -Cc: stable@vger.kernel.org -Cc: Christian Brauner -Cc: Christian König -Cc: Jann Horn -Cc: Kalesh Singh -Cc: Hardik Garg -Cc: Allen Pais -Signed-off-by: Tyler Hicks (Microsoft) -Link: https://lore.kernel.org/r/20240501005646.745089-1-code@tyhicks.com -Signed-off-by: Christian Brauner -Signed-off-by: Greg Kroah-Hartman ---- - fs/proc/fd.c | 42 ++++++++++++++++++++---------------------- - 1 file changed, 20 insertions(+), 22 deletions(-) - ---- a/fs/proc/fd.c -+++ b/fs/proc/fd.c -@@ -72,7 +72,18 @@ out: - return 0; - } - --static int proc_fdinfo_access_allowed(struct inode *inode) -+static int seq_fdinfo_open(struct inode *inode, struct file *file) -+{ -+ return single_open(file, seq_show, inode); -+} -+ -+/** -+ * Shared /proc/pid/fdinfo and /proc/pid/fdinfo/fd permission helper to ensure -+ * that the current task has PTRACE_MODE_READ in addition to the normal -+ * POSIX-like checks. -+ */ -+static int proc_fdinfo_permission(struct mnt_idmap *idmap, struct inode *inode, -+ int mask) - { - bool allowed = false; - struct task_struct *task = get_proc_task(inode); -@@ -86,18 +97,13 @@ static int proc_fdinfo_access_allowed(st - if (!allowed) - return -EACCES; - -- return 0; -+ return generic_permission(idmap, inode, mask); - } - --static int seq_fdinfo_open(struct inode *inode, struct file *file) --{ -- int ret = proc_fdinfo_access_allowed(inode); -- -- if (ret) -- return ret; -- -- return single_open(file, seq_show, inode); --} -+static const struct inode_operations proc_fdinfo_file_inode_operations = { -+ .permission = proc_fdinfo_permission, -+ .setattr = proc_setattr, -+}; - - static const struct file_operations proc_fdinfo_file_operations = { - .open = seq_fdinfo_open, -@@ -339,6 +345,8 @@ static struct dentry *proc_fdinfo_instan - ei = PROC_I(inode); - ei->fd = data->fd; - -+ inode->i_op = &proc_fdinfo_file_inode_operations; -+ - inode->i_fop = &proc_fdinfo_file_operations; - tid_fd_update_inode(task, inode, 0); - -@@ -358,23 +366,13 @@ static int proc_readfdinfo(struct file * - proc_fdinfo_instantiate); - } - --static int proc_open_fdinfo(struct inode *inode, struct file *file) --{ -- int ret = proc_fdinfo_access_allowed(inode); -- -- if (ret) -- return ret; -- -- return 0; --} -- - const struct inode_operations proc_fdinfo_inode_operations = { - .lookup = proc_lookupfdinfo, -+ .permission = proc_fdinfo_permission, - .setattr = proc_setattr, - }; - - const struct file_operations proc_fdinfo_operations = { -- .open = proc_open_fdinfo, - .read = generic_read_dir, - .iterate_shared = proc_readfdinfo, - .llseek = generic_file_llseek, diff --git a/queue-6.1/series b/queue-6.1/series index 269155966a7..b10fe897457 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -19,7 +19,6 @@ drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch bcache-fix-variable-length-array-abuse-in-btree_iter.patch wifi-rtw89-correct-asifstime-for-6ghz-band.patch ata-pata_legacy-make-legacy_exit-work-again.patch -proc-move-fdinfo-ptrace_mode_read-check-into-the-inode-.permission-operation.patch thermal-drivers-qcom-lmh-check-for-scm-availability-at-probe.patch soc-qcom-rpmh-rsc-enhance-check-for-vrm-in-flight-request.patch acpi-resource-do-irq-override-on-tongfang-gxxhrxx-and-gmxhgxx.patch -- 2.47.3