From 462415fd93a17f7db552d7cc3047a6cc0c9b0f51 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 30 Apr 2021 13:40:25 +0200
Subject: [PATCH] 4.4-stable patches

added patches:
	timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch
---
 queue-4.4/series                              |  1 +
 ...larm-timerfds-without-cap_wake_alarm.patch | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 queue-4.4/series
 create mode 100644 queue-4.4/timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch

diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..fe28e3d28dc
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1 @@
+timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch
diff --git a/queue-4.4/timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch b/queue-4.4/timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch
new file mode 100644
index 00000000000..3b440e41a0c
--- /dev/null
+++ b/queue-4.4/timerfd-reject-alarm-timerfds-without-cap_wake_alarm.patch
@@ -0,0 +1,51 @@
+From 2895a5e5b3ae78d9923a91fce405d4a2f32c4309 Mon Sep 17 00:00:00 2001
+From: Eric Caruso <ejcaruso@google.com>
+Date: Wed, 8 Jun 2016 16:08:59 -0700
+Subject: timerfd: Reject ALARM timerfds without CAP_WAKE_ALARM
+
+From: Eric Caruso <ejcaruso@google.com>
+
+commit 2895a5e5b3ae78d9923a91fce405d4a2f32c4309 upstream.
+
+timerfd gives processes a way to set wake alarms, but unlike timers made using
+timer_create, timerfds don't check whether the process has CAP_WAKE_ALARM
+before setting alarm-time timers. CAP_WAKE_ALARM is supposed to gate this
+behavior and so it makes sense that we should deny permission to create such
+timerfds if the process doesn't have this capability.
+
+Signed-off-by: Eric Caruso <ejcaruso@google.com>
+Cc: Todd Poynor <toddpoynor@google.com>
+Link: http://lkml.kernel.org/r/1465427339-96209-1-git-send-email-ejcaruso@chromium.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Kasper Zwijsen <Kasper.Zwijsen@UGent.be>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/timerfd.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/fs/timerfd.c
++++ b/fs/timerfd.c
+@@ -400,6 +400,11 @@ SYSCALL_DEFINE2(timerfd_create, int, clo
+ 	     clockid != CLOCK_BOOTTIME_ALARM))
+ 		return -EINVAL;
+ 
++	if (!capable(CAP_WAKE_ALARM) &&
++	    (clockid == CLOCK_REALTIME_ALARM ||
++	     clockid == CLOCK_BOOTTIME_ALARM))
++		return -EPERM;
++
+ 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ 	if (!ctx)
+ 		return -ENOMEM;
+@@ -444,6 +449,11 @@ static int do_timerfd_settime(int ufd, i
+ 		return ret;
+ 	ctx = f.file->private_data;
+ 
++	if (!capable(CAP_WAKE_ALARM) && isalarm(ctx)) {
++		fdput(f);
++		return -EPERM;
++	}
++
+ 	timerfd_setup_cancel(ctx, flags);
+ 
+ 	/*
-- 
2.47.3