user/sven/linux.git/fs, branch v4.8.6Linux Kernel
https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.8.62016-10-31T11:02:08Zposix_acl: Clear SGID bit when setting file permissions2016-10-31T11:02:08ZJan Karajack@suse.cz2016-09-19T15:39:09Zurn:sha1:ea288a690cc4e53a528ae6a1d37cd6e14320ed27
commit 073931017b49d9458aa351605b43a7e34598caef upstream.
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2). Fix that.
References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ubifs: Fix xattr_names length in exit paths2016-10-28T07:45:30ZRichard Weinbergerrichard@nod.at2016-09-20T08:08:30Zurn:sha1:e435e0e30773b2817921edad74de9f8e8568d567
commit 843741c5778398ea67055067f4cc65ae6c80ca0e upstream.
When the operation fails we also have to undo the changes
we made to ->xattr_names. Otherwise listxattr() will report
wrong lengths.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
jbd2: fix incorrect unlock on j_list_lock2016-10-28T07:45:30ZTaesoo Kimtsgatesv@gmail.com2016-10-13T03:19:18Zurn:sha1:58f620cf12494820c7f206abadb0096abc72e2e0
commit 559cce698eaf4ccecb2213b2519ea3a0413e5155 upstream.
When 'jh->b_transaction == transaction' (asserted by below)
J_ASSERT_JH(jh, (jh->b_transaction == transaction || ...
'journal->j_list_lock' will be incorrectly unlocked, since
the the lock is aquired only at the end of if / else-if
statements (missing the else case).
Signed-off-by: Taesoo Kim <tsgatesv@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Fixes: 6e4862a5bb9d12be87e4ea5d9a60836ebed71d28
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ext4: do not advertise encryption support when disabled2016-10-28T07:45:30ZEric Biggersebiggers@google.com2016-10-13T03:24:51Zurn:sha1:224c1a195ed9534fd88d54af8aff24080249ddf9
commit c4704a4fbe834eee4109ca064131d440941f6235 upstream.
The sysfs file /sys/fs/ext4/features/encryption was present on kernels
compiled with CONFIG_EXT4_FS_ENCRYPTION=n. This was misleading because
such kernels do not actually support ext4 encryption. Therefore, only
provide this file on kernels compiled with CONFIG_EXT4_FS_ENCRYPTION=y.
Note: since the ext4 feature files are all hardcoded to have a contents
of "supported", it really is the presence or absence of the file that is
significant, not the contents (and this change reflects that).
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fscrypto: lock inode while setting encryption policy2016-10-28T07:45:30ZEric Biggersebiggers@google.com2016-10-15T13:48:50Zurn:sha1:deb197e9992f4b8d0af491b062fff602c68eaff3
commit 8906a8223ad4909b391c5628f7991ebceda30e52 upstream.
i_rwsem needs to be acquired while setting an encryption policy so that
concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly
serialized (especially the ->get_context() + ->set_context() pair), and
so that new files cannot be created in the directory during or after the
->empty_dir() check.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fscrypto: make XTS tweak initialization endian-independent2016-10-28T07:45:30ZEric Biggersebiggers@google.com2016-10-13T03:30:16Zurn:sha1:8b722a45b3e2cc10dee3bb96e4fae0b2267607ce
commit fb4454376df9d820d95452d71dd83da6971f9338 upstream.
The XTS tweak (or IV) was initialized differently on little endian and
big endian systems. Because the ciphertext depends on the XTS tweak, it
was not possible to use an encrypted filesystem created by a little
endian system on a big endian system and vice versa, even if they shared
the same PAGE_SIZE. Fix this by always using little endian.
This will break hypothetical big endian users of ext4 or f2fs
encryption. However, all users we are aware of are little endian, and
it's believed that "real" big endian users are unlikely to exist yet.
So this might as well be fixed now before it's too late.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ceph: fix error handling in ceph_read_iter2016-10-28T07:45:29ZNikolay Borisovkernel@kyup.com2016-10-10T12:38:18Zurn:sha1:d3f1ec54e3453e54463fcff5be36ec8ebc06de53
commit 0d7718f666be181fda1ba2d08f137d87c1419347 upstream.
In case __ceph_do_getattr returns an error and the retry_op in
ceph_read_iter is not READ_INLINE, then it's possible to invoke
__free_page on a page which is NULL, this naturally leads to a crash.
This can happen when, for example, a process waiting on a MDS reply
receives sigterm.
Fix this by explicitly checking whether the page is set or not.
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
isofs: Do not return EACCES for unknown filesystems2016-10-28T07:45:28ZJan Karajack@suse.cz2016-10-04T11:44:06Zurn:sha1:d0ee9157a9d7056b3352c0b9225049cd4b588a0b
commit a2ed0b391dd9c3ef1d64c7c3e370f4a5ffcd324a upstream.
When isofs_mount() is called to mount a device read-write, it returns
EACCES even before it checks that the device actually contains an isofs
filesystem. This may confuse mount(8) which then tries to mount all
subsequent filesystem types in read-only mode.
Fix the problem by returning EACCES only once we verify that the device
indeed contains an iso9660 filesystem.
Fixes: 17b7f7cf58926844e1dd40f5eb5348d481deca6a
Reported-by: Kent Overstreet <kent.overstreet@gmail.com>
Reported-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix regression which breaks DFS mounting2016-10-28T07:45:27ZSachin Prabhusprabhu@redhat.com2016-09-06T12:22:34Zurn:sha1:38c7c171b160f84113c10e9428e03ed4dc33cfe6
commit d171356ff11ab1825e456dfb979755e01b3c54a1 upstream.
Patch a6b5058 results in -EREMOTE returned by is_path_accessible() in
cifs_mount() to be ignored which breaks DFS mounting.
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cleanup missing frees on some ioctls2016-10-28T07:45:27ZSteve Frenchsmfrench@gmail.com2016-09-29T09:20:23Zurn:sha1:917395fb15dcdf94c019ae3d1137fdbb519b56b0
commit 24df1483c272c99ed88b0cba135d0e1dfdee3930 upstream.
Cleanup some missing mem frees on some cifs ioctls, and
clarify others to make more obvious that no data is returned.
Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>