WSL2-Linux-Kernel/security
Wang Weiyang 317ebe61a6 device_cgroup: Roll back to original exceptions after copy failure
commit e68bfbd3b3 upstream.

When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.

Backup A's whitelist and recover original exceptions after copy
failure.

Cc: stable@vger.kernel.org
Fixes: 4cef7299b4 ("device_cgroup: add proper checking when changing default behavior")
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-12 11:58:59 +01:00
..
apparmor apparmor: Fix memleak in alloc_ns() 2022-12-31 13:14:22 +01:00
bpf
integrity ima: Fix a potential NULL pointer access in ima_restore_measurement_list 2023-01-12 11:58:57 +01:00
keys KEYS: trusted: tpm2: Fix migratable logic 2022-06-14 18:36:25 +02:00
landlock landlock: Fix same-layer rule unions 2022-06-09 10:23:24 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown
safesetid
selinux selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() 2022-10-29 10:12:54 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-08 14:23:55 +02:00
tomoyo TOMOYO: fix __setup handlers return values 2022-04-08 14:23:35 +02:00
yama
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-07-23 12:54:10 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
Makefile
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c
lsm_audit.c
min_addr.c
security.c lockdown: also lock down previous kgdb use 2022-05-25 09:57:37 +02:00