microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/fs
История
Radoslaw Burny 2cbf2af144 fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes. 
commit 5ec27ec735 upstream.

Normally, the inode's i_uid/i_gid are translated relative to s_user_ns,
but this is not a correct behavior for proc.  Since sysctl permission
check in test_perm is done against GLOBAL_ROOT_[UG]ID, it makes more
sense to use these values in u_[ug]id of proc inodes.  In other words:
although uid/gid in the inode is not read during test_perm, the inode
logically belongs to the root of the namespace.  I have confirmed this
with Eric Biederman at LPC and in this thread:
  https://lore.kernel.org/lkml/87k1kzjdff.fsf@xmission.com

Consequences
============

Since the i_[ug]id values of proc nodes are not used for permissions
checks, this change usually makes no functional difference.  However, it
causes an issue in a setup where:

 * a namespace container is created without root user in container -
   hence the i_[ug]id of proc nodes are set to INVALID_[UG]ID

 * container creator tries to configure it by writing /proc/sys files,
   e.g. writing /proc/sys/kernel/shmmax to configure shared memory limit

Kernel does not allow to open an inode for writing if its i_[ug]id are
invalid, making it impossible to write shmmax and thus - configure the
container.

Using a container with no root mapping is apparently rare, but we do use
this configuration at Google.  Also, we use a generic tool to configure
the container limits, and the inability to write any of them causes a
failure.

History
=======

The invalid uids/gids in inodes first appeared due to 8175435777 (fs:
Update i_[ug]id_(read|write) to translate relative to s_user_ns).
However, AFAIK, this did not immediately cause any issues.  The
inability to write to these "invalid" inodes was only caused by a later
commit 0bd23d09b8 (vfs: Don't modify inodes with a uid or gid unknown
to the vfs).

Tested: Used a repro program that creates a user namespace without any
mapping and stat'ed /proc/$PID/root/proc/sys/kernel/shmmax from outside.
Before the change, it shows the overflow uid, with the change it's 0.
The overflow uid indicates that the uid in the inode is not correct and
thus it is not possible to open the file for writing.

Link: http://lkml.kernel.org/r/20190708115130.250149-1-rburny@google.com
Fixes: 0bd23d09b8 ("vfs: Don't modify inodes with a uid or gid unknown to the vfs")
Signed-off-by: Radoslaw Burny <rburny@google.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: John Sperbeck <jsperbeck@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>	[4.8+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-07-31 07:28:38 +02:00
..
9p 9p: acl: fix uninitialized iattr access 2019-07-03 13:15:58 +02:00
adfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
affs affs_lookup(): close a race with affs_remove_link() 2018-05-30 07:51:47 +02:00
afs afs: Fix directory permissions check 2018-07-08 15:30:51 +02:00
autofs4 autofs: fix error return in autofs_fill_super() 2019-03-13 14:03:19 -07:00
befs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:42:51 +01:00
btrfs stable/btrfs: fix backport bug in d819d97ea0 ("btrfs: honor path->skip_locking in backref code") 2019-07-10 09:54:43 +02:00
cachefiles fscache, cachefiles: remove redundant variable 'cache' 2018-12-17 09:28:53 +01:00
ceph ceph: flush dirty inodes before proceeding with remount 2019-05-25 18:25:22 +02:00
cifs SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write 2019-06-25 11:36:54 +08:00
coda coda: fix 'kernel memory exposure attempt' in fsync 2017-11-24 08:37:05 +01:00
configfs configfs: Fix use-after-free when accessing sd->s_dentry 2019-06-22 08:16:17 +02:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-13 11:15:12 -08:00
crypto fscrypt: clean up some BUG_ON()s in block encryption/decryption 2019-07-31 07:28:22 +02:00
debugfs debugfs: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
devpts fs/devpts: always delete dcache dentry-s in dput() 2019-03-23 14:35:21 +01:00
dlm dlm: Don't swamp the CPU with callbacks queued during recovery 2019-02-12 19:45:57 +01:00
ecryptfs eCryptfs: don't pass up plaintext names when using filename encryption 2018-06-21 04:02:42 +09:00
efivarfs
efs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
exofs fs/exofs: fix potential memory leak in mount option parsing 2018-11-27 16:10:47 +01:00
exportfs exportfs: do not read dentry after free 2018-12-17 09:28:50 +01:00
ext2 ext2: Fix underflow in ext2_max_size() 2019-03-23 14:35:23 +01:00
ext4 ext4: do not delete unlinked inode from orphan list on failed truncate 2019-05-31 06:47:10 -07:00
f2fs f2fs: fix to do sanity check on valid block count of segment 2019-06-15 11:54:53 +02:00
fat fs/fat/file.c: issue flush after the writeback of FAT 2019-06-15 11:54:51 +02:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 09:28:53 +01:00
fuse fuse: retrieve: cap requested size to negotiated max_write 2019-06-15 11:54:54 +02:00
gfs2 gfs2: Fix occasional glock use-after-free 2019-05-31 06:47:14 -07:00
hfs hfs: do not free node before using 2018-12-17 09:28:54 +01:00
hfsplus hfsplus: do not free node before using 2018-12-17 09:28:54 +01:00
hostfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hpfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hugetlbfs hugetlb: use same fault hash key for shared and private mappings 2019-05-31 06:47:12 -07:00
isofs isofs: reject hardware sector size > 2048 bytes 2018-10-03 17:00:57 -07:00
jbd2 jbd2: check superblock mapped prior to committing 2019-05-21 18:50:18 +02:00
jffs2 jffs2: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
jfs jfs: Fix inconsistency between memory allocation and ea_buf->max_size 2018-08-09 12:16:39 +02:00
kernfs kernfs: fix barrier usage in __kernfs_new_node() 2019-05-16 19:42:19 +02:00
lockd Revert "lockd: Show pid of lockd for remote locks" 2019-06-09 09:18:18 +02:00
minix License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ncpfs staging: ncpfs: memory corruption in ncp_read_kernel() 2018-03-28 18:24:43 +02:00
nfs pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error 2019-07-31 07:28:37 +02:00
nfs_common lockd: fix "list_add double add" caused by legacy signal interface 2018-02-03 17:39:08 +01:00
nfsd nfsd: allow fh_want_write to be called twice 2019-06-15 11:54:54 +02:00
nilfs2 do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:51:47 +02:00
nls License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
notify fanotify: fix handling of events on child sub-directory 2019-02-06 17:31:37 +01:00
ntfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ocfs2 fs/ocfs2: fix race in ocfs2_dentry_attach_lock() 2019-06-19 08:20:54 +02:00
omfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
openpromfs
orangefs orangefs: report attributes_mask and attributes for statx 2018-06-26 08:06:33 +08:00
overlayfs ovl: check whiteout in ovl_create_over_whiteout() 2018-11-21 09:24:17 +01:00
proc fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes. 2019-07-31 07:28:38 +02:00
pstore pstore/ram: Run without kernel crash dump region 2019-06-11 12:21:48 +02:00
qnx4 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qnx6 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota quota: fix a problem about transfer quota 2019-07-21 09:04:28 +02:00
ramfs mm: make pagevec_lookup() update index 2017-09-06 17:27:26 -07:00
reiserfs reiserfs: propagate errors from fill_with_dentries() properly 2018-11-27 16:10:46 +01:00
romfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
squashfs Squashfs: Compute expected length from inode size rather than block length 2018-09-05 09:26:32 +02:00
sysfs scsi: sysfs: Introduce sysfs_{un,}break_active_protection() 2018-09-05 09:26:41 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 09:28:48 +01:00
tracefs
ubifs ubifs: Handle re-linking of inodes correctly while recovery 2018-12-29 13:39:11 +01:00
udf udf: Fix incorrect final NOT_ALLOCATED (hole) extent length 2019-07-21 09:04:30 +02:00
ufs ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour 2019-05-25 18:25:36 +02:00
xfs xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute 2019-04-27 09:35:41 +02:00
Kconfig
Kconfig.binfmt
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:13:04 +01:00
anon_inodes.c
attr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bad_inode.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_aout.c fs: fix kernel_read prototype 2017-09-04 19:05:15 -04:00
binfmt_elf.c binfmt_elf: Respect error return from `regset->active' 2018-09-26 08:38:09 +02:00
binfmt_elf_fdpic.c Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-09-14 18:13:32 -07:00
binfmt_em86.c
binfmt_flat.c fs/binfmt_flat.c: make load_flat_shared_library() work 2019-07-03 13:15:59 +02:00
binfmt_misc.c fs/binfmt_misc.c: do not allow offset overflow 2018-06-26 08:06:33 +08:00
binfmt_script.c Revert "exec: load_script: don't blindly truncate shebang string" 2019-02-15 09:08:56 +01:00
block_dev.c block: fix the return errno for direct IO 2019-04-17 08:37:53 +02:00
buffer.c fs: fix guard_bio_eod to check for real EOD errors 2019-04-05 22:31:28 +02:00
char_dev.c chardev: add additional check for minor range overlap 2019-05-31 06:47:31 -07:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
coredump.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dax.c fs/dax.c: release PMD lock even when there is no PMD support in DAX 2018-04-26 11:02:14 +02:00
dcache.c fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() 2019-02-06 17:31:34 +01:00
dcookies.c
direct-io.c iomap: report collisions between directio and buffered writes to userspace 2019-04-27 09:35:41 +02:00
drop_caches.c fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() 2019-03-13 14:03:18 -07:00
eventfd.c
eventpoll.c fs/epoll: drop ovflist branch prediction 2019-02-12 19:46:10 +01:00
exec.c exec: Fix mem leak in kernel_read_file 2019-03-13 14:03:11 -07:00
fcntl.c fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall 2017-12-17 15:07:59 +01:00
fhandle.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c fs/file.c: initialize init_files.resize_wait 2019-04-05 22:31:28 +02:00
file_table.c fput: Don't reinvent the wheel but use existing llist API 2017-08-28 00:50:23 -04:00
filesystems.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs-writeback.c blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration 2019-07-31 07:28:25 +02:00
fs_pin.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs_struct.c
inode.c Abort file_remove_privs() for non-reg. files 2019-06-22 08:16:19 +02:00
internal.h Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2017-09-13 09:11:44 -07:00
ioctl.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
iomap.c iomap: report collisions between directio and buffered writes to userspace 2019-04-27 09:35:41 +02:00
libfs.c
locks.c fs/lock: skip lock owner pid translation in case we are in init_pid_ns 2018-10-03 17:00:53 -07:00
mbcache.c mbcache: initialize entry->e_referenced in mb_cache_entry_create() 2018-02-22 15:42:25 +01:00
mount.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpage.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namei.c namei: allow restricted O_CREAT of FIFOs and regular files 2018-12-01 09:42:59 +01:00
namespace.c mount: Prevent MNT_DETACH from disconnecting locked mounts 2018-11-21 09:24:14 +01:00
no-block.c
nsfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
open.c fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-06-11 12:21:51 +02:00
pipe.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
read_write.c fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-06-11 12:21:51 +02:00
readdir.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
select.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_file.c seq_file: fix incomplete reset on read from zero offset 2018-02-22 15:42:28 +01:00
signalfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
splice.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
stack.c
stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
statfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c fs: don't scan the inode cache before SB_BORN is set 2018-05-30 07:51:47 +02:00
sync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timerfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
userfaultfd.c coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 2019-04-27 09:35:37 +02:00
utimes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c sysfs: Do not return POSIX ACL xattrs via listxattr 2018-10-10 08:54:27 +02:00