WSL2-Linux-Kernel/security
Wang Weiyang 317ebe61a6 device_cgroup: Roll back to original exceptions after copy failure
commit e68bfbd3b3 upstream.

When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.

Backup A's whitelist and recover original exceptions after copy
failure.

Cc: stable@vger.kernel.org
Fixes: 4cef7299b4 ("device_cgroup: add proper checking when changing default behavior")
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-12 11:58:59 +01:00
..
apparmor apparmor: Fix memleak in alloc_ns() 2022-12-31 13:14:22 +01:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity ima: Fix a potential NULL pointer access in ima_restore_measurement_list 2023-01-12 11:58:57 +01:00
keys KEYS: trusted: tpm2: Fix migratable logic 2022-06-14 18:36:25 +02:00
landlock landlock: Fix same-layer rule unions 2022-06-09 10:23:24 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() 2022-10-29 10:12:54 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-08 14:23:55 +02:00
tomoyo TOMOYO: fix __setup handlers return values 2022-04-08 14:23:35 +02:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-07-23 12:54:10 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lockdown: also lock down previous kgdb use 2022-05-25 09:57:37 +02:00