open: always initialize ownership fields
Beginning of the merge window we introduced the vfs{g,u}id_t types inb27c82e129
("attr: port attribute changes to new types") and changed various codepaths over including chown_common(). During that change we forgot to account for the case were the passed ownership value is -1. In this case the ownership fields in struct iattr aren't initialized but we rely on them being initialized by the time we generate the ownership to pass down to the LSMs. All the major LSMs don't care about the ownership values at all. Only Tomoyo uses them and so it took a while for syzbot to unearth this issue. Fix this by initializing the ownership fields and do it within the retry_deleg block. While notify_change() doesn't alter the ownership fields currently we shouldn't rely on it. Since no kernel has been released with these changes this does not needed to be backported to any stable kernels. [Christian Brauner (Microsoft) <brauner@kernel.org>] * rewrote commit message * use INVALID_VFS{G,U}ID macros Fixes:b27c82e129
("attr: port attribute changes to new types") # mainline only Reported-and-tested-by: syzbot+541e21dcc32c4046cba9@syzkaller.appspotmail.com Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
This commit is contained in:
parent
b90cb10531
commit
f52d74b190
@ -716,6 +716,8 @@ int chown_common(const struct path *path, uid_t user, gid_t group)
|
|||||||
fs_userns = i_user_ns(inode);
|
fs_userns = i_user_ns(inode);
|
||||||
|
|
||||||
retry_deleg:
|
retry_deleg:
|
||||||
|
newattrs.ia_vfsuid = INVALID_VFSUID;
|
||||||
|
newattrs.ia_vfsgid = INVALID_VFSGID;
|
||||||
newattrs.ia_valid = ATTR_CTIME;
|
newattrs.ia_valid = ATTR_CTIME;
|
||||||
if ((user != (uid_t)-1) && !setattr_vfsuid(&newattrs, uid))
|
if ((user != (uid_t)-1) && !setattr_vfsuid(&newattrs, uid))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
Loading…
Reference in New Issue
Block a user