iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Mickaël Salaün 95a520b591 ksmbd: Fix user namespace mapping 
commit 7c88c1e0ab1704bacb751341ee6431c3be34b834 upstream.

A kernel daemon should not rely on the current thread, which is unknown
and might be malicious.  Before this security fix,
ksmbd_override_fsids() didn't correctly override FS UID/GID which means
that arbitrary user space threads could trick the kernel to impersonate
arbitrary users or groups for file system access checks, leading to
file system access bypass.

This was found while investigating truncate support for Landlock:
https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXqA@mail.gmail.com

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: Hyunchul Lee <hyc.lee@gmail.com>
Cc: Steve French <smfrench@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-10-26 12:34:26 +02:00
..
9p
9p: fix a bunch of checkpatch warnings
2022-08-17 14:24:07 +02:00
adfs
affs
afs
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
2022-09-23 14:15:51 +02:00
autofs
autofs: fix wait name hash calculation in autofs_wait()
2021-10-20 21:09:02 -04:00
befs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
bfs
btrfs
btrfs: fix hang during unmount when stopping a space reclaim worker
2022-09-28 11:11:42 +02:00
cachefiles
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
ceph
ceph: don't truncate file in atomic_open
2022-10-15 07:59:01 +02:00
cifs
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
2022-10-26 12:34:19 +02:00
coda
configfs
configfs: fix a race in configfs_{,un}register_subsystem()
2022-03-02 11:48:02 +01:00
cramfs
crypto
fscrypt: allow 256-bit master keys with AES-256-XTS
2021-11-18 19:16:11 +01:00
debugfs
debugfs: add debugfs_lookup_and_remove()
2022-09-15 11:30:02 +02:00
devpts
fsnotify: fix fsnotify hooks in pseudo filesystems
2022-02-01 17:27:01 +01:00
dlm
fs: dlm: handle -EBUSY first in lock arg validation
2022-10-26 12:34:20 +02:00
ecryptfs
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
efivarfs
efs
erofs
erofs: fix pcluster use-after-free on UP platforms
2022-09-15 11:30:06 +02:00
exfat
exfat: use updated exfat_chain directly during renaming
2022-07-29 17:25:30 +02:00
exportfs
exportfs: support idmapped mounts
2022-06-09 10:23:32 +02:00
ext2
ext2: Add more validity checks for inode counts
2022-08-17 14:23:00 +02:00
ext4
ext4: use locality group preallocation for small closed files
2022-09-28 11:11:58 +02:00
f2fs
f2fs: fix to do sanity check on segment type in build_sit_entries()
2022-08-25 11:40:45 +02:00
fat
fat: add ratelimit to fat*_ent_bread()
2022-06-09 10:22:42 +02:00
freevxfs
fscache
fscache: Remove an unused static variable
2021-10-04 22:13:12 +01:00
fuse
fuse: Remove the control interface for virtio-fs
2022-08-17 14:24:11 +02:00
gfs2
gfs2: Fix gfs2_file_buffered_write endless loop workaround
2022-07-12 16:34:59 +02:00
hfs
hfsplus
hostfs
hostfs: support splice_write
2021-08-26 22:28:02 +02:00
hpfs
hugetlbfs
hugetlbfs: fix hugetlbfs_statfs() locking
2022-06-09 10:23:11 +02:00
iomap
iomap: iomap_write_failed fix
2022-06-09 10:22:55 +02:00
isofs
isofs: Fix out of bound access for corrupted isofs image
2021-11-12 15:05:50 +01:00
jbd2
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
2022-08-17 14:24:01 +02:00
jffs2
jffs2: fix memory leak in jffs2_do_fill_super
2022-06-14 18:36:10 +02:00
jfs
fs: jfs: fix possible NULL pointer dereference in dbFree()
2022-06-09 10:22:41 +02:00
kernfs
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
2022-06-14 18:36:22 +02:00
ksmbd
ksmbd: Fix user namespace mapping
2022-10-26 12:34:26 +02:00
lockd
lockd: detect and reject lock arguments that overflow
2022-08-17 14:22:47 +02:00
minix
minix: fix bug when opening a file with O_DIRECT
2022-04-13 20:59:10 +02:00
netfs
netfs: fix parameter of cleanup()
2021-12-29 12:28:59 +01:00
nfs
NFSv4: Fixes for nfs4_inode_return_delegation()
2022-09-28 11:11:57 +02:00
nfs_common
nfs: Fix kerneldoc warning shown up by W=1
2021-10-04 22:02:17 +01:00
nfsd
NFSD: Protect against send buffer overflow in NFSv3 READ
2022-10-26 12:34:25 +02:00
nilfs2
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
2022-10-15 07:59:01 +02:00
nls
notify
fsnotify: fix wrong lockdep annotations
2022-06-09 10:22:50 +02:00
ntfs
ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
2022-10-05 10:39:37 +02:00
ntfs3
fs/ntfs3: Fix work with fragmented xattr
2022-09-05 10:30:10 +02:00
ocfs2
Revert "ocfs2: mount shared volume without ha stack"
2022-08-03 12:03:41 +02:00
omfs
openpromfs
orangefs
orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
2022-01-20 09:13:13 +01:00
overlayfs
ovl: warn if trusted xattr creation fails
2022-08-25 11:40:43 +02:00
proc
mm/smaps: don't access young/dirty bit if pte unpresent
2022-08-31 17:16:37 +02:00
pstore
pstore: Don't use semaphores in always-atomic-context code
2022-04-08 14:23:01 +02:00
qnx4
qnx4: work around gcc false positive warning bug
2021-09-21 08:36:48 -07:00
qnx6
quota
quota: Check next/prev free block number after reading from quota file
2022-10-26 12:34:21 +02:00
ramfs
reiserfs
Kbuild updates for v5.15
2021-09-03 15:33:47 -07:00
romfs
smbfs_common
cifs: Fix crash on unload of cifs_arc4.ko
2021-12-14 10:57:12 +01:00
squashfs
squashfs: use bvec_virt
2021-08-16 10:50:32 -06:00
sysfs
sysfs: Allow deferred execution of iomem_get_mapping()
2021-08-06 13:05:28 +02:00
sysv
tracefs
tracefs: Only clobber mode/uid/gid on remount if asked
2022-09-20 12:39:43 +02:00
ubifs
ubifs: rename_whiteout: correct old_dir size computing
2022-04-08 14:24:08 +02:00
udf
udf: Avoid using stale lengthOfImpUse
2022-05-15 20:18:52 +02:00
ufs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
unicode
vboxsf
vboxfs: fix broken legacy mount signature checking
2021-09-27 11:26:21 -07:00
verity
fs-verity: fix signed integer overflow with i_size near S64_MAX
2021-09-22 10:56:34 -07:00
xfs
xfs: validate inode fork size against fork format
2022-09-28 11:11:45 +02:00
zonefs
block: add a bdev_max_zone_append_sectors helper
2022-08-31 17:16:34 +02:00
aio.c
aio: Fix incorrect usage of eventfd_signal_allowed()
2021-12-14 10:57:22 +01:00
anon_inodes.c
attr.c
vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-17 14:22:50 +02:00
bad_inode.c
vfs: add rcu argument to ->get_acl() callback
2021-08-18 22:08:24 +02:00
binfmt_aout.c
binfmt: a.out: Fix bogus semicolon
2021-09-05 10:15:05 -07:00
binfmt_elf_fdpic.c
coredump: Snapshot the vmas in do_coredump
2022-04-08 14:24:17 +02:00
binfmt_elf.c
coredump: Use the vma snapshot in fill_files_note
2022-04-08 14:24:18 +02:00
binfmt_flat.c
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-09 10:22:26 +02:00
binfmt_misc.c
binfmt_script.c
buffer.c
mm: fs: fix lru_cache_disabled race in bh_lru
2022-04-08 14:22:54 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c
coredump: Use the vma snapshot in fill_files_note
2022-04-08 14:24:18 +02:00
d_path.c
d_path: make 'prepend()' fill up the buffer exactly on overflow
2021-09-02 10:07:29 -07:00
dax.c
fsdax: Fix infinite loop in dax_iomap_rw()
2022-09-28 11:11:56 +02:00
dcache.c
direct-io.c
drop_caches.c
fs: drop_caches: fix skipping over shadow cache inodes
2021-09-03 09:58:10 -07:00
eventfd.c
eventfd: Export eventfd_wake_count to modules
2021-09-06 07:20:56 -04:00
eventpoll.c
epoll: autoremove wakers even more aggressively
2022-08-17 14:22:59 +02:00
exec.c
posix-cpu-timers: Cleanup CPU timers before freeing them during exec
2022-08-17 14:24:19 +02:00
fcntl.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
fhandle.c
file_table.c
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
2022-05-18 10:26:57 +02:00
file.c
fs: fix fd table size alignment properly
2022-04-08 14:23:54 +02:00
filesystems.c
fs: simplify get_filesystem_list / get_all_fs_names
2021-08-23 01:25:40 -04:00
fs_context.c
vfs: fs_context: fix up param length parsing in legacy_parse_param
2022-01-20 09:13:14 +01:00
fs_parser.c
namei: Standardize callers of filename_lookup()
2021-09-07 16:07:47 -04:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
writeback: avoid use-after-free after removing device
2022-08-31 17:16:47 +02:00
fsopen.c
init.c
inode.c
fs: fix UAF/GPF bug in nilfs_mdt_destroy
2022-10-12 09:53:26 +02:00
internal.h
fs: split off setxattr_copy and do_setxattr function from setxattr
2022-10-05 10:39:44 +02:00
io_uring.c
io_uring/net: don't update msg_name if not provided
2022-10-26 12:34:18 +02:00
io-wq.c
io-wq: drop wqe lock before creating new worker
2021-12-22 09:32:51 +01:00
io-wq.h
io-wq: provide a way to limit max number of workers
2021-08-29 07:55:55 -06:00
ioctl.c
fs: fix an infinite loop in iomap_fiemap
2022-05-25 09:57:26 +02:00
Kconfig
4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate
2021-09-12 10:10:21 -07:00
Kconfig.binfmt
kernel_read_file.c
vfs: check fd has read access in kernel_read_file_from_fd()
2021-10-18 20:22:03 -10:00
libfs.c
locks.c
Revert "memcg: enable accounting for file lock caches"
2021-09-07 11:21:48 -07:00
Makefile
4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate
2021-09-12 10:10:21 -07:00
mbcache.c
mbcache: add functions to delete entry if unused
2022-08-17 14:22:57 +02:00
mount.h
mpage.c
namei.c
__follow_mount_rcu(): verify that mount_lock remains unchanged
2022-08-17 14:24:19 +02:00
namespace.c
fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
2022-08-31 17:16:37 +02:00
no-block.c
nsfs.c
open.c
fs: support mapped mounts of mapped filesystems
2022-07-02 16:41:17 +02:00
pipe.c
pipe: Fix missing lock in pipe_resize_ring()
2022-06-06 08:43:37 +02:00
pnode.c
pnode.h
posix_acl.c
fs: fix acl translation
2022-07-02 16:41:17 +02:00
proc_namespace.c
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
read_write.c
fs: sendfile handles O_NONBLOCK of out_fd
2022-08-03 12:03:41 +02:00
readdir.c
remap_range.c
fs/remap: constrain dedupe of EOF blocks
2022-07-21 21:24:14 +02:00
select.c
select: Fix indefinitely sleeping task in poll_schedule_timeout()
2022-01-29 10:58:25 +01:00
seq_file.c
rxrpc: Fix locking issue
2022-07-12 16:35:08 +02:00
signalfd.c
signalfd: use wake_up_pollfree()
2021-12-14 10:57:15 +01:00
splice.c
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
2022-10-26 12:34:17 +02:00
stack.c
stat.c
stat: fix inconsistency between struct stat and struct compat_stat
2022-04-27 14:38:57 +02:00
statfs.c
super.c
vfs: make freeze_super abort when sync_filesystem returns error
2022-02-23 12:03:05 +01:00
sync.c
vfs: make sync_filesystem return errors from ->sync_fs
2022-04-27 14:38:50 +02:00
timerfd.c
timerfd: Provide timerfd_resume()
2021-08-10 17:57:22 +02:00
userfaultfd.c
userfaultfd: fix a race between writeprotect and exit_mmap()
2021-10-18 20:22:02 -10:00
utimes.c
xattr.c
fs: split off setxattr_copy and do_setxattr function from setxattr
2022-10-05 10:39:44 +02:00