Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Lochmann <alexander.lochmann@tu-dortmund.de>2018-12-14 11:55:52 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-06-22 08:18:27 +0200
commitdf7ba8162ca13aa32a65b3a98bdaefbb44772966 (patch)
treef3c1476449a21f6cd8f55d5afcef2a1caf368d23
parent8f6345a11caae324ad36abca8723a5710d099a85 (diff)
Abort file_remove_privs() for non-reg. files
commit f69e749a49353d96af1a293f56b5b56de59c668a upstream. file_remove_privs() might be called for non-regular files, e.g. blkdev inode. There is no reason to do its job on things like blkdev inodes, pipes, or cdevs. Hence, abort if file does not refer to a regular inode. AV: more to the point, for devices there might be any number of inodes refering to given device. Which one to strip the permissions from, even if that made any sense in the first place? All of them will be observed with contents modified, after all. Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf Spinczyk) Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de> Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Zubin Mithra <zsm@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--fs/inode.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/fs/inode.c b/fs/inode.c
index b5c3a6473aaa..00ec6db1cad5 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1744,8 +1744,13 @@ int file_remove_privs(struct file *file)
int kill;
int error = 0;
- /* Fast path for nothing security related */
- if (IS_NOSEC(inode))
+ /*
+ * Fast path for nothing security related.
+ * As well for non-regular files, e.g. blkdev inodes.
+ * For example, blkdev_write_iter() might get here
+ * trying to remove privs which it is not allowed to.
+ */
+ if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
return 0;
kill = dentry_needs_remove_privs(dentry);