kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   136e94c0d32ef24eb41a2c47e8d8c55d1856cef4
  2.   patches.suse
  3.   ovl-call-secutiry-hook-in-ovl_real_ioctl.patch
Blob Blame History Raw 
From 292f902a40c11f043a5ca1305a114da0e523eaa3 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@redhat.com>
Date: Tue Jun  2 22:20:26 2020 +0200
Subject: [PATCH] ovl: call secutiry hook in ovl_real_ioctl() 
Git-commit: 292f902a40c11f043a5ca1305a114da0e523eaa3
References: bsc#1177470, CVE-2020-16120
Patch-mainline: v5.8-rc1

Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do
it.

[Stephen Rothwell] export security_file_ioctl

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>

---
 fs/overlayfs/file.c |    5 ++++-
 security/security.c |    1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -9,6 +9,7 @@
 #include <linux/xattr.h>
 #include <linux/uio.h>
 #include <linux/uaccess.h>
+#include <linux/security.h>
 #include "overlayfs.h"
 
 static char ovl_whatisit(struct inode *inode, struct inode *realinode)
@@ -398,7 +399,9 @@
 		return ret;
 
 	old_cred = ovl_override_creds(file_inode(file)->i_sb);
-	ret = vfs_ioctl(real.file, cmd, arg);
+	ret = security_file_ioctl(real.file, cmd, arg);
+	if (!ret)
+		ret = vfs_ioctl(real.file, cmd, arg);
 	revert_creds(old_cred);
 
 	fdput(real);
--- a/security/security.c
+++ b/security/security.c
@@ -1402,6 +1402,7 @@
 {
 	return call_int_hook(file_ioctl, 0, file, cmd, arg);
 }
+EXPORT_SYMBOL_GPL(security_file_ioctl);
 
 static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
 {
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.