diff --git a/patches.suse/nfsd-use-vfs-setgid-helper.patch b/patches.suse/nfsd-use-vfs-setgid-helper.patch new file mode 100644 index 0000000..98f4d2f --- /dev/null +++ b/patches.suse/nfsd-use-vfs-setgid-helper.patch @@ -0,0 +1,80 @@ +From: Christian Brauner +Date: Tue, 2 May 2023 15:36:02 +0200 +Subject: [PATCH] nfsd: use vfs setgid helper +Git-commit: 2d8ae8c417db284f598dffb178cc01e7db0f1821 +Patch-mainline: v6.5 +References: git-fixes + +We've aligned setgid behavior over multiple kernel releases. The details +can be found in commit cf619f891971 ("Merge tag 'fs.ovl.setgid.v6.2' of +git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping") and +commit 426b4ca2d6a5 ("Merge tag 'fs.setgid.v6.0' of +git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux"). +Consistent setgid stripping behavior is now encapsulated in the +setattr_should_drop_sgid() helper which is used by all filesystems that +strip setgid bits outside of vfs proper. Usually ATTR_KILL_SGID is +raised in e.g., chown_common() and is subject to the +setattr_should_drop_sgid() check to determine whether the setgid bit can +be retained. Since nfsd is raising ATTR_KILL_SGID unconditionally it +will cause notify_change() to strip it even if the caller had the +necessary privileges to retain it. Ensure that nfsd only raises +ATR_KILL_SGID if the caller lacks the necessary privileges to retain the +setgid bit. + +Without this patch the setgid stripping tests in LTP will fail: + +> As you can see, the problem is S_ISGID (0002000) was dropped on a +> non-group-executable file while chown was invoked by super-user, while + +[...] + +> fchown02.c:66: TFAIL: testfile2: wrong mode permissions 0100700, expected 0102700 + +[...] + +> chown02.c:57: TFAIL: testfile2: wrong mode permissions 0100700, expected 0102700 + +With this patch all tests pass. + +Reported-by: Sherry Yang +Signed-off-by: Christian Brauner +Reviewed-by: Jeff Layton +Cc: +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/vfs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -304,7 +304,8 @@ commit_metadata(struct svc_fh *fhp) + * NFS semantics and what Linux expects. + */ + static void +-nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) ++nfsd_sanitize_attrs(struct dentry *dentry, ++ struct inode *inode, struct iattr *iap) + { + /* sanitize the mode change */ + if (iap->ia_valid & ATTR_MODE) { +@@ -323,7 +324,8 @@ nfsd_sanitize_attrs(struct inode *inode, + iap->ia_mode &= ~S_ISGID; + } else { + /* set ATTR_KILL_* bits and let VFS handle it */ +- iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); ++ iap->ia_valid |= ATTR_KILL_SUID; ++ iap->ia_valid |= should_remove_suid(dentry); + } + } + } +@@ -416,7 +418,7 @@ nfsd_setattr(struct svc_rqst *rqstp, str + if (!iap->ia_valid) + return 0; + +- nfsd_sanitize_attrs(inode, iap); ++ nfsd_sanitize_attrs(dentry, inode, iap); + + if (check_guard && guardtime != inode->i_ctime.tv_sec) + return nfserr_notsync; diff --git a/series.conf b/series.conf index 3e2adbc..cee9745 100644 --- a/series.conf +++ b/series.conf @@ -42270,6 +42270,7 @@ patches.suse/ext4-Remove-ext4-locking-of-moved-directory.patch patches.suse/fs-Establish-locking-order-for-unrelated-directories.patch patches.suse/fs-Lock-moved-directories.patch + patches.suse/nfsd-use-vfs-setgid-helper.patch patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch patches.suse/NFSD-add-encoding-of-op_recall-flag-for-write-delega.patch patches.suse/svcrdma-Prevent-page-release-when-nothing-was-receiv.patch