[kernel] r18918 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at alioth.debian.org
Sun Apr 8 21:40:09 UTC 2012
Author: benh
Date: Sun Apr 8 21:40:08 2012
New Revision: 18918
Log:
TOMOYO: Fix mount flags checking order.
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/base
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Sun Apr 8 20:16:29 2012 (r18917)
+++ dists/sid/linux-2.6/debian/changelog Sun Apr 8 21:40:08 2012 (r18918)
@@ -6,6 +6,7 @@
* [x86] drm/i915: mask transcoder select bits before setting them on LVDS
* [armhf/mx5,mipsel/loongson-2f] input: Enable INPUT_TOUCHSCREEN
(Closes: #668036)
+ * TOMOYO: Fix mount flags checking order.
[ Jonathan Nieder ]
* [x86] ioat: fix size of 'completion' for Xen (Closes: #660554)
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch Sun Apr 8 21:40:08 2012 (r18918)
@@ -0,0 +1,89 @@
+From: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+Date: Wed, 29 Feb 2012 21:53:22 +0900
+Subject: [PATCH] TOMOYO: Fix mount flags checking order.
+
+commit df91e49477a9be15921cb2854e1d12a3bdb5e425 upstream.
+
+Userspace can pass in arbitrary combinations of MS_* flags to mount().
+
+If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
+passed, device name which should be checked for MS_BIND was not checked because
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.
+
+If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
+should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
+higher priority than MS_REMOUNT.
+
+Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.
+
+Also, unconditionally return -EINVAL if more than one of
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
+generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
+flags passed to change_mnt_propagation()" clarified that these flags must be
+exclusively passed.
+
+Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+Signed-off-by: James Morris <james.l.morris at oracle.com>
+---
+ security/tomoyo/mount.c | 38 ++++++++++++++++++++------------------
+ 1 file changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
+index bee09d0..fe00cdf 100644
+--- a/security/tomoyo/mount.c
++++ b/security/tomoyo/mount.c
+@@ -199,30 +199,32 @@ int tomoyo_mount_permission(char *dev_name, struct path *path,
+ if (flags & MS_REMOUNT) {
+ type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
+ flags &= ~MS_REMOUNT;
+- }
+- if (flags & MS_MOVE) {
+- type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
+- flags &= ~MS_MOVE;
+- }
+- if (flags & MS_BIND) {
++ } else if (flags & MS_BIND) {
+ type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
+ flags &= ~MS_BIND;
+- }
+- if (flags & MS_UNBINDABLE) {
+- type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
+- flags &= ~MS_UNBINDABLE;
+- }
+- if (flags & MS_PRIVATE) {
++ } else if (flags & MS_SHARED) {
++ if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
++ return -EINVAL;
++ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
++ flags &= ~MS_SHARED;
++ } else if (flags & MS_PRIVATE) {
++ if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
++ return -EINVAL;
+ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
+ flags &= ~MS_PRIVATE;
+- }
+- if (flags & MS_SLAVE) {
++ } else if (flags & MS_SLAVE) {
++ if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE))
++ return -EINVAL;
+ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
+ flags &= ~MS_SLAVE;
+- }
+- if (flags & MS_SHARED) {
+- type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
+- flags &= ~MS_SHARED;
++ } else if (flags & MS_UNBINDABLE) {
++ if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
++ return -EINVAL;
++ type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
++ flags &= ~MS_UNBINDABLE;
++ } else if (flags & MS_MOVE) {
++ type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
++ flags &= ~MS_MOVE;
+ }
+ if (!type)
+ type = "<NULL>";
+--
+1.7.9.5
+
Modified: dists/sid/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/base Sun Apr 8 20:16:29 2012 (r18917)
+++ dists/sid/linux-2.6/debian/patches/series/base Sun Apr 8 21:40:08 2012 (r18918)
@@ -94,3 +94,4 @@
+ bugfix/all/net-fix-proc-net-dev-regression.patch
+ bugfix/arm/ARM-orion5x-Fix-GPIO-enable-bits-for-MPP9.patch
+ bugfix/x86/drm-i915-mask-transcoder-select-bits-before-setting-.patch
++ bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch
More information about the Kernel-svn-changes
mailing list