[kernel] r18918 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at alioth.debian.org
Sun Apr 8 21:40:09 UTC 2012 

Author: benh
Date: Sun Apr  8 21:40:08 2012
New Revision: 18918

Log:
TOMOYO: Fix mount flags checking order.

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/base

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sun Apr  8 20:16:29 2012	(r18917)
+++ dists/sid/linux-2.6/debian/changelog	Sun Apr  8 21:40:08 2012	(r18918)
@@ -6,6 +6,7 @@
   * [x86] drm/i915: mask transcoder select bits before setting them on LVDS
   * [armhf/mx5,mipsel/loongson-2f] input: Enable INPUT_TOUCHSCREEN
     (Closes: #668036)
+  * TOMOYO: Fix mount flags checking order.
 
   [ Jonathan Nieder ]
   * [x86] ioat: fix size of 'completion' for Xen (Closes: #660554)

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch	Sun Apr  8 21:40:08 2012	(r18918)
@@ -0,0 +1,89 @@
+From: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+Date: Wed, 29 Feb 2012 21:53:22 +0900
+Subject: [PATCH] TOMOYO: Fix mount flags checking order.
+
+commit df91e49477a9be15921cb2854e1d12a3bdb5e425 upstream.
+
+Userspace can pass in arbitrary combinations of MS_* flags to mount().
+
+If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
+passed, device name which should be checked for MS_BIND was not checked because
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.
+
+If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
+should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
+higher priority than MS_REMOUNT.
+
+Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.
+
+Also, unconditionally return -EINVAL if more than one of
+MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
+generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
+flags passed to change_mnt_propagation()" clarified that these flags must be
+exclusively passed.
+
+Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+Signed-off-by: James Morris <james.l.morris at oracle.com>
+---
+ security/tomoyo/mount.c |   38 ++++++++++++++++++++------------------
+ 1 file changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
+index bee09d0..fe00cdf 100644
+--- a/security/tomoyo/mount.c
++++ b/security/tomoyo/mount.c
+@@ -199,30 +199,32 @@ int tomoyo_mount_permission(char *dev_name, struct path *path,
+ 	if (flags & MS_REMOUNT) {
+ 		type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
+ 		flags &= ~MS_REMOUNT;
+-	}
+-	if (flags & MS_MOVE) {
+-		type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
+-		flags &= ~MS_MOVE;
+-	}
+-	if (flags & MS_BIND) {
++	} else if (flags & MS_BIND) {
+ 		type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
+ 		flags &= ~MS_BIND;
+-	}
+-	if (flags & MS_UNBINDABLE) {
+-		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
+-		flags &= ~MS_UNBINDABLE;
+-	}
+-	if (flags & MS_PRIVATE) {
++	} else if (flags & MS_SHARED) {
++		if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
++			return -EINVAL;
++		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
++		flags &= ~MS_SHARED;
++	} else if (flags & MS_PRIVATE) {
++		if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
++			return -EINVAL;
+ 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
+ 		flags &= ~MS_PRIVATE;
+-	}
+-	if (flags & MS_SLAVE) {
++	} else if (flags & MS_SLAVE) {
++		if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE))
++			return -EINVAL;
+ 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
+ 		flags &= ~MS_SLAVE;
+-	}
+-	if (flags & MS_SHARED) {
+-		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
+-		flags &= ~MS_SHARED;
++	} else if (flags & MS_UNBINDABLE) {
++		if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
++			return -EINVAL;
++		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
++		flags &= ~MS_UNBINDABLE;
++	} else if (flags & MS_MOVE) {
++		type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
++		flags &= ~MS_MOVE;
+ 	}
+ 	if (!type)
+ 		type = "<NULL>";
+-- 
+1.7.9.5
+

Modified: dists/sid/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/base	Sun Apr  8 20:16:29 2012	(r18917)
+++ dists/sid/linux-2.6/debian/patches/series/base	Sun Apr  8 21:40:08 2012	(r18918)
@@ -94,3 +94,4 @@
 + bugfix/all/net-fix-proc-net-dev-regression.patch
 + bugfix/arm/ARM-orion5x-Fix-GPIO-enable-bits-for-MPP9.patch
 + bugfix/x86/drm-i915-mask-transcoder-select-bits-before-setting-.patch
++ bugfix/all/TOMOYO-Fix-mount-flags-checking-order.patch

More information about the Kernel-svn-changes mailing list