[linux] 02/02: Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Sep 24 21:41:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie
in repository linux.
commit 466b71bfbdcf3bf3b5cb8af4a22744f62b08f827
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Sep 24 22:40:40 2017 +0100
Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026)
ext2: Don't clear SGID when inheriting ACLs
hfsplus: Don't clear SGID when inheriting ACLs
reiserfs: Don't clear SGID when inheriting ACLs
btrfs: Don't clear SGID when inheriting ACLs
jfs: Don't clear SGID when inheriting ACLs
xfs: Don't clear SGID when inheriting ACLs
f2fs: Don't clear SGID when inheriting ACLs
ext4: preserve i_mode if __ext4_set_acl() fails
ext4: Don't clear SGID when inheriting ACLs
---
debian/changelog | 10 +++
...rfs-don-t-clear-sgid-when-inheriting-acls.patch | 58 +++++++++++++
...xt2-don-t-clear-sgid-when-inheriting-acls.patch | 96 ++++++++++++++++++++++
...xt4-don-t-clear-sgid-when-inheriting-acls.patch | 93 +++++++++++++++++++++
...4-preserve-i_mode-if-__ext4_set_acl-fails.patch | 68 +++++++++++++++
...2fs-don-t-clear-sgid-when-inheriting-acls.patch | 30 +++++++
...lus-don-t-clear-sgid-when-inheriting-acls.patch | 90 ++++++++++++++++++++
...jfs-don-t-clear-sgid-when-inheriting-acls.patch | 64 +++++++++++++++
...rfs-don-t-clear-sgid-when-inheriting-acls.patch | 56 +++++++++++++
...xfs-don-t-clear-sgid-when-inheriting-acls.patch | 79 ++++++++++++++++++
debian/patches/series | 9 ++
11 files changed, 653 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c2ed561..55ac046 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -571,6 +571,16 @@ linux (3.16.48-1) UNRELEASED; urgency=medium
* ttm: Avoid ABI change for ttm_ref_object_add() require_existing param
* cxgbi, IB, libiscsi, l2tp, rds: Ignore ABI changes
* ptrace, xfrm: Avoid ABI changes in 3.16.48
+ * Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026):
+ - ext2: Don't clear SGID when inheriting ACLs
+ - hfsplus: Don't clear SGID when inheriting ACLs
+ - reiserfs: Don't clear SGID when inheriting ACLs
+ - btrfs: Don't clear SGID when inheriting ACLs
+ - jfs: Don't clear SGID when inheriting ACLs
+ - xfs: Don't clear SGID when inheriting ACLs
+ - f2fs: Don't clear SGID when inheriting ACLs
+ - ext4: preserve i_mode if __ext4_set_acl() fails
+ - ext4: Don't clear SGID when inheriting ACLs
-- Ben Hutchings <ben at decadent.org.uk> Sun, 06 Aug 2017 22:03:56 +0100
diff --git a/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..050be32
--- /dev/null
+++ b/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,58 @@
+From: Jan Kara <jack at suse.cz>
+Date: Thu, 22 Jun 2017 15:31:07 +0200
+Subject: btrfs: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/b7f8a09f8097db776b8d160862540e4fc1f51296
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by moving posix_acl_update_mode() out of
+__btrfs_set_acl() into btrfs_set_acl(). That way the function will not be
+called when inheriting ACLs which is what we want as it prevents SGID
+bit clearing and the mode has been properly set by posix_acl_create()
+anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+CC: linux-btrfs at vger.kernel.org
+CC: David Sterba <dsterba at suse.com>
+Signed-off-by: Jan Kara <jack at suse.cz>
+Signed-off-by: David Sterba <dsterba at suse.com>
+[bwh: Backported to 3.16: adjust context]
+---
+ fs/btrfs/acl.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/fs/btrfs/acl.c
++++ b/fs/btrfs/acl.c
+@@ -82,12 +82,6 @@ static int __btrfs_set_acl(struct btrfs_
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name = POSIX_ACL_XATTR_ACCESS;
+- if (acl) {
+- ret = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+- if (ret)
+- return ret;
+- }
+- ret = 0;
+ break;
+ case ACL_TYPE_DEFAULT:
+ if (!S_ISDIR(inode->i_mode))
+@@ -123,6 +117,13 @@ out:
+
+ int btrfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ {
++ int ret;
++
++ if (type == ACL_TYPE_ACCESS && acl) {
++ ret = posix_acl_update_mode(inode, &inode->i_mode, &acl);
++ if (ret)
++ return ret;
++ }
+ return __btrfs_set_acl(NULL, inode, acl, type);
+ }
+
diff --git a/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..eb1c4c9
--- /dev/null
+++ b/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,96 @@
+From: Jan Kara <jack at suse.cz>
+Date: Wed, 21 Jun 2017 14:34:15 +0200
+Subject: ext2: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/a992f2d38e4ce17b8c7d1f7f67b2de0eebdea069
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by creating __ext2_set_acl() function that does not call
+posix_acl_update_mode() and use it when inheriting ACLs. That prevents
+SGID bit clearing and the mode has been properly set by
+posix_acl_create() anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+CC: linux-ext4 at vger.kernel.org
+Signed-off-by: Jan Kara <jack at suse.cz>
+[bwh: Backported to 3.16: keep using CURRENT_TIME_SEC]
+---
+ fs/ext2/acl.c | 36 ++++++++++++++++++++++--------------
+ 1 file changed, 22 insertions(+), 14 deletions(-)
+
+--- a/fs/ext2/acl.c
++++ b/fs/ext2/acl.c
+@@ -178,11 +178,8 @@ ext2_get_acl(struct inode *inode, int ty
+ return acl;
+ }
+
+-/*
+- * inode->i_mutex: down
+- */
+-int
+-ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
++static int
++__ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ {
+ int name_index;
+ void *value = NULL;
+@@ -192,13 +189,6 @@ ext2_set_acl(struct inode *inode, struct
+ switch(type) {
+ case ACL_TYPE_ACCESS:
+ name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
+- if (acl) {
+- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+- if (error)
+- return error;
+- inode->i_ctime = CURRENT_TIME_SEC;
+- mark_inode_dirty(inode);
+- }
+ break;
+
+ case ACL_TYPE_DEFAULT:
+@@ -225,6 +215,24 @@ ext2_set_acl(struct inode *inode, struct
+ }
+
+ /*
++ * inode->i_mutex: down
++ */
++int
++ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
++{
++ int error;
++
++ if (type == ACL_TYPE_ACCESS && acl) {
++ error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
++ if (error)
++ return error;
++ inode->i_ctime = CURRENT_TIME_SEC;
++ mark_inode_dirty(inode);
++ }
++ return __ext2_set_acl(inode, acl, type);
++}
++
++/*
+ * Initialize the ACLs of a new inode. Called from ext2_new_inode.
+ *
+ * dir->i_mutex: down
+@@ -241,12 +249,12 @@ ext2_init_acl(struct inode *inode, struc
+ return error;
+
+ if (default_acl) {
+- error = ext2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
++ error = __ext2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
+ posix_acl_release(default_acl);
+ }
+ if (acl) {
+ if (!error)
+- error = ext2_set_acl(inode, acl, ACL_TYPE_ACCESS);
++ error = __ext2_set_acl(inode, acl, ACL_TYPE_ACCESS);
+ posix_acl_release(acl);
+ }
+ return error;
diff --git a/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..6c6efd7
--- /dev/null
+++ b/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,93 @@
+From: Jan Kara <jack at suse.cz>
+Date: Sun, 30 Jul 2017 23:33:01 -0400
+Subject: ext4: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/a3bb2d5587521eea6dab2d05326abb0afb460abd
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by moving posix_acl_update_mode() out of
+__ext4_set_acl() into ext4_set_acl(). That way the function will not be
+called when inheriting ACLs which is what we want as it prevents SGID
+bit clearing and the mode has been properly set by posix_acl_create()
+anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+Signed-off-by: Theodore Ts'o <tytso at mit.edu>
+Signed-off-by: Jan Kara <jack at suse.cz>
+Reviewed-by: Andreas Gruenbacher <agruenba at redhat.com>
+[bwh: Backported to 3.16:
+ - Keep using ext4_current_time()
+ - Adjust context]
+---
+ fs/ext4/acl.c | 28 +++++++++++++++-------------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+--- a/fs/ext4/acl.c
++++ b/fs/ext4/acl.c
+@@ -196,18 +196,10 @@ __ext4_set_acl(handle_t *handle, struct
+ void *value = NULL;
+ size_t size = 0;
+ int error;
+- int update_mode = 0;
+- umode_t mode = inode->i_mode;
+
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
+- if (acl) {
+- error = posix_acl_update_mode(inode, &mode, &acl);
+- if (error)
+- return error;
+- update_mode = 1;
+- }
+ break;
+
+ case ACL_TYPE_DEFAULT:
+@@ -231,11 +223,6 @@ __ext4_set_acl(handle_t *handle, struct
+ kfree(value);
+ if (!error) {
+ set_cached_acl(inode, type, acl);
+- if (update_mode) {
+- inode->i_mode = mode;
+- inode->i_ctime = ext4_current_time(inode);
+- ext4_mark_inode_dirty(handle, inode);
+- }
+ }
+
+ return error;
+@@ -246,6 +233,8 @@ ext4_set_acl(struct inode *inode, struct
+ {
+ handle_t *handle;
+ int error, retries = 0;
++ umode_t mode = inode->i_mode;
++ int update_mode = 0;
+
+ retry:
+ handle = ext4_journal_start(inode, EXT4_HT_XATTR,
+@@ -253,7 +242,20 @@ retry:
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+
++ if ((type == ACL_TYPE_ACCESS) && acl) {
++ error = posix_acl_update_mode(inode, &mode, &acl);
++ if (error)
++ goto out_stop;
++ update_mode = 1;
++ }
++
+ error = __ext4_set_acl(handle, inode, type, acl);
++ if (!error && update_mode) {
++ inode->i_mode = mode;
++ inode->i_ctime = ext4_current_time(inode);
++ ext4_mark_inode_dirty(handle, inode);
++ }
++out_stop:
+ ext4_journal_stop(handle);
+ if (error == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
+ goto retry;
diff --git a/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch b/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
new file mode 100644
index 0000000..361df4e
--- /dev/null
+++ b/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
@@ -0,0 +1,68 @@
+From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?=
+ <ernesto.mnd.fernandez at gmail.com>
+Date: Sun, 30 Jul 2017 22:43:41 -0400
+Subject: ext4: preserve i_mode if __ext4_set_acl() fails
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://git.kernel.org/linus/397e434176bb62bc6068d2210af1d876c6212a7e
+Bug-Debian: https://bugs.debian.org/873026
+
+When changing a file's acl mask, __ext4_set_acl() will first set the group
+bits of i_mode to the value of the mask, and only then set the actual
+extended attribute representing the new acl.
+
+If the second part fails (due to lack of space, for example) and the file
+had no acl attribute to begin with, the system will from now on assume
+that the mask permission bits are actual group permission bits, potentially
+granting access to the wrong users.
+
+Prevent this by only changing the inode mode after the acl has been set.
+
+Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez at gmail.com>
+Signed-off-by: Theodore Ts'o <tytso at mit.edu>
+Reviewed-by: Jan Kara <jack at suse.cz>
+[bwh: Backported to 3.16: keep using ext4_current_time()]
+---
+ fs/ext4/acl.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+--- a/fs/ext4/acl.c
++++ b/fs/ext4/acl.c
+@@ -196,16 +196,17 @@ __ext4_set_acl(handle_t *handle, struct
+ void *value = NULL;
+ size_t size = 0;
+ int error;
++ int update_mode = 0;
++ umode_t mode = inode->i_mode;
+
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
+ if (acl) {
+- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
++ error = posix_acl_update_mode(inode, &mode, &acl);
+ if (error)
+ return error;
+- inode->i_ctime = ext4_current_time(inode);
+- ext4_mark_inode_dirty(handle, inode);
++ update_mode = 1;
+ }
+ break;
+
+@@ -228,8 +229,14 @@ __ext4_set_acl(handle_t *handle, struct
+ value, size, 0);
+
+ kfree(value);
+- if (!error)
++ if (!error) {
+ set_cached_acl(inode, type, acl);
++ if (update_mode) {
++ inode->i_mode = mode;
++ inode->i_ctime = ext4_current_time(inode);
++ ext4_mark_inode_dirty(handle, inode);
++ }
++ }
+
+ return error;
+ }
diff --git a/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..0033c3b
--- /dev/null
+++ b/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,30 @@
+From: Jaegeuk Kim <jaegeuk at kernel.org>
+Date: Tue, 11 Jul 2017 14:56:49 -0700
+Subject: f2fs: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/c925dc162f770578ff4a65ec9b08270382dba9e6
+Bug-Debian: https://bugs.debian.org/873026
+
+This patch copies commit b7f8a09f80:
+"btrfs: Don't clear SGID when inheriting ACLs" written by Jan.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+Signed-off-by: Jan Kara <jack at suse.cz>
+Reviewed-by: Chao Yu <yuchao0 at huawei.com>
+Reviewed-by: Jan Kara <jack at suse.cz>
+Signed-off-by: Jaegeuk Kim <jaegeuk at kernel.org>
+---
+ fs/f2fs/acl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/f2fs/acl.c
++++ b/fs/f2fs/acl.c
+@@ -212,7 +212,7 @@ static int __f2fs_set_acl(struct inode *
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;
+- if (acl) {
++ if (acl && !ipage) {
+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+ if (error)
+ return error;
diff --git a/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..3b960a8
--- /dev/null
+++ b/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,90 @@
+From: Jan Kara <jack at suse.cz>
+Date: Wed, 21 Jun 2017 15:02:47 +0200
+Subject: hfsplus: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/84969465ddc4f8aeb3b993123b571aa01c5f2683
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by creating __hfsplus_set_posix_acl() function that does
+not call posix_acl_update_mode() and use it when inheriting ACLs. That
+prevents SGID bit clearing and the mode has been properly set by
+posix_acl_create() anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+Signed-off-by: Jan Kara <jack at suse.cz>
+[bwh: Backported to 3.16: adjust context]
+---
+ fs/hfsplus/posix_acl.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+--- a/fs/hfsplus/posix_acl.c
++++ b/fs/hfsplus/posix_acl.c
+@@ -54,8 +54,8 @@ struct posix_acl *hfsplus_get_posix_acl(
+ return acl;
+ }
+
+-int hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl,
+- int type)
++static int __hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl,
++ int type)
+ {
+ int err;
+ char *xattr_name;
+@@ -67,12 +67,6 @@ int hfsplus_set_posix_acl(struct inode *
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ xattr_name = POSIX_ACL_XATTR_ACCESS;
+- if (acl) {
+- err = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+- if (err)
+- return err;
+- }
+- err = 0;
+ break;
+
+ case ACL_TYPE_DEFAULT:
+@@ -108,6 +102,18 @@ end_set_acl:
+ return err;
+ }
+
++int hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl, int type)
++{
++ int err;
++
++ if (type == ACL_TYPE_ACCESS && acl) {
++ err = posix_acl_update_mode(inode, &inode->i_mode, &acl);
++ if (err)
++ return err;
++ }
++ return __hfsplus_set_posix_acl(inode, acl, type);
++}
++
+ int hfsplus_init_posix_acl(struct inode *inode, struct inode *dir)
+ {
+ int err = 0;
+@@ -125,15 +131,15 @@ int hfsplus_init_posix_acl(struct inode
+ return err;
+
+ if (default_acl) {
+- err = hfsplus_set_posix_acl(inode, default_acl,
+- ACL_TYPE_DEFAULT);
++ err = __hfsplus_set_posix_acl(inode, default_acl,
++ ACL_TYPE_DEFAULT);
+ posix_acl_release(default_acl);
+ }
+
+ if (acl) {
+ if (!err)
+- err = hfsplus_set_posix_acl(inode, acl,
+- ACL_TYPE_ACCESS);
++ err = __hfsplus_set_posix_acl(inode, acl,
++ ACL_TYPE_ACCESS);
+ posix_acl_release(acl);
+ }
+ return err;
diff --git a/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..3a90a0a
--- /dev/null
+++ b/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,64 @@
+From: Jan Kara <jack at suse.cz>
+Date: Thu, 22 Jun 2017 15:31:10 +0200
+Subject: jfs: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/9bcf66c72d726322441ec82962994e69157613e4
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by moving posix_acl_update_mode() out of
+__jfs_set_acl() into jfs_set_acl(). That way the function will not be
+called when inheriting ACLs which is what we want as it prevents SGID
+bit clearing and the mode has been properly set by posix_acl_create()
+anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+CC: jfs-discussion at lists.sourceforge.net
+Signed-off-by: Jan Kara <jack at suse.cz>
+Signed-off-by: Dave Kleikamp <dave.kleikamp at oracle.com>
+[bwh: Backported to 3.16:
+ - Keep using CURRENT_TIME
+ - Adjust context]
+---
+ fs/jfs/acl.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/fs/jfs/acl.c
++++ b/fs/jfs/acl.c
+@@ -83,13 +83,6 @@ static int __jfs_set_acl(tid_t tid, stru
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ ea_name = POSIX_ACL_XATTR_ACCESS;
+- if (acl) {
+- rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+- if (rc)
+- return rc;
+- inode->i_ctime = CURRENT_TIME;
+- mark_inode_dirty(inode);
+- }
+ break;
+ case ACL_TYPE_DEFAULT:
+ ea_name = POSIX_ACL_XATTR_DEFAULT;
+@@ -124,9 +117,17 @@ int jfs_set_acl(struct inode *inode, str
+
+ tid = txBegin(inode->i_sb, 0);
+ mutex_lock(&JFS_IP(inode)->commit_mutex);
++ if (type == ACL_TYPE_ACCESS && acl) {
++ rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
++ if (rc)
++ goto end_tx;
++ inode->i_ctime = CURRENT_TIME;
++ mark_inode_dirty(inode);
++ }
+ rc = __jfs_set_acl(tid, inode, type, acl);
+ if (!rc)
+ rc = txCommit(tid, 1, &inode, 0);
++end_tx:
+ txEnd(tid);
+ mutex_unlock(&JFS_IP(inode)->commit_mutex);
+ return rc;
diff --git a/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..bb56664
--- /dev/null
+++ b/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,56 @@
+From: Jan Kara <jack at suse.cz>
+Date: Thu, 22 Jun 2017 09:32:49 +0200
+Subject: reiserfs: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/6883cd7f68245e43e91e5ee583b7550abf14523f
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by moving posix_acl_update_mode() out of
+__reiserfs_set_acl() into reiserfs_set_acl(). That way the function will
+not be called when inheriting ACLs which is what we want as it prevents
+SGID bit clearing and the mode has been properly set by
+posix_acl_create() anyway.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+CC: reiserfs-devel at vger.kernel.org
+Signed-off-by: Jan Kara <jack at suse.cz>
+[bwh: Backported to 3.16: adjust context]
+---
+ fs/reiserfs/xattr_acl.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/fs/reiserfs/xattr_acl.c
++++ b/fs/reiserfs/xattr_acl.c
+@@ -37,7 +37,14 @@ reiserfs_set_acl(struct inode *inode, st
+ error = journal_begin(&th, inode->i_sb, jcreate_blocks);
+ reiserfs_write_unlock(inode->i_sb);
+ if (error == 0) {
++ if (type == ACL_TYPE_ACCESS && acl) {
++ error = posix_acl_update_mode(inode, &inode->i_mode,
++ &acl);
++ if (error)
++ goto unlock;
++ }
+ error = __reiserfs_set_acl(&th, inode, type, acl);
++unlock:
+ reiserfs_write_lock(inode->i_sb);
+ error2 = journal_end(&th);
+ reiserfs_write_unlock(inode->i_sb);
+@@ -245,11 +252,6 @@ __reiserfs_set_acl(struct reiserfs_trans
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name = POSIX_ACL_XATTR_ACCESS;
+- if (acl) {
+- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+- if (error)
+- return error;
+- }
+ break;
+ case ACL_TYPE_DEFAULT:
+ name = POSIX_ACL_XATTR_DEFAULT;
diff --git a/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
new file mode 100644
index 0000000..956e159
--- /dev/null
+++ b/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
@@ -0,0 +1,79 @@
+From: Jan Kara <jack at suse.cz>
+Date: Mon, 26 Jun 2017 08:48:18 -0700
+Subject: xfs: Don't clear SGID when inheriting ACLs
+Origin: https://git.kernel.org/linus/8ba358756aa08414fa9e65a1a41d28304ed6fd7f
+Bug-Debian: https://bugs.debian.org/873026
+
+When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
+set, DIR1 is expected to have SGID bit set (and owning group equal to
+the owning group of 'DIR0'). However when 'DIR0' also has some default
+ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
+'DIR1' to get cleared if user is not member of the owning group.
+
+Fix the problem by calling __xfs_set_acl() instead of xfs_set_acl() when
+setting up inode in xfs_generic_create(). That prevents SGID bit
+clearing and mode is properly set by posix_acl_create() anyway. We also
+reorder arguments of __xfs_set_acl() to match the ordering of
+xfs_set_acl() to make things consistent.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+CC: stable at vger.kernel.org
+CC: Darrick J. Wong <darrick.wong at oracle.com>
+CC: linux-xfs at vger.kernel.org
+Signed-off-by: Jan Kara <jack at suse.cz>
+Reviewed-by: Darrick J. Wong <darrick.wong at oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong at oracle.com>
+[bwh: Backported to 3.16: adjust context]
+---
+ fs/xfs/xfs_acl.c | 6 +++---
+ fs/xfs/xfs_acl.h | 1 +
+ fs/xfs/xfs_iops.c | 4 ++--
+ 3 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/fs/xfs/xfs_acl.c
++++ b/fs/xfs/xfs_acl.c
+@@ -176,8 +176,8 @@ out:
+ return acl;
+ }
+
+-STATIC int
+-__xfs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
++int
++__xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ {
+ struct xfs_inode *ip = XFS_I(inode);
+ unsigned char *ea_name;
+@@ -297,5 +297,5 @@ xfs_set_acl(struct inode *inode, struct
+ }
+
+ set_acl:
+- return __xfs_set_acl(inode, type, acl);
++ return __xfs_set_acl(inode, acl, type);
+ }
+--- a/fs/xfs/xfs_acl.h
++++ b/fs/xfs/xfs_acl.h
+@@ -61,6 +61,7 @@ struct xfs_acl {
+ #ifdef CONFIG_XFS_POSIX_ACL
+ extern struct posix_acl *xfs_get_acl(struct inode *inode, int type);
+ extern int xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
++extern int __xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
+ extern int posix_acl_access_exists(struct inode *inode);
+ extern int posix_acl_default_exists(struct inode *inode);
+ #else
+--- a/fs/xfs/xfs_iops.c
++++ b/fs/xfs/xfs_iops.c
+@@ -173,12 +173,12 @@ xfs_generic_create(
+
+ #ifdef CONFIG_XFS_POSIX_ACL
+ if (default_acl) {
+- error = -xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
++ error = -__xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
+ if (error)
+ goto out_cleanup_inode;
+ }
+ if (acl) {
+- error = -xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
++ error = -__xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
+ if (error)
+ goto out_cleanup_inode;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index cffa065..eab75e0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -247,6 +247,15 @@ bugfix/all/SUNRPC-fix-refcounting-problems-with-auth_gss-messag.patch
bugfix/all/ixgbe-do-not-call-check_link-for-ethtool-in-ixgbe_ge.patch
bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
+bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
+bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
+bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
# memfd_create() & kdbus backport
features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list