mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 12:26:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/mm
History
Christian Brauner 8a404e5b89 tmpfs: verify {g,u}id mount options correctly 
[ Upstream commit 0200679fc7 ]

A while ago we received the following report:

"The other outstanding issue I noticed comes from the fact that
fsconfig syscalls may occur in a different userns than that which
called fsopen. That means that resolving the uid/gid via
current_user_ns() can save a kuid that isn't mapped in the associated
namespace when the filesystem is finally mounted. This means that it
is possible for an unprivileged user to create files owned by any
group in a tmpfs mount (since we can set the SUID bit on the tmpfs
directory), or a tmpfs that is owned by any user, including the root
group/user."

The contract for {g,u}id mount options and {g,u}id values in general set
from userspace has always been that they are translated according to the
caller's idmapping. In so far, tmpfs has been doing the correct thing.
But since tmpfs is mountable in unprivileged contexts it is also
necessary to verify that the resulting {k,g}uid is representable in the
namespace of the superblock to avoid such bugs as above.

The new mount api's cross-namespace delegation abilities are already
widely used. After having talked to a bunch of userspace this is the
most faithful solution with minimal regression risks. I know of one
users - systemd - that makes use of the new mount api in this way and
they don't set unresolable {g,u}ids. So the regression risk is minimal.

Link: https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com
Fixes: f32356261d ("vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API")
Reviewed-by: "Seth Forshee (DigitalOcean)" <sforshee@kernel.org>
Reported-by: Seth Jenkins <sethjenkins@google.com>
Message-Id: <20230801-vfs-fs_context-uidgid-v1-1-daf46a050bbf@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-13 09:47:57 +02:00
..
damon mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
kasan kasan,kmsan: remove __GFP_KSWAPD_RECLAIM usage from kasan/kmsan 2023-08-11 12:14:24 +02:00
kfence mm: kfence: fix false positives on big endian 2023-05-17 15:24:33 -07:00
kmsan kasan,kmsan: remove __GFP_KSWAPD_RECLAIM usage from kasan/kmsan 2023-08-11 12:14:24 +02:00
backing-dev.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
balloon_compaction.c
bootmem_info.c
cma.c mm: move most of core MM initialization to mm/mm_init.c 2023-04-05 19:42:52 -07:00
cma.h
cma_debug.c
cma_sysfs.c mm: cma: make kobj_type structure constant 2023-03-28 16:20:06 -07:00
compaction.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
debug.c mm/debug: use %pGt to display page_type in dump_page() 2023-03-28 16:20:09 -07:00
debug_page_ref.c
debug_vm_pgtable.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
dmapool.c dmapool: link blocks across pages 2023-05-06 10:33:38 -07:00
dmapool_test.c dmapool: add alloc/free performance test 2023-04-05 19:42:38 -07:00
early_ioremap.c
fadvise.c
failslab.c
filemap.c Revert "page cache: fix page_cache_next/prev_miss off by one" 2023-08-11 12:14:23 +02:00
folio-compat.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
frontswap.c
gup.c mm/gup: reintroduce FOLL_NUMA as FOLL_HONOR_NUMA_FAULT 2023-08-30 14:52:36 +02:00
gup_test.c mm/gup_test: fix ioctl fail for compat task 2023-06-12 11:31:51 -07:00
gup_test.h
highmem.c
hmm.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
huge_memory.c mm/gup: reintroduce FOLL_NUMA as FOLL_HONOR_NUMA_FAULT 2023-08-30 14:52:36 +02:00
hugetlb.c hugetlb: do not clear hugetlb dtor until allocating vmemmap 2023-08-16 18:32:20 +02:00
hugetlb_cgroup.c mm/hugetlb: increase use of folios in alloc_huge_page() 2023-02-13 15:54:27 -08:00
hugetlb_vmemmap.c mm, page_alloc: use check_pages_enabled static key to check tail pages 2023-04-18 16:29:54 -07:00
hugetlb_vmemmap.h
hwpoison-inject.c
init-mm.c IOMMU Updates for Linux 6.4 2023-04-30 13:00:38 -07:00
internal.h mm/gup: handle cont-PTE hugetlb pages correctly in gup_must_unshare() via GUP-fast 2023-08-30 14:52:36 +02:00
interval_tree.c
io-mapping.c
ioremap.c
Kconfig mm: introduce new 'lock_mm_and_find_vma()' page fault helper 2023-07-01 13:12:38 +02:00
Kconfig.debug mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM 2023-05-29 16:14:28 +01:00
khugepaged.c mm/khugepaged: fix regression in collapse_file() 2023-07-01 13:12:40 +02:00
kmemleak.c lib/stackdepot, mm: rename stack_depot_want_early_init 2023-02-16 20:43:49 -08:00
ksm.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
list_lru.c
maccess.c mm: Fix copy_from_user_nofault(). 2023-04-12 17:36:23 -07:00
madvise.c madvise:madvise_free_pte_range(): don't use mapcount() against large folio for sharing check 2023-08-30 14:52:42 +02:00
Makefile - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
mapping_dirty_helpers.c
memblock.c mm: avoid passing 0 to __ffs() 2023-04-18 16:29:42 -07:00
memcontrol.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
memfd.c memfd: check for non-NULL file_seals in memfd_create() syscall 2023-06-19 13:19:31 -07:00
memory-failure.c mm: memory-failure: fix unexpected return value in soft_offline_page() 2023-08-30 14:52:39 +02:00
memory-tiers.c memory tier: release the new_memtier in find_create_memory_tier() 2023-02-09 16:51:40 -08:00
memory.c mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock 2023-08-11 12:14:05 +02:00
memory_hotplug.c mm: avoid passing 0 to __ffs() 2023-04-18 16:29:42 -07:00
mempolicy.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
mempool.c
memremap.c mm/memremap.c: fix outdated comment in devm_memremap_pages 2023-02-09 16:51:46 -08:00
memtest.c mm/memtest: add results of early memtest to /proc/meminfo 2023-04-05 19:42:55 -07:00
migrate.c Add support for new Linear Address Masking CPU feature. This is similar 2023-04-28 09:43:49 -07:00
migrate_device.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
mincore.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
mlock.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
mm_init.c mm/vmemmap/devdax: fix kernel crash when probing devdax devices 2023-04-18 16:30:09 -07:00
mm_slot.h
mmap.c mm: lock VMA in dup_anon_vma() before setting ->anon_vma 2023-08-03 10:26:14 +02:00
mmap_lock.c
mmu_gather.c mm: prefer xxx_page() alloc/free functions for order-0 pages 2023-03-28 16:20:16 -07:00
mmu_notifier.c
mmzone.c
mprotect.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
mremap.c mm/mremap: write-lock VMA while remapping it to a new address range 2023-04-05 20:02:58 -07:00
msync.c
nommu.c xtensa: fix lock_mm_and_find_vma in case VMA not found 2023-07-05 18:30:30 +01:00
oom_kill.c
page-writeback.c writeback: account the number of pages written back 2023-07-19 16:36:50 +02:00
page_alloc.c - Some DAMON cleanups from Kefeng Wang 2023-05-04 13:09:43 -07:00
page_counter.c
page_ext.c mm/page_ext: init page_ext early if there are no deferred struct pages 2023-02-02 22:33:22 -08:00
page_idle.c
page_io.c - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
page_isolation.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
page_owner.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
page_poison.c
page_reporting.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
page_reporting.h
page_table_check.c mm: page_table_check: Ensure user pages are not slab pages 2023-05-29 16:14:28 +01:00
page_vma_mapped.c
pagewalk.c mm: enable page walking API to lock vmas during the walk 2023-08-30 14:52:36 +02:00
percpu-internal.h mm: percpu: fix incorrect size in pcpu_obj_full_size() 2023-02-16 20:43:55 -08:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c mm: memcontrol: rename memcg_kmem_enabled() 2023-02-16 20:43:56 -08:00
pgalloc-track.h
pgtable-generic.c mm: add PTE pointer parameter to flush_tlb_fix_spurious_fault() 2023-03-28 16:20:12 -07:00
process_vm_access.c
ptdump.c
readahead.c
rmap.c mm,unmap: avoid flushing TLB in batch if PTE is inaccessible 2023-04-27 13:42:16 -07:00
rodata_test.c
secretmem.c - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
shmem.c tmpfs: verify {g,u}id mount options correctly 2023-09-13 09:47:57 +02:00
shrinker_debug.c Revert "mm: shrinkers: make count and scan in shrinker debugfs lockless" 2023-06-19 13:19:34 -07:00
shuffle.c
shuffle.h mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
slab.c mm: vmscan: refactor updating current->reclaim_state 2023-04-18 16:30:10 -07:00
slab.h kasan, slub: fix HW_TAGS zeroing with slub_debug 2023-07-23 13:53:54 +02:00
slab_common.c mm/slab: document kfree() as allowed for kmem_cache_alloc() objects 2023-03-29 10:35:41 +02:00
slub.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
sparse-vmemmap.c mm/vmemmap/devdax: fix kernel crash when probing devdax devices 2023-04-18 16:30:09 -07:00
sparse.c sparse: remove unnecessary 0 values from rc 2023-04-21 14:52:05 -07:00
swap.c mm: swap: fix performance regression on sparsetruncate-tiny 2023-04-16 10:41:24 -07:00
swap.h mm: remove the __swap_writepage return value 2023-02-02 22:33:33 -08:00
swap_cgroup.c
swap_slots.c
swap_state.c mm: return an ERR_PTR from __filemap_get_folio 2023-04-05 19:42:42 -07:00
swapfile.c sync mm-stable with mm-hotfixes-stable to pick up depended-upon upstream changes 2023-04-16 12:31:58 -07:00
truncate.c mm: return an ERR_PTR from __filemap_get_folio 2023-04-05 19:42:42 -07:00
usercopy.c mm: Fix copy_from_user_nofault(). 2023-04-12 17:36:23 -07:00
userfaultfd.c userfaultfd: use helper function range_in_vma() 2023-04-21 14:52:02 -07:00
util.c mm: uninline kstrdup() 2023-04-08 13:45:37 -07:00
vmalloc.c mm: add a call to flush_cache_vmap() in vmap_pfn() 2023-08-30 14:52:39 +02:00
vmpressure.c
vmscan.c mm: multi-gen LRU: don't spin during memcg release 2023-08-30 14:52:39 +02:00
vmstat.c mm: introduce per-VMA lock statistics 2023-04-05 20:03:01 -07:00
workingset.c mm: workingset: update description of the source file 2023-04-18 16:30:11 -07:00
z3fold.c
zbud.c
zpool.c zpool: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:54 -07:00
zsmalloc.c zsmalloc: fix races between modifications of fullness and isolated 2023-08-16 18:32:19 +02:00
zswap.c zswap: do not shrink if cgroup may not zswap 2023-06-12 11:31:52 -07:00