All of lore.kernel.org
 help / color / mirror / Atom feed
* FAILED: patch "[PATCH] filelocks: use mount idmapping for setlease permission check" failed to apply to 5.15-stable tree
@ 2023-03-13 10:53 gregkh
  2023-03-13 19:23 ` [PATCH 5.15] filelocks: use mount idmapping for setlease permission check Seth Forshee (DigitalOcean)
  0 siblings, 1 reply; 2+ messages in thread
From: gregkh @ 2023-03-13 10:53 UTC (permalink / raw)
  To: sforshee, brauner; +Cc: stable


The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

To reproduce the conflict and resubmit, you may use the following commands:

git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 42d0c4bdf753063b6eec55415003184d3ca24f6e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '1678704830213151@kroah.com' --subject-prefix 'PATCH 5.15.y' HEAD^..

Possible dependencies:

42d0c4bdf753 ("filelocks: use mount idmapping for setlease permission check")
c65454a94726 ("fs: remove locks_inode")
5970e15dbcfe ("filelock: move file locking definitions to separate header file")
8e1858710d9a ("ceph: avoid use-after-free in ceph_fl_release_lock()")
461ab10ef7e6 ("ceph: switch to vfs_inode_has_locks() to fix file lock bug")
6a518afcc206 ("Merge tag 'fs.acl.rework.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping")

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 42d0c4bdf753063b6eec55415003184d3ca24f6e Mon Sep 17 00:00:00 2001
From: Seth Forshee <sforshee@kernel.org>
Date: Thu, 9 Mar 2023 14:39:09 -0600
Subject: [PATCH] filelocks: use mount idmapping for setlease permission check

A user should be allowed to take out a lease via an idmapped mount if
the fsuid matches the mapped uid of the inode. generic_setlease() is
checking the unmapped inode uid, causing these operations to be denied.

Fix this by comparing against the mapped inode uid instead of the
unmapped uid.

Fixes: 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP")
Cc: stable@vger.kernel.org
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

diff --git a/fs/locks.c b/fs/locks.c
index d82c4cacdfb9..df8b26a42524 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1863,9 +1863,10 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp,
 			void **priv)
 {
 	struct inode *inode = file_inode(filp);
+	vfsuid_t vfsuid = i_uid_into_vfsuid(file_mnt_idmap(filp), inode);
 	int error;
 
-	if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
+	if ((!vfsuid_eq_kuid(vfsuid, current_fsuid())) && !capable(CAP_LEASE))
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-13 19:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-13 10:53 FAILED: patch "[PATCH] filelocks: use mount idmapping for setlease permission check" failed to apply to 5.15-stable tree gregkh
2023-03-13 19:23 ` [PATCH 5.15] filelocks: use mount idmapping for setlease permission check Seth Forshee (DigitalOcean)

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.