From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Thiago Rafael Becker <thiago.becker@gmail.com>,
Matthew Wilcox <mawilcox@microsoft.com>,
NeilBrown <neilb@suse.com>,
"J. Bruce Fields" <bfields@fieldses.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.4 08/22] kernel: make groups_sort calling a responsibility group_info allocators
Date: Mon, 8 Jan 2018 13:59:35 +0100 [thread overview]
Message-ID: <20180108125925.953788356@linuxfoundation.org> (raw)
In-Reply-To: <20180108125925.601688333@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thiago Rafael Becker <thiago.becker@gmail.com>
commit bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758 upstream.
In testing, we found that nfsd threads may call set_groups in parallel
for the same entry cached in auth.unix.gid, racing in the call of
groups_sort, corrupting the groups for that entry and leading to
permission denials for the client.
This patch:
- Make groups_sort globally visible.
- Move the call to groups_sort to the modifiers of group_info
- Remove the call to groups_sort from set_groups
Link: http://lkml.kernel.org/r/20171211151420.18655-1-thiago.becker@gmail.com
Signed-off-by: Thiago Rafael Becker <thiago.becker@gmail.com>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Acked-by: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/compat_linux.c | 1 +
fs/nfsd/auth.c | 3 +++
include/linux/cred.h | 1 +
kernel/groups.c | 5 +++--
kernel/uid16.c | 1 +
net/sunrpc/auth_gss/gss_rpc_xdr.c | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 1 +
net/sunrpc/svcauth_unix.c | 2 ++
8 files changed, 13 insertions(+), 2 deletions(-)
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -263,6 +263,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16,
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -59,6 +59,9 @@ int nfsd_setuser(struct svc_rqst *rqstp,
GROUP_AT(gi, i) = exp->ex_anon_gid;
else
GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
+
+ /* Each thread allocates its own gi, no race */
+ groups_sort(gi);
}
} else {
gi = get_group_info(rqgi);
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -87,6 +87,7 @@ extern int set_current_groups(struct gro
extern void set_groups(struct cred *, struct group_info *);
extern int groups_search(const struct group_info *, kgid_t);
extern bool may_setgroups(void);
+extern void groups_sort(struct group_info *);
/* access the groups "array" with this macro */
#define GROUP_AT(gi, i) \
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -101,7 +101,7 @@ static int groups_from_user(struct group
}
/* a simple Shell sort */
-static void groups_sort(struct group_info *group_info)
+void groups_sort(struct group_info *group_info)
{
int base, max, stride;
int gidsetsize = group_info->ngroups;
@@ -128,6 +128,7 @@ static void groups_sort(struct group_inf
stride /= 3;
}
}
+EXPORT_SYMBOL(groups_sort);
/* a simple bsearch */
int groups_search(const struct group_info *group_info, kgid_t grp)
@@ -159,7 +160,6 @@ int groups_search(const struct group_inf
void set_groups(struct cred *new, struct group_info *group_info)
{
put_group_info(new->group_info);
- groups_sort(group_info);
get_group_info(group_info);
new->group_info = group_info;
}
@@ -243,6 +243,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsi
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -190,6 +190,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidset
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -231,6 +231,7 @@ static int gssx_dec_linux_creds(struct x
goto out_free_groups;
GROUP_AT(creds->cr_group_info, i) = kgid;
}
+ groups_sort(creds->cr_group_info);
return 0;
out_free_groups:
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -481,6 +481,7 @@ static int rsc_parse(struct cache_detail
goto out;
GROUP_AT(rsci.cred.cr_group_info, i) = kgid;
}
+ groups_sort(rsci.cred.cr_group_info);
/* mech name */
len = qword_get(&mesg, buf, mlen);
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -520,6 +520,7 @@ static int unix_gid_parse(struct cache_d
GROUP_AT(ug.gi, i) = kgid;
}
+ groups_sort(ug.gi);
ugp = unix_gid_lookup(cd, uid);
if (ugp) {
struct cache_head *ch;
@@ -827,6 +828,7 @@ svcauth_unix_accept(struct svc_rqst *rqs
kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
GROUP_AT(cred->cr_group_info, i) = kgid;
}
+ groups_sort(cred->cr_group_info);
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
*authp = rpc_autherr_badverf;
return SVC_DENIED;
next prev parent reply other threads:[~2018-01-08 13:04 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-08 12:59 [PATCH 4.4 00/22] 4.4.111-stable review Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 01/22] x86/kasan: Write protect kasan zero shadow Greg Kroah-Hartman
2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 02/22] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 03/22] crypto: n2 - cure use after free Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 04/22] crypto: chacha20poly1305 - validate the digest size Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 05/22] crypto: pcrypt - fix freeing pcrypt instances Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 06/22] sunxi-rsb: Include OF based modalias in device uevent Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 07/22] fscache: Fix the default for fscache_maybe_release_page() Greg Kroah-Hartman
2018-01-08 12:59 ` Greg Kroah-Hartman [this message]
2018-01-08 12:59 ` [PATCH 4.4 09/22] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 10/22] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 11/22] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 12/22] ARC: uaccess: dont use "l" gcc inline asm constraint modifier Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 13/22] Input: elantech - add new icbody type 15 Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 14/22] x86/microcode/AMD: Add support for fam17h microcode loading Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 15/22] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 16/22] mtd: nand: pxa3xx: Fix READOOB implementation Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 17/22] x86/tlb: Drop the _GPL from the cpu_tlbstate export Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 18/22] genksyms: Handle string literals with spaces in reference files Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 19/22] module: keep percpu symbols in modules symtab Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 20/22] module: Issue warnings when tainting kernel Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 21/22] proc: much faster /proc/vmstat Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.4 22/22] Map the vsyscall page with _PAGE_USER Greg Kroah-Hartman
2018-01-08 14:25 ` [PATCH 4.4 00/22] 4.4.111-stable review Nathan Chancellor
2018-01-08 14:25 ` Nathan Chancellor
2018-01-08 16:32 ` Greg Kroah-Hartman
2018-01-08 15:21 ` 王金浦
2018-01-08 16:32 ` Greg Kroah-Hartman
2018-01-08 17:29 ` Christoph Biedl
2018-01-08 17:44 ` Borislav Petkov
2018-01-08 17:47 ` kernelci.org bot
2018-01-08 21:00 ` Shuah Khan
2018-01-08 23:29 ` Guenter Roeck
2018-01-09 9:13 ` Greg Kroah-Hartman
2018-01-09 9:23 ` Greg Kroah-Hartman
2018-01-09 13:50 ` Guenter Roeck
2018-01-09 9:51 ` Naresh Kamboju
2018-01-09 10:50 ` Greg Kroah-Hartman
2018-01-09 16:16 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180108125925.953788356@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mawilcox@microsoft.com \
--cc=neilb@suse.com \
--cc=schwidefsky@de.ibm.com \
--cc=stable@vger.kernel.org \
--cc=thiago.becker@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.