From: "Seth Forshee (DigitalOcean)" <sforshee@kernel.org>
To: gregkh@linuxfoundation.org
Cc: sforshee@kernel.org, brauner@kernel.org, stable@vger.kernel.org
Subject: [PATCH 5.15] filelocks: use mount idmapping for setlease permission check
Date: Mon, 13 Mar 2023 14:23:09 -0500 [thread overview]
Message-ID: <20230313192309.3988024-1-sforshee@kernel.org> (raw)
In-Reply-To: <1678704830213151@kroah.com>
From: Seth Forshee <sforshee@kernel.org>
[ Upstream commit 42d0c4bdf753063b6eec55415003184d3ca24f6e ]
A user should be allowed to take out a lease via an idmapped mount if
the fsuid matches the mapped uid of the inode. generic_setlease() is
checking the unmapped inode uid, causing these operations to be denied.
Fix this by comparing against the mapped inode uid instead of the
unmapped uid.
Fixes: 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP")
Cc: stable@vger.kernel.org
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
fs/locks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/locks.c b/fs/locks.c
index 82a4487e95b3..881fd16905c6 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1901,9 +1901,10 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp,
void **priv)
{
struct inode *inode = locks_inode(filp);
+ kuid_t uid = i_uid_into_mnt(file_mnt_user_ns(filp), inode);
int error;
- if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
+ if ((!uid_eq(current_fsuid(), uid)) && !capable(CAP_LEASE))
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
--
2.39.1
prev parent reply other threads:[~2023-03-13 19:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-13 10:53 FAILED: patch "[PATCH] filelocks: use mount idmapping for setlease permission check" failed to apply to 5.15-stable tree gregkh
2023-03-13 19:23 ` Seth Forshee (DigitalOcean) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230313192309.3988024-1-sforshee@kernel.org \
--to=sforshee@kernel.org \
--cc=brauner@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.