mirror of
https://github.com/torvalds/linux.git
synced 2024-12-26 12:52:30 +00:00
8a924db2d7
When vfs_getattr_nosec() calls a filesystem's getattr interface function
then the 'nosec' should propagate into this function so that
vfs_getattr_nosec() can again be called from the filesystem's gettattr
rather than vfs_getattr(). The latter would add unnecessary security
checks that the initial vfs_getattr_nosec() call wanted to avoid.
Therefore, introduce the getattr flag GETATTR_NOSEC and allow to pass
with the new getattr_flags parameter to the getattr interface function.
In overlayfs and ecryptfs use this flag to determine which one of the
two functions to call.
In a recent code change introduced to IMA vfs_getattr_nosec() ended up
calling vfs_getattr() in overlayfs, which in turn called
security_inode_getattr() on an exiting process that did not have
current->fs set anymore, which then caused a kernel NULL pointer
dereference. With this change the call to security_inode_getattr() can
be avoided, thus avoiding the NULL pointer dereference.
Reported-by: <syzbot+a67fc5321ffb4b311c98@syzkaller.appspotmail.com>
Fixes:
|
||
---|---|---|
.. | ||
crypto.c | ||
debug.c | ||
dentry.c | ||
ecryptfs_kernel.h | ||
file.c | ||
inode.c | ||
Kconfig | ||
keystore.c | ||
kthread.c | ||
main.c | ||
Makefile | ||
messaging.c | ||
miscdev.c | ||
mmap.c | ||
read_write.c | ||
super.c |