On Fri, Jun 21, 2019 at 11:15:47AM +0300, Amir Goldstein wrote:
On Thu, Jun 13, 2019 at 11:49 AM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
On Sun, Jun 9, 2019 at 12:45 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
> The patch below does not apply to the 5.1-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
>
FYI, the failure to apply this patch would be resolved after you
picked up "ovl: check the capability before cred overridden" for
stable, please hold off from taking this patch just yet, because
it has a bug, whose fix wasn't picked upstream yet.
Greg,
Please apply these patches to stable 4.19.
They fix a docker regression (project quotas feature).
b21d9c435f93 ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
941d935ac763 ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
They apply cleanly and tested on v4.19.53.
I've queued these for 4.19.
While at it, I also tested that the following patches apply cleanly and solve
relevant issues on v4.19.53, but they are not clear stable candidates.
1) /proc/locks shows incorrect ino. Only reported by xfstests (so far):
6dde1e42f497 ovl: make i_ino consistent with st_ino in more cases
And this.
2) Fix output of `modinfo overlay`:
253e74833911 ovl: fix typo in MODULE_PARM_DESC
But not this one. Maybe we should be including these in stable trees
since the risk factor is low and it fixes something user-visible, but
our current rules object this this kind of patches so I've left it out.
3) Disallow bogus layer combinations.
syzbot has started to produce repros that create bogus layer combinations.
So far it has only been able to reproduce a WARN_ON, which has already
been fixed in stable, by acf3062a7e1c ("ovl: relax WARN_ON()..."), but
other real bugs could be lurking if those setups are allowed.
We decided to detect and error on these setups on mount, to stop syzbot
(and attackers) from trying to attack overlayfs this way.
To stop syzbot from mutating this class of repros on stable kernel you
MAY apply these 3 patches, but in any case, I would wait a while to see
if more bugs are reported on master.
Although this solves a problem dating before 4.19, I have no plans
of backporting these patches further back.
146d62e5a586 ovl: detect overlapping layers
9179c21dc6ed ovl: don't fail with disconnected lower NFS
1dac6f5b0ed2 ovl: fix bogus -Wmaybe-unitialized warning
I've queued these 3 for 4.19.
--
Thanks,
Sasha