On Sat, Jun 22, 2019 at 09:03:45PM -0400, Sasha Levin wrote:
> On Fri, Jun 21, 2019 at 11:15:47AM +0300, Amir Goldstein wrote:
> > On Thu, Jun 13, 2019 at 11:49 AM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
> > >
> > > On Sun, Jun 9, 2019 at 12:45 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > >
> > > > The patch below does not apply to the 5.1-stable tree.
> > > > If someone wants it applied there, or to any other stable or longterm
> > > > tree, then please email the backport, including the original git commit
> > > > id to <stable@xxxxxxxxxxxxxxx>.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > > >
> > >
> > > FYI, the failure to apply this patch would be resolved after you
> > > picked up "ovl: check the capability before cred overridden" for
> > > stable, please hold off from taking this patch just yet, because
> > > it has a bug, whose fix wasn't picked upstream yet.
> > >
> >
> > Greg,
> >
> > Please apply these patches to stable 4.19.
> > They fix a docker regression (project quotas feature).
> >
> > b21d9c435f93 ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
> > 941d935ac763 ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
> >
> > They apply cleanly and tested on v4.19.53.
>
> I've queued these for 4.19.
>
> > While at it, I also tested that the following patches apply cleanly and solve
> > relevant issues on v4.19.53, but they are not clear stable candidates.
> >
> > 1) /proc/locks shows incorrect ino. Only reported by xfstests (so far):
> > 6dde1e42f497 ovl: make i_ino consistent with st_ino in more cases
>
> And this.
>
> > 2) Fix output of `modinfo overlay`:
> > 253e74833911 ovl: fix typo in MODULE_PARM_DESC
>
> But not this one. Maybe we should be including these in stable trees
> since the risk factor is low and it fixes something user-visible, but
> our current rules object this this kind of patches so I've left it out.
>
> > 3) Disallow bogus layer combinations.
> > syzbot has started to produce repros that create bogus layer combinations.
> > So far it has only been able to reproduce a WARN_ON, which has already
> > been fixed in stable, by acf3062a7e1c ("ovl: relax WARN_ON()..."), but
> > other real bugs could be lurking if those setups are allowed.
> > We decided to detect and error on these setups on mount, to stop syzbot
> > (and attackers) from trying to attack overlayfs this way.
> > To stop syzbot from mutating this class of repros on stable kernel you
> > MAY apply these 3 patches, but in any case, I would wait a while to see
> > if more bugs are reported on master.
> > Although this solves a problem dating before 4.19, I have no plans
> > of backporting these patches further back.
> >
> > 146d62e5a586 ovl: detect overlapping layers
> > 9179c21dc6ed ovl: don't fail with disconnected lower NFS
> > 1dac6f5b0ed2 ovl: fix bogus -Wmaybe-unitialized warning
>
> I've queued these 3 for 4.19.
What about the ones that are needed for 5.1?
thanks,
greg k-h
