On Sun, Jun 23, 2019 at 10:29:16PM +0200, Greg KH wrote:
On Sat, Jun 22, 2019 at 09:03:45PM -0400, Sasha Levin wrote:On Fri, Jun 21, 2019 at 11:15:47AM +0300, Amir Goldstein wrote: > On Thu, Jun 13, 2019 at 11:49 AM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > > On Sun, Jun 9, 2019 at 12:45 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > > The patch below does not apply to the 5.1-stable tree. > > > If someone wants it applied there, or to any other stable or longterm > > > tree, then please email the backport, including the original git commit > > > id to <stable@xxxxxxxxxxxxxxx>. > > > > > > thanks, > > > > > > greg k-h > > > > > > > FYI, the failure to apply this patch would be resolved after you > > picked up "ovl: check the capability before cred overridden" for > > stable, please hold off from taking this patch just yet, because > > it has a bug, whose fix wasn't picked upstream yet. > > > > Greg, > > Please apply these patches to stable 4.19. > They fix a docker regression (project quotas feature). > > b21d9c435f93 ovl: support the FS_IOC_FS[SG]ETXATTR ioctls > 941d935ac763 ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls > > They apply cleanly and tested on v4.19.53. I've queued these for 4.19. > While at it, I also tested that the following patches apply cleanly and solve > relevant issues on v4.19.53, but they are not clear stable candidates. > > 1) /proc/locks shows incorrect ino. Only reported by xfstests (so far): > 6dde1e42f497 ovl: make i_ino consistent with st_ino in more cases And this. > 2) Fix output of `modinfo overlay`: > 253e74833911 ovl: fix typo in MODULE_PARM_DESC But not this one. Maybe we should be including these in stable trees since the risk factor is low and it fixes something user-visible, but our current rules object this this kind of patches so I've left it out. > 3) Disallow bogus layer combinations. > syzbot has started to produce repros that create bogus layer combinations. > So far it has only been able to reproduce a WARN_ON, which has already > been fixed in stable, by acf3062a7e1c ("ovl: relax WARN_ON()..."), but > other real bugs could be lurking if those setups are allowed. > We decided to detect and error on these setups on mount, to stop syzbot > (and attackers) from trying to attack overlayfs this way. > To stop syzbot from mutating this class of repros on stable kernel you > MAY apply these 3 patches, but in any case, I would wait a while to see > if more bugs are reported on master. > Although this solves a problem dating before 4.19, I have no plans > of backporting these patches further back. > > 146d62e5a586 ovl: detect overlapping layers > 9179c21dc6ed ovl: don't fail with disconnected lower NFS > 1dac6f5b0ed2 ovl: fix bogus -Wmaybe-unitialized warning I've queued these 3 for 4.19.What about the ones that are needed for 5.1?
Ah yes, I haven't realized that the syzkaller ones are needed for 5.1. I'll queue them up. -- Thanks, Sasha
