On Mon, Jun 24, 2019 at 07:52:11AM +0300, Amir Goldstein wrote:
> On Mon, Jun 24, 2019 at 3:34 AM Sasha Levin <sashal@xxxxxxxxxx> wrote:
> >
> > On Sun, Jun 23, 2019 at 10:29:16PM +0200, Greg KH wrote:
> > >On Sat, Jun 22, 2019 at 09:03:45PM -0400, Sasha Levin wrote:
> > >> On Fri, Jun 21, 2019 at 11:15:47AM +0300, Amir Goldstein wrote:
> > >> > On Thu, Jun 13, 2019 at 11:49 AM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
> > >> > >
> > >> > > On Sun, Jun 9, 2019 at 12:45 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > >> > > >
> > >> > > >
> > >> > > > The patch below does not apply to the 5.1-stable tree.
> > >> > > > If someone wants it applied there, or to any other stable or longterm
> > >> > > > tree, then please email the backport, including the original git commit
> > >> > > > id to <stable@xxxxxxxxxxxxxxx>.
> > >> > > >
> > >> > > > thanks,
> > >> > > >
> > >> > > > greg k-h
> > >> > > >
> > >> > >
> > >> > > FYI, the failure to apply this patch would be resolved after you
> > >> > > picked up "ovl: check the capability before cred overridden" for
> > >> > > stable, please hold off from taking this patch just yet, because
> > >> > > it has a bug, whose fix wasn't picked upstream yet.
> > >> > >
> > >> >
> > >> > Greg,
> > >> >
> > >> > Please apply these patches to stable 4.19.
> > >> > They fix a docker regression (project quotas feature).
> > >> >
> > >> > b21d9c435f93 ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
> > >> > 941d935ac763 ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
> > >> >
> > >> > They apply cleanly and tested on v4.19.53.
> > >>
> > >> I've queued these for 4.19.
> > >>
> > >> > While at it, I also tested that the following patches apply cleanly and solve
> > >> > relevant issues on v4.19.53, but they are not clear stable candidates.
> > >> >
> > >> > 1) /proc/locks shows incorrect ino. Only reported by xfstests (so far):
> > >> > 6dde1e42f497 ovl: make i_ino consistent with st_ino in more cases
> > >>
> > >> And this.
> > >>
> > >> > 2) Fix output of `modinfo overlay`:
> > >> > 253e74833911 ovl: fix typo in MODULE_PARM_DESC
> > >>
> > >> But not this one. Maybe we should be including these in stable trees
> > >> since the risk factor is low and it fixes something user-visible, but
> > >> our current rules object this this kind of patches so I've left it out.
> > >>
> > >> > 3) Disallow bogus layer combinations.
> > >> > syzbot has started to produce repros that create bogus layer combinations.
> > >> > So far it has only been able to reproduce a WARN_ON, which has already
> > >> > been fixed in stable, by acf3062a7e1c ("ovl: relax WARN_ON()..."), but
> > >> > other real bugs could be lurking if those setups are allowed.
> > >> > We decided to detect and error on these setups on mount, to stop syzbot
> > >> > (and attackers) from trying to attack overlayfs this way.
> > >> > To stop syzbot from mutating this class of repros on stable kernel you
> > >> > MAY apply these 3 patches, but in any case, I would wait a while to see
> > >> > if more bugs are reported on master.
> > >> > Although this solves a problem dating before 4.19, I have no plans
> > >> > of backporting these patches further back.
> > >> >
> > >> > 146d62e5a586 ovl: detect overlapping layers
> > >> > 9179c21dc6ed ovl: don't fail with disconnected lower NFS
> > >> > 1dac6f5b0ed2 ovl: fix bogus -Wmaybe-unitialized warning
> > >>
> > >> I've queued these 3 for 4.19.
> > >
> > >What about the ones that are needed for 5.1?
> >
> > Ah yes, I haven't realized that the syzkaller ones are needed for 5.1.
> > I'll queue them up.
> >
>
> I don't think syzkaller ones are more relevant to 5.1 then the rest of
> the patches applied to 4.19. If anything, its the other way around.
> According to syzbot dashboard, it is being run on LTS kernels, not on
> latest stable.
>
> Please forgive me if my language caused confusion, when I said
> "please apply to 4.19" I meant 4.19+.
So is anything else needed to be done here, or are we all caught up and
everything merged properly?
thanks,
greg k-h
