On Thu, Apr 07, 2022 at 10:18:58AM +0300, Ovidiu Panait wrote: > CVE-2021-4197 patchset consists of: > [1] 1756d7994ad8 ("cgroup: Use open-time credentials for process migraton perm checks") > [2] 0d2b5955b362 ("cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv") > [3] e57457641613 ("cgroup: Use open-time cgroup namespace for process migration perm checks") > [4] b09c2baa5634 ("selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644") > [5] 613e040e4dc2 ("selftests: cgroup: Test open-time credential usage for migration checks") > [6] bf35a7879f1d ("selftests: cgroup: Test open-time cgroup namespace usage for migration checks") > > Commits [1], [2] and [3] are already present in 5.15-stable, this patchset > includes backports for the selftests. All patches are clean cherry-picks. > > The newly introduced selftests (test_cgcore_lesser_euid_open() and > test_cgcore_lesser_ns_open()) pass with this series applied: > > root@intel-x86-64:~# ./test_core > ok 1 test_cgcore_internal_process_constraint > ok 2 test_cgcore_top_down_constraint_enable > ok 3 test_cgcore_top_down_constraint_disable > ok 4 test_cgcore_no_internal_process_constraint_os > ok 5 test_cgcore_parent_becomes_threaded > ok 6 test_cgcore_invalid_domain > ok 7 test_cgcore_populated > ok 8 test_cgcore_proc_migration > ok 9 test_cgcore_thread_migration > ok 10 test_cgcore_destroy > ok 11 test_cgcore_lesser_euid_open > ok 12 test_cgcore_lesser_ns_open > > > Tejun Heo (3): > selftests: cgroup: Make cg_create() use 0755 for permission instead of > 0644 > selftests: cgroup: Test open-time credential usage for migration > checks > selftests: cgroup: Test open-time cgroup namespace usage for migration > checks > > tools/testing/selftests/cgroup/cgroup_util.c | 2 +- > tools/testing/selftests/cgroup/test_core.c | 165 +++++++++++++++++++ > 2 files changed, 166 insertions(+), 1 deletion(-) > > -- > 2.25.1 > All now queued up, thanks! greg k-h