On Thu, Aug 29, 2024 at 02:11:57PM +0200, Pavel Machek wrote: > On Thu 2024-08-29 13:52:59, Greg Kroah-Hartman wrote: > > On Thu, Aug 29, 2024 at 01:37:40PM +0200, Pavel Machek wrote: > > > > Christian Brauner <brauner@xxxxxxxxxx> > > > > binfmt_misc: cleanup on filesystem umount > > > > > > Changelog explains how this may cause problems. It does not fix a > > > bug. It is overly long. It does not have proper signoff by stable team. > > > > The sign off is there, it's just further down than you might expect. > > Is it? Who signed this off for stable? > > cf7602cbd58246d02a8544e4f107658fe846137a > > In line with our general policy, if we see a regression for systemd or > other users with this change we will switch back to the old behavior for > the initial binfmt_misc mount and have binary types pin the filesystem > again. But while we touch this code let's take the chance and let's > improve on the status quo. > > [1]: https://lore.kernel.org/r/20191216091220.465626-2-laurent@xxxxxxxxx > [2]: commit 43a4f2619038 ("exec: binfmt_misc: fix race between load_misc_binary() and kill_node()" > [3]: commit 83f918274e4b ("exec: binfmt_misc: shift filp_close(interp_file) from kill_node() to bm_evict_inode()") > [4]: commit f0fe2c0f050d ("binder: prevent UAF for binderfs devices II") > > Link: https://lore.kernel.org/r/20211028103114.2849140-1-brauner@xxxxxxxxxx (v1) > Cc: Sargun Dhillon <sargun@xxxxxxxxx> > Cc: Serge Hallyn <serge@xxxxxxxxxx> > Cc: Jann Horn <jannh@xxxxxxxxxx> > Cc: Henning Schild <henning.schild@xxxxxxxxxxx> > Cc: Andrei Vagin <avagin@xxxxxxxxx> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: Laurent Vivier <laurent@xxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Acked-by: Serge Hallyn <serge@xxxxxxxxxx> > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> > Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > If you look at the actual patch in our tree, it shows this, and was in the original email. Yes, git stripped it off here, but really, you should be saying "Hey, something looks wrong here, the patch has it but the git commit does not", which would have been a lot more helpful... Anyway, I'll go fix this up in the quilt tree now, thanks. greg k-h