ACK/Cmnt: [Xenial][Bionic][SRU][PATCH 0/1] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
stefan.bader at canonical.com
Mon Nov 5 14:24:03 UTC 2018
On 24.10.18 08:54, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1786729
> == Justification ==
> The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc
> ("Introduce v3 namespaced file capabilities"), should use
> d_find_any_alias() instead of d_find_alias() do handle unhashed dentry
> correctly. This is needed, for example, if execveat() is called with an
> open but unlinked overlayfs file, because overlayfs unhashes dentry on
> This is a regression of real life application, first reported at
> With the execveat03 test in the LTP test suite on an affected kernel, it will fail with:
> tag=execveat03 stime=1534135632
> incrementing stop
> tst_test.c:1017: INFO: Timeout per run is 0h 05m 00s
> execveat03.c:70: FAIL: execveat() returned unexpected errno: EINVAL
> passed 0
> failed 1
> skipped 0
> warnings 0
> == Fix ==
> 355139a8 (cap_inode_getsecurity: use d_find_any_alias() instead of
> It can be cherry-picked for Bionic, but it needs to be backported to Xenial along with the logic when we backport 8db6c34f1dbc (bug 1778286).
> The test kernel for Xenial / Bionic could be found here:
> This patch has already been cherry-picked into Cosmic and Unstable.
> == Regression Potential ==
> Low, this patch just uses a correct function to handle unhashed dentry, and it's been applied in both upstream and our newer kernel.
> == Test Case ==
> Run the reproducer in the commit message, or,
> run the execveat03 test in ubuntu_ltp_syscalls test suite. And it will pass with the patched kernel.
> Eddie.Horng (1):
> cap_inode_getsecurity: use d_find_any_alias() instead of
> security/commoncap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Just wondering about the state of linux-aws in the related bug report. I think
there are probably no guidelines on it but I would say if something is not
urgently needed for a derivative and also present in the master kernel, then I
would suggest to only keep a linux task. Or maybe I do not understand fully what
you tried to achieve.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the kernel-team