ACK/Cmnt: [Xenial][Bionic][SRU][PATCH 0/1] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

Stefan Bader stefan.bader at canonical.com
Mon Nov 5 14:24:03 UTC 2018


On 24.10.18 08:54, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1786729
> 
> == Justification ==
> The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc
> ("Introduce v3 namespaced file capabilities"), should use
> d_find_any_alias() instead of d_find_alias() do handle unhashed dentry
> correctly. This is needed, for example, if execveat() is called with an
> open but unlinked overlayfs file, because overlayfs unhashes dentry on
> unlink.
> This is a regression of real life application, first reported at
> https://www.spinics.net/lists/linux-unionfs/msg05363.html
> 
> With the execveat03 test in the LTP test suite on an affected kernel, it will fail with:
> <<<test_start>>>
> tag=execveat03 stime=1534135632
> cmdline="execveat03"
> contacts=""
> analysis=exit
> <<<test_output>>>
> incrementing stop
> tst_test.c:1017: INFO: Timeout per run is 0h 05m 00s
> execveat03.c:70: FAIL: execveat() returned unexpected errno: EINVAL
> 
> Summary:
> passed 0
> failed 1
> skipped 0
> warnings 0
> 
> == Fix ==
> 355139a8 (cap_inode_getsecurity: use d_find_any_alias() instead of
>  d_find_alias())
> 
> It can be cherry-picked for Bionic, but it needs to be backported to Xenial along with the logic when we backport 8db6c34f1dbc (bug 1778286).
> 
> The test kernel for Xenial / Bionic could be found here:
> http://people.canonical.com/~phlin/kernel/lp-1786729-execveat03/
> 
> This patch has already been cherry-picked into Cosmic and Unstable.
> 
> == Regression Potential ==
> Low, this patch just uses a correct function to handle unhashed dentry, and it's been applied in both upstream and our newer kernel.
> 
> == Test Case ==
> Run the reproducer in the commit message, or,
> run the execveat03 test in ubuntu_ltp_syscalls test suite. And it will pass with the patched kernel.
> 
> 
> 
> Eddie.Horng (1):
>   cap_inode_getsecurity: use d_find_any_alias() instead of
>     d_find_alias()
> 
>  security/commoncap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Just wondering about the state of linux-aws in the related bug report. I think
there are probably no guidelines on it but I would say if something is not
urgently needed for a derivative and also present in the master kernel, then I
would suggest to only keep a linux task. Or maybe I do not understand fully what
you tried to achieve.

-Stefan

Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181105/6bf5f708/attachment.sig>


More information about the kernel-team mailing list