[Xenial][Bionic][SRU][PATCH 0/1] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

[Po-Hsu Lin]

BugLink: https://bugs.launchpad.net/bugs/1786729

== Justification ==
The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc
("Introduce v3 namespaced file capabilities"), should use
d_find_any_alias() instead of d_find_alias() do handle unhashed dentry
correctly. This is needed, for example, if execveat() is called with an
open but unlinked overlayfs file, because overlayfs unhashes dentry on
unlink.
This is a regression of real life application, first reported at
https://www.spinics.net/lists/linux-unionfs/msg05363.html

With the execveat03 test in the LTP test suite on an affected kernel, it will fail with:
<<<test_start>>>
tag=execveat03 stime=1534135632
cmdline="execveat03"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
tst_test.c:1017: INFO: Timeout per run is 0h 05m 00s
execveat03.c:70: FAIL: execveat() returned unexpected errno: EINVAL

Summary:
passed 0
failed 1
skipped 0
warnings 0

== Fix ==
355139a8 (cap_inode_getsecurity: use d_find_any_alias() instead of
 d_find_alias())

It can be cherry-picked for Bionic, but it needs to be backported to Xenial along with the logic when we backport 8db6c34f1dbc (bug 1778286).

The test kernel for Xenial / Bionic could be found here:
http://people.canonical.com/~phlin/kernel/lp-1786729-execveat03/

This patch has already been cherry-picked into Cosmic and Unstable.

== Regression Potential ==
Low, this patch just uses a correct function to handle unhashed dentry, and it's been applied in both upstream and our newer kernel.

== Test Case ==
Run the reproducer in the commit message, or,
run the execveat03 test in ubuntu_ltp_syscalls test suite. And it will pass with the patched kernel.



Eddie.Horng (1):
  cap_inode_getsecurity: use d_find_any_alias() instead of
    d_find_alias()

 security/commoncap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.7.4