From 147fa3aac6890e2fedf33bb9f7156013556b8d54 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Tue, 16 Mar 2021 20:56:05 +0800 Subject: [PATCH] ovl: call secutiry hook in ovl_real_ioctl() mainline inclusion from mainline-v5.8-rc1 commit 292f902a40c11f043a5ca1305a114da0e523eaa3 category: bugfix bugzilla: NA CVE: CVE-2020-16120 -------------------------------- Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do it. [Stephen Rothwell] export security_file_ioctl Signed-off-by: Miklos Szeredi Conflicts: fs/overlayfs/file.c [yyl: adjust context] Signed-off-by: Yang Yingliang Reviewed-by: zhangyi (F) Signed-off-by: Yang Yingliang Acked-by: Xie XiuQi Signed-off-by: Cheng Jian --- fs/overlayfs/file.c | 5 ++++- security/security.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 73c3e2c21edb..b4ab06c3f3c6 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "overlayfs.h" static char ovl_whatisit(struct inode *inode, struct inode *realinode) @@ -403,7 +404,9 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd, return ret; old_cred = ovl_override_creds(file_inode(file)->i_sb); - ret = vfs_ioctl(real.file, cmd, arg); + ret = security_file_ioctl(real.file, cmd, arg); + if (!ret) + ret = vfs_ioctl(real.file, cmd, arg); revert_creds(old_cred); fdput(real); diff --git a/security/security.c b/security/security.c index 17e2bed11bf7..b4f8c0956882 100644 --- a/security/security.c +++ b/security/security.c @@ -877,6 +877,7 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { return call_int_hook(file_ioctl, 0, file, cmd, arg); } +EXPORT_SYMBOL_GPL(security_file_ioctl); static inline unsigned long mmap_prot(struct file *file, unsigned long prot) { -- GitLab