!1784 tun/tap: fix CVE-2023-4194

Merge Pull Request from: @ci-robot 
 
PR sync from: Dong Chenchen <dongchenchen2@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/MJIVQQT72SAC5DJW7GDQSSZ7RNT3AMPF/ 
The original patches fixing CVE-2023-1076 are incorrect.
The patches in this series are supposed to "re-fix" CVE-2023-1076
New CVE is CVE-2023-4194.

Laszlo Ersek (2):
  net: tun_chr_open(): set sk_uid from current_fsuid()
  net: tap_open(): set sk_uid from current_fsuid()


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I7QXHX 
 
Link:https://gitee.com/openeuler/kernel/pulls/1784 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> 

drivers/net/tap.c

@@ -523,7 +523,7 @@ static int tap_open(struct inode *inode, struct file *file)
 	q->sock.state = SS_CONNECTED;
 	q->sock.file = file;
 	q->sock.ops = &tap_socket_ops;
-	sock_init_data_uid(&q->sock, &q->sk, inode->i_uid);
+	sock_init_data_uid(&q->sock, &q->sk, current_fsuid());
 	q->sk.sk_write_space = tap_sock_write_space;
 	q->sk.sk_destruct = tap_sock_destruct;
 	q->flags = IFF_VNET_HDR | IFF_NO_PI | IFF_TAP;

drivers/net/tun.c

@@ -3456,7 +3456,7 @@ static int tun_chr_open(struct inode *inode, struct file * file)
 	tfile->socket.file = file;
 	tfile->socket.ops = &tun_socket_ops;
 
-	sock_init_data_uid(&tfile->socket, &tfile->sk, inode->i_uid);
+	sock_init_data_uid(&tfile->socket, &tfile->sk, current_fsuid());
 
 	tfile->sk.sk_write_space = tun_sock_write_space;
 	tfile->sk.sk_sndbuf = INT_MAX;