From 505309702adc003c2ee4eeced3b33741eede1771 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Mon, 15 Mar 2021 17:47:44 +0800 Subject: [PATCH] ovl: call secutiry hook in ovl_real_ioctl() mainline inclusion from mainline-v5.8-rc1 commit 292f902a40c11f043a5ca1305a114da0e523eaa3 category: bugfix bugzilla: NA CVE: CVE-2020-16120 -------------------------------- Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do it. [Stephen Rothwell] export security_file_ioctl Signed-off-by: Miklos Szeredi Conflicts: fs/overlayfs/file.c [yyl: adjust context] Signed-off-by: Yang Yingliang Reviewed-by: zhangyi (F) Signed-off-by: Yang Yingliang Signed-off-by: Cheng Jian --- fs/overlayfs/file.c | 5 ++++- security/security.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 83cc52871307..fb5595e680d1 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "overlayfs.h" static char ovl_whatisit(struct inode *inode, struct inode *realinode) @@ -403,7 +404,9 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd, return ret; old_cred = ovl_override_creds(file_inode(file)->i_sb); - ret = vfs_ioctl(real.file, cmd, arg); + ret = security_file_ioctl(real.file, cmd, arg); + if (!ret) + ret = vfs_ioctl(real.file, cmd, arg); revert_creds(old_cred); fdput(real); diff --git a/security/security.c b/security/security.c index 5ce2448f3a45..9e4d6c999c79 100644 --- a/security/security.c +++ b/security/security.c @@ -893,6 +893,7 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { return call_int_hook(file_ioctl, 0, file, cmd, arg); } +EXPORT_SYMBOL_GPL(security_file_ioctl); static inline unsigned long mmap_prot(struct file *file, unsigned long prot) { -- GitLab