tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'landlock-6.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock fix from Mickaël Salaün:
"This fixes a wrong path walk triggered by syzkaller"

* tag 'landlock-6.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
selftests/landlock: Add layout1.refer_mount_root
landlock: Fix d_parent walk

Linus Torvalds d9aab0b1 cc8ed4d0

+56 -2
+11 -2
security/landlock/fs.c
··· 1110 1110 bool allow_parent1, allow_parent2; 1111 1111 access_mask_t access_request_parent1, access_request_parent2; 1112 1112 struct path mnt_dir; 1113 + struct dentry *old_parent; 1113 1114 layer_mask_t layer_masks_parent1[LANDLOCK_NUM_ACCESS_FS] = {}, 1114 1115 layer_masks_parent2[LANDLOCK_NUM_ACCESS_FS] = {}; 1115 1116 ··· 1158 1157 mnt_dir.mnt = new_dir->mnt; 1159 1158 mnt_dir.dentry = new_dir->mnt->mnt_root; 1160 1159 1160 + /* 1161 + * old_dentry may be the root of the common mount point and 1162 + * !IS_ROOT(old_dentry) at the same time (e.g. with open_tree() and 1163 + * OPEN_TREE_CLONE). We do not need to call dget(old_parent) because 1164 + * we keep a reference to old_dentry. 1165 + */ 1166 + old_parent = (old_dentry == mnt_dir.dentry) ? old_dentry : 1167 + old_dentry->d_parent; 1168 + 1161 1169 /* new_dir->dentry is equal to new_dentry->d_parent */ 1162 - allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, 1163 - old_dentry->d_parent, 1170 + allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, old_parent, 1164 1171 &layer_masks_parent1); 1165 1172 allow_parent2 = collect_domain_accesses( 1166 1173 dom, mnt_dir.dentry, new_dir->dentry, &layer_masks_parent2);
+45
tools/testing/selftests/landlock/fs_test.c
··· 35 35 * See https://sourceware.org/glibc/wiki/Synchronizing_Headers. 36 36 */ 37 37 #include <linux/fs.h> 38 + #include <linux/mount.h> 38 39 39 40 #include "common.h" 40 41 ··· 45 44 { 46 45 return syscall(__NR_renameat2, olddirfd, oldpath, newdirfd, newpath, 47 46 flags); 47 + } 48 + #endif 49 + 50 + #ifndef open_tree 51 + int open_tree(int dfd, const char *filename, unsigned int flags) 52 + { 53 + return syscall(__NR_open_tree, dfd, filename, flags); 48 54 } 49 55 #endif 50 56 ··· 2406 2398 { 2407 2399 refer_denied_by_default(_metadata, layer_dir_s2d1_execute, EXDEV, 2408 2400 layer_dir_s1d1_refer); 2401 + } 2402 + 2403 + /* 2404 + * Tests walking through a denied root mount. 2405 + */ 2406 + TEST_F_FORK(layout1, refer_mount_root_deny) 2407 + { 2408 + const struct landlock_ruleset_attr ruleset_attr = { 2409 + .handled_access_fs = LANDLOCK_ACCESS_FS_MAKE_DIR, 2410 + }; 2411 + int root_fd, ruleset_fd; 2412 + 2413 + /* Creates a mount object from a non-mount point. */ 2414 + set_cap(_metadata, CAP_SYS_ADMIN); 2415 + root_fd = 2416 + open_tree(AT_FDCWD, dir_s1d1, 2417 + AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC); 2418 + clear_cap(_metadata, CAP_SYS_ADMIN); 2419 + ASSERT_LE(0, root_fd); 2420 + 2421 + ruleset_fd = 2422 + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); 2423 + ASSERT_LE(0, ruleset_fd); 2424 + 2425 + ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)); 2426 + ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); 2427 + EXPECT_EQ(0, close(ruleset_fd)); 2428 + 2429 + /* Link denied by Landlock: EACCES. */ 2430 + EXPECT_EQ(-1, linkat(root_fd, ".", root_fd, "does_not_exist", 0)); 2431 + EXPECT_EQ(EACCES, errno); 2432 + 2433 + /* renameat2() always returns EBUSY. */ 2434 + EXPECT_EQ(-1, renameat2(root_fd, ".", root_fd, "does_not_exist", 0)); 2435 + EXPECT_EQ(EBUSY, errno); 2436 + 2437 + EXPECT_EQ(0, close(root_fd)); 2409 2438 } 2410 2439 2411 2440 TEST_F_FORK(layout1, reparent_link)