mirrors
/
deepin-kernel
mirror of https://github.com/deepin-community/kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
deepin-kernel/fs
History
Al Viro 1916b868ff clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns 
commit c28f922c9dcee0e4876a2c095939d77fe7e15116 upstream.

What we want is to verify there is that clone won't expose something
hidden by a mount we wouldn't be able to undo.  "Wouldn't be able to undo"
may be a result of MNT_LOCKED on a child, but it may also come from
lacking admin rights in the userns of the namespace mount belongs to.

clone_private_mnt() checks the former, but not the latter.

There's a number of rather confusing CAP_SYS_ADMIN checks in various
userns during the mount, especially with the new mount API; they serve
different purposes and in case of clone_private_mnt() they usually,
but not always end up covering the missing check mentioned above.

Reviewed-by: Christian Brauner <brauner@kernel.org>
Reported-by: "Orlando, Noah" <Noah.Orlando@deshaw.com>
Fixes: 427215d85e ("ovl: prevent private clone if bind mount is not allowed")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[ merge conflict resolution: clone_private_mount() was reworked in
  db04662e2f ("fs: allow detached mounts in clone_private_mount()").
  Tweak the relevant ns_capable check so that it works on older kernels ]
Signed-off-by: Noah Orlando <Noah.Orlando@deshaw.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit dc6a664089f10eab0fb36b6e4f705022210191d2)
 		2025-07-28 15:19:07 +08:00
..
9p fs/9p: fix uninitialized values during inode evict 2024-12-10 20:43:57 +08:00
adfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
affs affs: don't write overlarge OFS data block size fields 2025-04-14 15:49:35 +08:00
afs afs: Fix the server_list to unuse a displaced server rather than putting it 2025-03-17 20:08:50 +08:00
autofs v6.6-vfs.autofs 2023-08-28 11:39:14 -07:00
befs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
bfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
btrfs btrfs: fix assertion when building free space tree 2025-07-22 16:16:47 +08:00
cachefiles cachefiles: Fix the incorrect return value in __cachefiles_write() 2025-07-28 15:19:05 +08:00
ceph ceph: fix possible integer overflow in ceph_zero_objects() 2025-07-09 09:49:57 +08:00
coda v6.6-vfs.ctime 2023-08-28 09:31:32 -07:00
configfs configfs: Do not override creating attribute file failure in populate_attrs() 2025-07-03 11:31:49 +08:00
cramfs fs: Convert to bdev_open_by_dev() 2024-12-10 20:40:34 +08:00
crypto fs: Create a generic is_dot_dotdot() utility 2024-12-10 20:42:05 +08:00
debugfs debugfs: fix automount d_fsdata usage 2024-01-20 11:51:37 +01:00
devpts v6.6-vfs.misc 2023-08-28 10:17:14 -07:00
dlm dlm: make tcp still work in multi-link env 2025-06-10 10:34:53 +08:00
ecryptfs fs: Create a generic is_dot_dotdot() utility 2024-12-10 20:42:05 +08:00
efivarfs efivarfs: Fix error on non-existent file 2024-12-30 11:01:05 +08:00
efs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
erofs erofs: fix to add missing tracepoint in erofs_read_folio() 2025-07-22 16:16:43 +08:00
exfat exfat: fix the infinite loop in exfat_find_last_cluster() 2025-04-14 15:49:28 +08:00
exportfs exportfs: remove kernel-doc warnings in exportfs 2023-08-29 17:45:22 -04:00
ext2 ext2: Verify bitmap and itable block numbers before using them 2024-12-10 20:39:58 +08:00
ext4 ext4: only dirty folios when data journaling regular files 2025-07-03 11:31:54 +08:00
f2fs f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault 2025-07-14 10:42:19 +08:00
fat fat: fix uninitialized variable 2024-12-10 20:42:54 +08:00
freevxfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
fscache netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING 2024-12-10 20:44:25 +08:00
fuse fuse: fix race between concurrent setattrs from multiple nodes 2025-07-09 09:49:55 +08:00
gfs2 gfs2: move msleep to sleepable context 2025-07-03 11:31:49 +08:00
hfs hfs: fix null-ptr-deref in hfs_find_init() 2025-07-13 12:51:37 +08:00
hfsplus hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key 2025-05-09 22:54:46 +08:00
hostfs um: hostfs: avoid issues on inode number reuse by host 2025-04-14 15:49:24 +08:00
hpfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
hugetlbfs mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE 2024-02-23 09:25:16 +01:00
iomap iomap: skip unnecessary ifs_block_is_uptodate check 2025-05-09 23:02:59 +08:00
isofs isofs: Verify inode mode when loading from disk 2025-07-28 15:19:02 +08:00
jbd2 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() 2025-07-03 11:31:51 +08:00
jffs2 jffs2: check jffs2_prealloc_raw_node_refs() result in few other places 2025-07-03 11:32:07 +08:00
jfs jfs: validate AG parameters in dbMount() to prevent crashes 2025-07-09 09:49:57 +08:00
kernfs kernfs: Relax constraint in draining guard 2025-06-20 14:39:21 +08:00
lockd nfsd: stop setting ->pg_stats for unused stats 2024-12-10 20:40:33 +08:00
minix for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
netfs netfs: Only call folio_start_fscache() one time for each folio 2023-09-18 12:03:46 -07:00
nfs NFSv4/flexfiles: Fix handling of NFS level errors in I/O 2025-07-14 10:42:17 +08:00
nfs_common
nfsd NFSD: Force all NFSv4.2 COPY requests to be synchronous 2025-07-16 19:12:35 +08:00
nilfs2 nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() 2025-06-20 14:39:42 +08:00
nls nls: Hide new NLS_UCS2_UTILS 2023-08-31 12:07:34 -05:00
notify treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
ntfs3 fs/ntfs3: handle hdr_first_de() return value 2025-06-20 14:38:52 +08:00
ocfs2 ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery 2025-06-20 14:39:41 +08:00
omfs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
openpromfs openpromfs: finish conversion to the new mount API 2024-12-10 20:25:47 +08:00
orangefs orangefs: Do not truncate file size 2025-06-10 10:34:57 +08:00
overlayfs ovl: Check for NULL d_inode() in ovl_dentry_upper() 2025-07-09 09:49:57 +08:00
proc mm: fix the inaccurate memory statistics issue for users 2025-07-22 16:16:42 +08:00
pstore pstore: Change kmsg_bytes storage size to u32 2025-06-10 16:17:57 +08:00
qnx4 for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
qnx6 for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
quota quota: flush quota_release_work upon quota writeback 2024-12-10 20:45:12 +08:00
ramfs ramfs: convert to ctime accessor functions 2023-07-24 10:30:04 +02:00
reiserfs reiserfs: fix uninit-value in comp_keys 2024-12-10 20:40:34 +08:00
romfs fs: Convert to bdev_open_by_dev() 2024-12-10 20:40:34 +08:00
smb smb: client: fix use-after-free in cifs_oplock_break 2025-07-28 15:19:05 +08:00
squashfs Squashfs: check return result of sb_min_blocksize 2025-06-20 14:39:41 +08:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-05-05 16:30:04 +08:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-04-13 13:07:34 +02:00
tracefs eventfs: Use list_del_rcu() for SRCU protected list variable 2024-12-10 20:41:18 +08:00
ubifs ubifs: skip dumping tnc tree when zroot is null 2025-02-10 01:59:56 +08:00
udf udf: Make sure i_lenExtents is uptodate on inode eviction 2025-05-26 10:36:13 +08:00
ufs for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
unicode Revert "unicode: Don't special case ignorable code points" 2024-12-16 00:22:41 +08:00
vboxsf vboxsf: fix building with GCC 15 2025-03-23 19:26:40 +08:00
verity fsverity: use register_sysctl_init() to avoid kmemleak warning 2024-12-10 20:26:25 +08:00
xfs xfs: don't over-report free space or inodes in statvfs 2025-03-14 17:40:52 +08:00
zonefs zonefs: Improve error handling 2024-02-23 09:25:13 +01:00
Kconfig nfs: add missing selections of CONFIG_CRC32 2025-05-09 22:54:46 +08:00
Kconfig.binfmt riscv: support the elf-fdpic binfmt loader 2023-08-23 14:17:43 -07:00
Makefile fs: Remove NTFS classic 2024-12-10 20:39:15 +08:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-04-03 15:28:44 +02:00
anon_inodes.c fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass 2025-07-14 10:42:17 +08:00
attr.c v6.6-vfs.misc 2023-08-28 10:17:14 -07:00
bad_inode.c fs: drop the timespec64 argument from update_time 2023-08-11 09:04:57 +02:00
binfmt_elf.c binfmt_elf: Move brk for static PIE even if ASLR disabled 2025-05-26 10:35:56 +08:00
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: don't use missing interpreter's properties 2024-12-10 20:40:48 +08:00
binfmt_elf_test.c
binfmt_flat.c binfmt_flat: Fix integer overflow bug on 32 bit systems 2025-02-18 11:53:09 +08:00
binfmt_misc.c binfmt_misc: cleanup on filesystem umount 2024-12-10 20:40:46 +08:00
binfmt_script.c
buffer.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
char_dev.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
compat_binfmt_elf.c
coredump.c coredump: hand a pidfd to the usermode coredump helper 2025-06-10 16:18:08 +08:00
d_path.c
dax.c fsdax: dax_unshare_iter needs to copy entire blocks 2024-12-10 20:43:30 +08:00
dcache.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
direct-io.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
drop_caches.c fs: drop_caches: draining pages before dropping caches 2023-08-18 10:12:11 -07:00
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-07-11 11:41:34 +02:00
eventpoll.c eventpoll: don't decrement ep refcount while still holding the ep mutex 2025-07-22 16:16:36 +08:00
exec.c HAOC: Add support for x86 CRED Protection (CREDP). 2025-05-12 15:02:47 +08:00
fcntl.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
fhandle.c fs: Annotate struct file_handle with __counted_by() and use struct_size() 2024-12-10 20:40:35 +08:00
file.c fs: consistently deref the files table with rcu_dereference_raw() 2025-05-09 18:47:16 +08:00
file_table.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
filesystems.c fs/filesystems: Fix potential unsigned integer underflow in fs_name() 2025-06-20 14:40:42 +08:00
fs-writeback.c fs/writeback: bail out if there is no more inodes for IO and queued once 2024-12-10 20:28:54 +08:00
fs_context.c fs: factor out vfs_parse_monolithic_sep() helper 2023-10-12 18:53:36 +03:00
fs_parser.c
fs_pin.c
fs_struct.c kill do_each_thread() 2023-08-21 13:46:25 -07:00
fs_types.c
fsopen.c fs: add FSCONFIG_CMD_CREATE_EXCL 2023-08-14 18:48:02 +02:00
init.c
inode.c treewide: mark stuff as __ro_after_init 2025-02-24 17:12:56 +08:00
internal.h for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-01-31 16:18:54 -08:00
kernel_read_file.c fs: Fix kernel-doc warnings 2023-08-19 12:12:12 +02:00
libfs.c libfs: Use d_children list to iterate simple_offset directories 2025-02-05 15:10:32 +08:00
locks.c fs/locks: optimize locks_remove_posix 2025-05-08 14:17:11 +08:00
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c fuse: don't truncate cached, mutated symlink 2025-03-23 19:26:40 +08:00
namespace.c clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns 2025-07-28 15:19:07 +08:00
nsfs.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
open.c HAOC: Add support for x86 CRED Protection (CREDP). 2025-05-12 15:02:47 +08:00
pipe.c fs/pipe: use spinlock in pipe_read() only if there is a watch_queue 2025-07-02 15:45:40 +08:00
pnode.c
pnode.h
posix_acl.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
proc_namespace.c
read_write.c fs: Fix one kernel-doc comment 2023-08-15 08:32:45 +02:00
readdir.c vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
remap_range.c
select.c hrtimer: Use and report correct timerslack values for realtime tasks 2025-03-23 19:26:40 +08:00
seq_file.c
signalfd.c
splice.c splice: remove duplicate noinline from pipe_clear_nowait 2025-05-09 23:02:24 +08:00
stack.c fs: convert to ctime accessor functions 2023-07-13 10:28:04 +02:00
stat.c fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-12-03 07:33:03 +01:00
statfs.c
super.c fs: Convert to bdev_open_by_dev() 2024-12-10 20:40:34 +08:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c mm/userfaultfd: fix release hang over concurrent GUP 2025-05-09 18:47:27 +08:00
utimes.c
xattr.c fs/xattr.c: fix simple_xattr_list() 2025-07-03 11:32:05 +08:00