Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1921892imu;
        Fri, 14 Dec 2018 02:58:17 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VVLBDe30siRrG4Rd8BmAzTJyJ10ja+tAnerdD40bMus7td85fTuNERey1pq3YUhfwLoUl7
X-Received: by 2002:a17:902:ac1:: with SMTP id 59mr2418723plp.36.1544785097777;
        Fri, 14 Dec 2018 02:58:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544785097; cv=none;
        d=google.com; s=arc-20160816;
        b=Fo78r0sVP+6eJx2DRGAxSAHsHB/5N8n2h+Tn7emzIRakUpdTToUe6Oc7++Uv2KK1Fo
         D0LgyN1CW+9zJOdSwkDhm428Un2o3jskFytKUuctfjvvUCBgoRY8RcQYrMQpDxZlIafh
         3c6cm0Kbdp0gk5qxbjysIePULqpkkS0lOHUWXMNT41OQilg3VxpShebsxMkbV6iLmOxj
         z0qUB+fKXQg4Gip4LGOvW/5RCh/GhdM82AQ1TwD2J1yaDQpvcfSeKAmIWvTFFT6EIqPQ
         O6eCMkw7inO3Bt/chI/GQ078vrpjilEqH7se2Hj/oa6tJHISN4u3KvuG77Pi3EobX9Iz
         iLkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date
         :message-id:autocrypt:openpgp:from:references:cc:to:subject
         :dkim-signature;
        bh=eO0hfxNFXCjAkQVX2xPj0+oodFc9J3+4CLzrdHyz2uk=;
        b=tl/32mxQ1tdXsELJqkiLZIP5A/suseb2qrYDRNkN/yV2lFoHEW3a9WIoEuVXlsRbCW
         d8EQwnkMR5Q1p91C81Adkk9YJ6C5EDQc9llqcjrI1DSAdJMTh3fOYMqhFTQ/OkuJMrzg
         2YBbxrNZkHUSxzPdBvZ+kox01fNZv9HM4Pn5b4w0RfCkYLaR60HlQVF116Pve1wsZVWc
         v2R3iloD8QGRSRwjNSsg+NOaXRmtXmobS9NCALp7VgmtKluCGgZTur2UNbdaGPcpIIFu
         Vk9jEMTg7FGEG5opXSC/BAhamM9qP7QnBB73Iwi+JAoNxVRSaBPV6Vl6AVp6PirOYQOz
         8UPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tu-dortmund.de header.s=unimail header.b=BQ22JZZi;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i64si3717095pge.361.2018.12.14.02.58.02;
        Fri, 14 Dec 2018 02:58:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tu-dortmund.de header.s=unimail header.b=BQ22JZZi;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729587AbeLNK4H (ORCPT <rfc822;schlichte.alexander@gmail.com>
        + 99 others); Fri, 14 Dec 2018 05:56:07 -0500
Received: from mx1.hrz.uni-dortmund.de ([129.217.128.51]:47549 "EHLO
        unimail.uni-dortmund.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726281AbeLNK4H (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Dec 2018 05:56:07 -0500
Received: from [129.217.43.49] (limnos.cs.uni-dortmund.de [129.217.43.49])
        (authenticated bits=0)
        by unimail.uni-dortmund.de (8.16.0.29/8.16.0.29) with ESMTPSA id wBEAtvIK014440
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
        Fri, 14 Dec 2018 11:55:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tu-dortmund.de;
        s=unimail; t=1544784958;
        bh=7YXOZkZpKS9oGlgdbECYTMOT77genwZi/MStKW77nVI=;
        h=Subject:To:Cc:References:From:Date:In-Reply-To;
        b=BQ22JZZixCaZ+ni+qb3HYGWNQejsjjQN2WaSJwYRgj/iRuWnu157THFLsMVdkYSqw
         sqX0US5grmVAAP/00Fa6tJ1NfQc4RqWnzSvXZDE3Jn1DaTTAmpFyv/mwZAobIURKUC
         yVUVUs7dXXtVfYssudgMiXCD2LOlmzAWauGa9TPo=
Subject: [PATCH] Abort file_remove_privs() for non-reg. files
To:     Jan Kara <jack@suse.cz>, Al Viro <viro@zeniv.linux.org.uk>
Cc:     linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
References: <4903939e-d3d6-b0c2-9c33-0fea0a61213c@tu-dortmund.de>
 <20181207175811.GZ2217@ZenIV.linux.org.uk>
 <5c86e85f-0ad4-935a-3021-7046551f361f@tu-dortmund.de>
 <20181208004944.GA2217@ZenIV.linux.org.uk>
 <20181210094722.GB29289@quack2.suse.cz>
From:   Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
Openpgp: preference=signencrypt
Autocrypt: addr=alexander.lochmann@tu-dortmund.de; prefer-encrypt=mutual;
 keydata=
 mQINBFQIyUEBEADZ+x+Ssg/46SiU66zm2lPGYAdqYfmXVv+sf/23+/KSj0FQHZKywzWjsmgR
 vWZZVlGJolwcW3MJ/g6ctZeOpfYiZVpzbZwNgKU0ETGjUmqmlq5/o5KnENKOimZzaKSaNn9p
 IC+EIeWXvu7pQjW0w1bK/RVVNw0p1Iz82W4Z+vKtD8CS+YJLAcZ6YoZMvQEg84O9odlV2Ryp
 oVj9EzHH40TWEdtgd4pQkaOks01PEr19sJXUjnP0VxLfs91AZjRnmGJKnI4HcrOKwquoQEeL
 DtHCxK0VNeoXCWkz33uBxSL5cicQ7D09hxjWthMilUpDZT94x0K452q4nybQ1TSLTYC8mlW+
 xKUvJmqfHZbITJ10dTgjNvOe0kLbpXeQ1789lNmnA9bkQAK5Cefo55WbXmr1Mo3PV7y0XCib
 OaiijPlZo/Isc03EOK3lHPK8NuY8G+ftvphO4RyXCUWXw/o01cDnPaIEcTWkUbXvMhf/6ltP
 1QWEfkguzGVjTw7Xssm9YuokC+P+49JKRyZzyCJZ022OxMlsX6c1BNZ4+cWUNmn6xr1xRNse
 SglpMLL1m3K1KuLf1hdAor6PBzFLiLa33lUhsWtg1ACFhpfZZOQRVas2McXTYUUpmCzOYI5F
 +km5q6cZStr9m7O3Y3DDGotiaJDpLtATwZ4MIM4ADbg/xl6ZgwARAQABtDZBbGV4YW5kZXIg
 TG9jaG1hbm4gPGFsZXhhbmRlci5sb2NobWFubkB0dS1kb3J0bXVuZC5kZT6JAj4EEwECACgF
 AlQIyUECGyMFCQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFk+7QW8Pvb9I34Q
 AIEGy9Pt1nK8r+0baVF5KBXzoZuQIQ7ZfxJ0MFrCQSvRYEWevm2a0p5lBDOpb/VL8VtYMVO2
 xZewerWoXyWMIeWmmCeSuVGdLDT/YV6BA54KzJkptmXxQaUVdiY+Fl0jxFODAXvSxI36MdzQ
 PFMwcSqxs5lZaxxyUWPidwanaQ5QNkShY2ljFD8gnKALiCxd/PqexLRlLinvqJ01EArxmPum
 PeA6nckWh4PGk1IGm7FiNZ5TYhCaq9lh5Hg5LsSJhJrOfgeT92hI7cLEwjKvRLrjH+NzbNFW
 tX4gWlwUHU5afP71AY9RfNXt/Ul8w+R5CX6W9xaiuS5MZZS5SZYeHU5QAfqaomSRkVb2uqwf
 Lahx76ONwOtsVbMLshaA9mxsgMUNDhOYxyKQOnYz2qThwZloEOgICaxIZG7WJug0HL4YGXG7
 EJdFn2fEs6WUCeZ1DWGUGf92N+AFMBBJ/HP1fVlkAwuubOF7QdPTrsGwd8Tz0tkFzxd/W496
 OvGO/OZZCw+pKnDODJyXtBs3jr6cu9evEasiaQEVL+nfhTGyNVW+dldn6uj7tJ3qLQbuk+o4
 BLrUwjWXLdA4nMEGgtm8WabEyjoolP2BfjMTgEFQHhxaW0t4fIYLO5kM3lNphwXxmA4Lys+x
 RCPyLSitlqwrqDW19v56NTipcAqsczgpGZRGuQINBFQIyUEBEACcIW4RnxXteHv/Hl4/l926
 sozOCL8iwT/OD9QvL3171Y1MDX8bt8LneMoh5RG4SegtdVaA4jLkdv8BTmRbY7qZrzJjYJX4
 PUyvmuZbqpa+PF1c5uqUcuhwpXlQAupL1dCgO5p1xbdCxEOB9Lm+2hUFJy1LsvidwieJdFqR
 l09a/IypKtqywJxa6sSJp9ZPPCPMJnJxIVzGqAwHWO84LfIX5I6BRUbqAhxljJm40Bk79z+P
 HdytD0SaTuWIhsVYRFchKLxqbXokUhJaWupE1v4xFe2Sqty9vSCrJZMRZRTLvngRxbJVHIJJ
 sK685HNS3QJSrFtql+SGMkPHpX92+ZCmyTH6DAQ3Y0MtjJTcoYKu3fI8KT9BSsLuuXUToX7Y
 l4RbFB5s0rwZ2XMweKJdkwypC5fSZmLtEwgimMQ4VfBBUPJCvHhmvOHKX3Wls99D7xYWP7Lr
 iinmjbduiaO/A+bLjAdLqqGJpjQ7T3z+vqxzp3IaeJ3ObSnnnPppcKVAf6qZqu5Yfc31q/OY
 n19WyGIhwK3MuuVmjatxMmGgkSxzgTTP3jFQ008qymPcgrvgOR+MECCIpXjOMfenOhhsKnhu
 F7hxUS/6JtYKsEMEwJXVN509sNhJiEzSY9q+VYn9IArHSBMmpi5l6XvI1iwPD9HRNursPxKV
 lfi8lQsC7zxuTQARAQABiQIlBBgBAgAPBQJUCMlBAhsMBQkJZgGAAAoJEFk+7QW8Pvb9EkkP
 /2LyGWWOoTAGBhzvgKiYzarS3WQNZCuFHSfB/XXg4SRSX3NsxGVZWdLvVVgzWo1+tC1Qk6wO
 IVQSSw20wQXe8boZ8yiB8eM4ohfS0lySO9gOkQLYLijWg3JIYwTbqyK2X8LpbCs7eUTXM9NO
 6pmVtoc3LBBIXQElX8ir0BZZ19OCSConTkyVHYK6IbEJ11PxjJG5ZS7anI4FQt0muzykZrhk
 bmf5IV3DtJ/KUfhQjnJa2B/KoT7F6vpTCoyPtaBUHQXEAb2NaZVwF06WXsqfX4yleym3Jlfx
 Rfa4+BOJ4Gf2EFd3wYCsIb33ulaXBLWa8w3A/FdQSW9NBM4iYlPxRg+5eXn+oajpyKqPLetH
 WRNMN4NSHVSpu+JRqRlTDO3HCn/peQ0OB/Iaf3HN3DLZdbjtZY40xl1iR9TMgD2fn2MlAFy3
 dSKfjeCAQYP9can1MgebE729MI7QhtzuUYdHy+iJO/ENNlSgFo5DLwRqssEGqWag0xWPgcni
 UAERITTzHJeevSeZh5ThHyD173Pwn+tIhR4bK5RFy/gnzwqHckl8Hw7o06m51yI4dUVeatNT
 mAiNrmW3iQnvehjLZOYXOXx4ovsWdvQn01dUo3gCXdEWQ5yQLOQRGTCcrq1hzCEd//viy9oT
 spNrcZJf1pbo3EKkCwUPAltq51ramtYzOu4K
Message-ID: <cbdc8071-de76-bb0a-6890-15ef21023a70@tu-dortmund.de>
Date:   Fri, 14 Dec 2018 11:55:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <20181210094722.GB29289@quack2.suse.cz>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="JjfWRqjwjErtodkclgq5RFtSUt2qIWOew"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--JjfWRqjwjErtodkclgq5RFtSUt2qIWOew
Content-Type: multipart/mixed; boundary="CzUeCfT42Mg2ohx4Pz7JPKyLHyOZp8N35";
 protected-headers="v1"
From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
To: Jan Kara <jack@suse.cz>, Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
 Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
Message-ID: <cbdc8071-de76-bb0a-6890-15ef21023a70@tu-dortmund.de>
Subject: [PATCH] Abort file_remove_privs() for non-reg. files
References: <4903939e-d3d6-b0c2-9c33-0fea0a61213c@tu-dortmund.de>
 <20181207175811.GZ2217@ZenIV.linux.org.uk>
 <5c86e85f-0ad4-935a-3021-7046551f361f@tu-dortmund.de>
 <20181208004944.GA2217@ZenIV.linux.org.uk>
 <20181210094722.GB29289@quack2.suse.cz>
In-Reply-To: <20181210094722.GB29289@quack2.suse.cz>

--CzUeCfT42Mg2ohx4Pz7JPKyLHyOZp8N35
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: quoted-printable


file_remove_privs() might be called for non-regular files, e.g.
blkdev inode. There is no reason to do its job on things
like blkdev inodes, pipes, or cdevs. Hence, abort if
file does not refer to a regular inode.
The following stacktrace shows how to get there:
13: entry_SYSENTER_32:460
12: do_fast_syscall_32:410
11: _static_cpu_has:146
10: do_syscall_32_irqs_on:322
09: SyS_pwrite64:636
08: SYSC_pwrite64:650
07: fdput:38
06: vfs_write:560
05: __vfs_write:512
04: new_sync_write:500
03: blkdev_write_iter:1977
02: __generic_file_write_iter:2897
01: file_remove_privs:1818
00: inode_has_no_xattr:3163

Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
Spinczyk)

Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
---
 fs/inode.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index 35d2108d567c..682088190413 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1820,8 +1820,13 @@ int file_remove_privs(struct file *file)
 	int kill;
 	int error =3D 0;

-	/* Fast path for nothing security related */
-	if (IS_NOSEC(inode))
+	/*
+	 * Fast path for nothing security related.
+	 * As well for non-regular files, e.g. blkdev inodes.
+	 * For example, blkdev_write_iter() might get here
+	 * trying to remove privs which it is not allowed to.
+	 */
+	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
 		return 0;

 	kill =3D dentry_needs_remove_privs(dentry);
--=20
2.19.2


--CzUeCfT42Mg2ohx4Pz7JPKyLHyOZp8N35--

--JjfWRqjwjErtodkclgq5RFtSUt2qIWOew
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElhZsUHzVP0dbkjCRWT7tBbw+9v0FAlwTjDkACgkQWT7tBbw+
9v2lFw//d5PrNkB6O7b9Mo6br32SVcWb2UIBMsgxgwikWTNNk8fCcR4KAtl1ZN2k
SBX5wvEfNe0U7nFx8HCYlD+3m+wnqZK+hF6Fpaf9CAvXaSDHg7B4o8riVJzoDod7
VoNsCscMtpergCp+qaGBozF1W+GH7TaERiNSKTqDeJ2MocMvIoTye+sZAQo5UMW9
n15q/ImRg7k2trVs/vz3BX/e43bb+ThxvLim2t74Wm89MJ0KRLFMpUSswPys7QSM
roSaqRxfS/gQwx/UANGwZmznZfybUJJGNVJXpN2kji95FhqZ2/x1zVFfQW0P2yLW
kw8HhIVRhd7+wMsTrw2sMHxu6Dh04vnKFoAb9bTmPfUgctO9FuN502m2Cy+HeKI2
Z/dzENG8UBOTKTJcbfcxNpnBCw+YdZtLZgc2beKQsDhW675pyeoX3gHm/CXd/QfH
WhPWY+ht9CutoJ9OS5NVE+1o2zjeH72PlOqi1xX1qYG9xU992jSkGHRg7fMZXibF
5GKqVoUkQYk58CaNsXGLFSMubU2oSmvUDksPeJeLD4oSi+4Z8GPYuaAGOBnd92g/
E38I9fCSCiT9tZMb23G3q4myhclzFGLWMmBoWnSQxa8BWVY6NDGQ7NnsSyLfsEla
4w99aoZI+LkjefjLy+3YHrvzxinZoR9RegWU66oYZNDAE4Igl4Q=
=SBCC
-----END PGP SIGNATURE-----

--JjfWRqjwjErtodkclgq5RFtSUt2qIWOew--