www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Christian Brauner <brauner@kernel.org>
	Wed, 12 Feb 2025 11:24:28 +0000 (12:24 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Wed, 12 Feb 2025 11:24:28 +0000 (12:24 +0100)
commit	240189294fbc9550f5cd7ae9b446ad3cf3c5386a
tree	ea319503941c20f2f91a91796695a760a73df662	tree
parent	a64dcfb451e254085a7daee5fe51bf22959d52d3	commit \| diff
parent	890ed45bde808c422c3c27d3285fc45affa0f930	commit \| diff

Merge patch series "acct: don't allow access to internal filesystems"

Christian Brauner <brauner@kernel.org> says:

In [1] it was reported that the acct(2) system call can be used to
trigger a NULL deref in cases where it is set to write to a file that
triggers an internal lookup.

This can e.g., happen when pointing acct(2) to /sys/power/resume. At the
point the where the write to this file happens the calling task has
already exited and called exit_fs() but an internal lookup might be
triggered through lookup_bdev(). This may trigger a NULL-deref
when accessing current->fs.

This series does two things:

- Reorganize the code so that the the final write happens from the
  workqueue but with the caller's credentials. This preserves the
  (strange) permission model and has almost no regression risk.

- Block access to kernel internal filesystems as well as procfs and
  sysfs in the first place.

This api should stop to exist imho.

Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
* patches from https://lore.kernel.org/r/20250211-work-acct-v1-0-1c16aecab8b3@kernel.org:
  acct: block access to kernel internal filesystems
  acct: perform last write from workqueue

Link: https://lore.kernel.org/r/20250211-work-acct-v1-0-1c16aecab8b3@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>