KVM: SVM: Move spec control call after restore of GS

[mirror_ubuntu-artful-kernel.git] / fs / proc / proc_sysctl.c

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 8f479229b349d3f629884b51864279f31593bee8..004e0b762a538a50da1b74cfcae7b855cadaa3c4 100644 (file)
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -801,11 +801,18 @@ static int proc_sys_permission(struct inode *inode, int mask)
 static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr)
 {
        struct inode *inode = d_inode(dentry);
+       struct user_namespace *s_user_ns;
        int error;
 
        if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
                return -EPERM;
 
+       /* Don't let anyone mess with weird proc files */
+       s_user_ns = inode->i_sb->s_user_ns;
+       if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
+           !kgid_has_mapping(s_user_ns, inode->i_gid))
+               return -EPERM;
+
        error = setattr_prepare(dentry, attr);
        if (error)
                return error;