Merge branch 'afs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells...

Pull afs/fscache fixes from David Howells:

 - Fix the default return of fscache_maybe_release_page() when a cache
   isn't in use - it prevents a filesystem from releasing pages. This
   can cause a system to OOM.

 - Fix a potential uninitialised variable in AFS.

 - Fix AFS unlink's handling of the nlink count. It needs to use the
   nlink manipulation functions so that inode structs of deleted inodes
   actually get scheduled for destruction.

 - Fix error handling in afs_write_end() so that the page gets unlocked
   and put if we can't fill the unwritten portion.

* 'afs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  afs: Fix missing error handling in afs_write_end()
  afs: Fix unlink
  afs: Potential uninitialized variable in afs_extract_data()
  fscache: Fix the default for fscache_maybe_release_page()

diff --git a/fs/exec.c b/fs/exec.c
index 5688b5e1b9378107597a6117c8c3732889f951d2..7eb8d21bcab94b51905071d12a5205e7ac2ef194 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1349,9 +1349,14 @@ void setup_new_exec(struct linux_binprm * bprm)
 
        current->sas_ss_sp = current->sas_ss_size = 0;
 
-       /* Figure out dumpability. */
+       /*
+        * Figure out dumpability. Note that this checking only of current
+        * is wrong, but userspace depends on it. This should be testing
+        * bprm->secureexec instead.
+        */
        if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
-           bprm->secureexec)
+           !(uid_eq(current_euid(), current_uid()) &&
+             gid_eq(current_egid(), current_gid())))
                set_dumpable(current->mm, suid_dumpable);
        else
                set_dumpable(current->mm, SUID_DUMP_USER);

diff --git a/security/commoncap.c b/security/commoncap.c
index 4f8e0934095679f71e9674d4a567c6c1fe492f9e..48620c93d6976eca3a9b1cc3c34cfe21a69c7a39 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -348,21 +348,18 @@ static __u32 sansflags(__u32 m)
        return m & ~VFS_CAP_FLAGS_EFFECTIVE;
 }
 
-static bool is_v2header(size_t size, __le32 magic)
+static bool is_v2header(size_t size, const struct vfs_cap_data *cap)
 {
-       __u32 m = le32_to_cpu(magic);
        if (size != XATTR_CAPS_SZ_2)
                return false;
-       return sansflags(m) == VFS_CAP_REVISION_2;
+       return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_2;
 }
 
-static bool is_v3header(size_t size, __le32 magic)
+static bool is_v3header(size_t size, const struct vfs_cap_data *cap)
 {
-       __u32 m = le32_to_cpu(magic);
-
        if (size != XATTR_CAPS_SZ_3)
                return false;
-       return sansflags(m) == VFS_CAP_REVISION_3;
+       return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_3;
 }
 
 /*
@@ -405,7 +402,7 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
 
        fs_ns = inode->i_sb->s_user_ns;
        cap = (struct vfs_cap_data *) tmpbuf;
-       if (is_v2header((size_t) ret, cap->magic_etc)) {
+       if (is_v2header((size_t) ret, cap)) {
                /* If this is sizeof(vfs_cap_data) then we're ok with the
                 * on-disk value, so return that.  */
                if (alloc)
@@ -413,7 +410,7 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
                else
                        kfree(tmpbuf);
                return ret;
-       } else if (!is_v3header((size_t) ret, cap->magic_etc)) {
+       } else if (!is_v3header((size_t) ret, cap)) {
                kfree(tmpbuf);
                return -EINVAL;
        }
@@ -470,9 +467,9 @@ static kuid_t rootid_from_xattr(const void *value, size_t size,
        return make_kuid(task_ns, rootid);
 }
 
-static bool validheader(size_t size, __le32 magic)
+static bool validheader(size_t size, const struct vfs_cap_data *cap)
 {
-       return is_v2header(size, magic) || is_v3header(size, magic);
+       return is_v2header(size, cap) || is_v3header(size, cap);
 }
 
 /*
@@ -495,7 +492,7 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
 
        if (!*ivalue)
                return -EINVAL;
-       if (!validheader(size, cap->magic_etc))
+       if (!validheader(size, cap))
                return -EINVAL;
        if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
                return -EPERM;