• David Howells's avatar
    afs: Fix directory permissions check · 378831e4
    David Howells authored
    Doing faccessat("/afs/some/directory", 0) triggers a BUG in the permissions
    check code.
    
    Fix this by just removing the BUG section.  If no permissions are asked
    for, just return okay if the file exists.
    
    Also:
    
     (1) Split up the directory check so that it has separate if-statements
         rather than if-else-if (e.g. checking for MAY_EXEC shouldn't skip the
         check for MAY_READ and MAY_WRITE).
    
     (2) Check for MAY_CHDIR as MAY_EXEC.
    
    Without the main fix, the following BUG may occur:
    
     kernel BUG at fs/afs/security.c:386!
     invalid opcode: 0000 [#1] SMP PTI
     ...
     RIP: 0010:afs_permission+0x19d/0x1a0 [kafs]
     ...
     Call Trace:
      ? inode_permission+0xbe/0x180
      ? do_faccessat+0xdc/0x270
      ? do_syscall_64+0x60/0x1f0
      ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
    
    Fixes: 00d3b7a4 ("[AFS]: Add security support.")
    Reported-by: default avatarJonathan Billings <jsbillings@jsbillings.org>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    378831e4
security.c 10.2 KB