Re: [PATCH 6.1 00/15] 6.1.48-rc1 review

From: Christian Brauner
Date: Fri Aug 25 2023 - 03:46:43 EST


On Fri, Aug 25, 2023 at 12:35:46PM +0530, Naresh Kamboju wrote:
> + linux-nfs and more
>
> On Thu, 24 Aug 2023 at 19:45, Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > This is the start of the stable review cycle for the 6.1.48 release.
> > There are 15 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat, 26 Aug 2023 14:14:28 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.48-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
>
> Following test regression found on stable-rc 6.1.
> Rpi4 is using NFS mount rootfs and running LTP syscalls testing.
> chown02 tests creating testfile2 on NFS mounted and validating
> the functionality and found that it was a failure.
>
> This is already been reported by others on lore and fix patch merged
> into stable-rc linux-6.4.y [1] and [2].
>
> Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>
>
> Test log:
> --------
> chown02.c:46: TPASS: chown(testfile1, 0, 0) passed
> chown02.c:46: TPASS: chown(testfile2, 0, 0) passed
> chown02.c:58: TFAIL: testfile2: wrong mode permissions 0100700, expected 0102700
>
> fchown02.c:57: TPASS: fchown(3, 0, 0) passed
> fchown02.c:57: TPASS: fchown(4, 0, 0) passed
> fchown02.c:67: TFAIL: testfile2: wrong mode permissions 0100700,
> expected 0102700
>
>
> ## Build
> * kernel: 6.1.48-rc1
> * git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
> * git branch: linux-6.1.y
> * git commit: c079d0dd788ad4fe887ee6349fe89d23d72f7696
> * git describe: v6.1.47-16-gc079d0dd788a
> * test details:
> https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.47-16-gc079d0dd788a
>
> ## Test Regressions (compared to v6.1.46)
> * bcm2711-rpi-4-b, ltp-syscalls
> - chown02
> - fchown02
>
> * bcm2711-rpi-4-b-64k_page_size, ltp-syscalls
> - chown02
> - fchown02
>
> * bcm2711-rpi-4-b-clang, ltp-syscalls
> - chown02
> - fchown02
>
>
>
>
> Do we need the following patch into stable-rc linux-6.1.y ?
>
> I see from mailing thread discussion, says that
>
> the above commit is backported to LTS kernels -- 5.10.y,5.15.y and 6.1.y.

s/above/below/?

All setgid related infrastructure and fixes have been backported to all
LTSes. This one is needed for nfsd so yes, it should also be backported.

>
>
> ----
>
> nfsd: use vfs setgid helper
> commit 2d8ae8c417db284f598dffb178cc01e7db0f1821 upstream.
>
> We've aligned setgid behavior over multiple kernel releases. The details
> can be found in commit cf619f891971 ("Merge tag 'fs.ovl.setgid.v6.2' of
> git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping") and
> commit 426b4ca2d6a5 ("Merge tag 'fs.setgid.v6.0' of
> git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux").
> Consistent setgid stripping behavior is now encapsulated in the
> setattr_should_drop_sgid() helper which is used by all filesystems that
> strip setgid bits outside of vfs proper. Usually ATTR_KILL_SGID is
> raised in e.g., chown_common() and is subject to the
> setattr_should_drop_sgid() check to determine whether the setgid bit can
> be retained. Since nfsd is raising ATTR_KILL_SGID unconditionally it
> will cause notify_change() to strip it even if the caller had the
> necessary privileges to retain it. Ensure that nfsd only raises
> ATR_KILL_SGID if the caller lacks the necessary privileges to retain the
> setgid bit.
>
> Without this patch the setgid stripping tests in LTP will fail:
>
> > As you can see, the problem is S_ISGID (0002000) was dropped on a
> > non-group-executable file while chown was invoked by super-user, while
>
> [...]
>
> > fchown02.c:66: TFAIL: testfile2: wrong mode permissions 0100700, expected 0102700
>
> [...]
>
> > chown02.c:57: TFAIL: testfile2: wrong mode permissions 0100700, expected 0102700
>
> With this patch all tests pass.
>
> Reported-by: Sherry Yang <sherry.yang@xxxxxxxxxx>
> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
> Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
>
>
> [1] https://lore.kernel.org/linux-nfs/20230502-agenda-regeln-04d2573bd0fd@brauner/
> [2] https://lore.kernel.org/all/202210091600.dbe52cbf-yujie.liu@xxxxxxxxx/
> --
> Linaro LKFT
> https://lkft.linaro.org