Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2218234,
    "url": "http://patchwork.ozlabs.org/api/patches/2218234/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260331182602.64469-2-massimiliano.pellizzer@canonical.com/",
    "project": {
        "id": 15,
        "url": "http://patchwork.ozlabs.org/api/projects/15/?format=api",
        "name": "Ubuntu Kernel",
        "link_name": "ubuntu-kernel",
        "list_id": "kernel-team.lists.ubuntu.com",
        "list_email": "kernel-team@lists.ubuntu.com",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260331182602.64469-2-massimiliano.pellizzer@canonical.com>",
    "list_archive_url": null,
    "date": "2026-03-31T18:26:01",
    "name": "[SRU,J,1/2] UBUNTU: SAUCE: Revert \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\"",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "a2dcff7f99c3f248d426cd0bc5e9432a8cbfc399",
    "submitter": {
        "id": 89057,
        "url": "http://patchwork.ozlabs.org/api/people/89057/?format=api",
        "name": "Massimiliano Pellizzer",
        "email": "massimiliano.pellizzer@canonical.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260331182602.64469-2-massimiliano.pellizzer@canonical.com/mbox/",
    "series": [
        {
            "id": 498238,
            "url": "http://patchwork.ozlabs.org/api/series/498238/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=498238",
            "date": "2026-03-31T18:26:00",
            "name": "CVE-2023-2640 and CVE-2023-32629",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/498238/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2218234/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2218234/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=HEUfqVt9;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4flc6346nNz1yCp\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 01 Apr 2026 05:27:07 +1100 (AEDT)",
            "from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1w7dno-0007uY-L0; Tue, 31 Mar 2026 18:27:00 +0000",
            "from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <massimiliano.pellizzer@canonical.com>)\n id 1w7dnm-0007lN-7D\n for kernel-team@lists.ubuntu.com; Tue, 31 Mar 2026 18:26:58 +0000",
            "from mail-lj1-f199.google.com (mail-lj1-f199.google.com\n [209.85.208.199])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1A2813F28E\n for <kernel-team@lists.ubuntu.com>; Tue, 31 Mar 2026 18:26:58 +0000 (UTC)",
            "by mail-lj1-f199.google.com with SMTP id\n 38308e7fff4ca-38bda0c2e91so28248021fa.2\n for <kernel-team@lists.ubuntu.com>; Tue, 31 Mar 2026 11:26:58 -0700 (PDT)",
            "from framework.ts.net (net-93-71-66-38.cust.vodafonedsl.it.\n [93.71.66.38]) by smtp.gmail.com with ESMTPSA id\n 38308e7fff4ca-38c836d3f25sm23444221fa.9.2026.03.31.11.26.55\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 31 Mar 2026 11:26:56 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1774981618;\n bh=vM+5/xIT59mm6cMwhqp2lnvnMme33iBtEebl9sW8ITg=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=HEUfqVt9gyL8VDnOSR1vgkyCszgWdBJr6cM2eU7ASiKn7VjJdD9aHT8v2F7Wjl/x0\n 07xkYUSN15O6YhztsZHOnqmeHP+twfN1WYKiK+ECJ1+rKdOhgXCa7y9y9hx6s8aysD\n mB41KtfbfDsA054AGglTffTJZidzsgMEuoRNHJHTMTOzKiaeX0m5sZwiWJrSSBZgTe\n UapAr0/mkaf59xmhZ9888u5C/1X/wgP2BmYHM/GaCF4VxnOnOxK7R5fpOQkA1R8QLj\n Bk0Sc5j+WKgiZG9zmFVDIdXA4Oh9Jv+nXCL8Gk+lTR73LqjO2Z2Eov0GhJg2apccPb\n ZlltKSKEVeQNh81nKHAyRVJjnsmMhFMipzSdDiRSQ3YzWHA/lb+mcvOBHpPA+SMfpP\n mtagaEkPh23s+5novr7xzZms4Ct6EJz8ZVQj6Spc7bgU3TkbG59/Jyc73tI9VG2j0O\n RAuQSkg019o6MAJVdGxjb+fsrUb6pQsIqlGI1nUh5K/9pYeLEr0SJ/DWU7/0NZ7N2B\n rQHU0X1TQ5DmgXpvWcgHwUQ4h6yc0pcbzsT7Ix5ZOEZCeTP/J9KDagmQwaivoyTmnf\n MaUQ4fLS2MgDwN6hP7+FQkDKf87n9m+RGs8oxB0ZPEIP5kuPzfiQaeeuEfcIrHXHY1\n eL2ENNZN3ox6ZEia0JjHVxMc=",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1774981617; x=1775586417;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=vM+5/xIT59mm6cMwhqp2lnvnMme33iBtEebl9sW8ITg=;\n b=mCRogR64YJG1p3mr9Gz7q6FV9WEEpANEWCpYn2y6EvMZCSBZOC6tfjLgWjOfj0OX5q\n +P5AxwLfa6EedwYlhWj+VVgtVmeKnXffED26kPoShCuGhUl7l3KoWEogc/zyPPWiDEHz\n tGXDuAx10IjJDYZKzFytcR/z5bL/8W8kGxrpdtgbQMKRjQ5PSP5/aNdeOS7M6FvmbUxP\n iMIZnJNVnP8DWvBLeDbDDhj6x2NSTe3kFX9CL4RZb/COQuG6EQcOyHVKGhAmZNC9rxtl\n LcJ4RgmQYYBvfN/LbyNeuB1zHZjJu3ynzifP8yNM0bH01WY1BOSM5tYBV7XdnSmuejKO\n o2Bw==",
        "X-Gm-Message-State": "AOJu0Ywem5AUHBRvndTt9mNKbbS8Xs/ETMP5VWwSja2eYF5R1XbHfAPu\n yzUpN7yaPSWRUsz+AgBlJ2gwyl/roIVnqZ54YfBogDobkst0LMv03kYdlxdcvscveY0ceZfmsTC\n DX3r3HkHsm5b9eHG19p6ZIi6mjNQFhVI8xnRpmuGDvj0czats2Z5RgUcH3K1rN1RIP8yHNjJ0LU\n fTgwqkKD8yqQBadw==",
        "X-Gm-Gg": "ATEYQzxogpdI2WqYBXs9Ps2UmrGGdjXvvhdlYDBQovSA0dlsKujSsFIrPtovlog5StU\n ZrvMhPVqv/xMIuyMm4zGuXgqLFHOqmLvV7TbcrdItugMwzDKQNTs+dHYWnLFR0N5GPky+bNF2y5\n GYNXQvArlmX5vyvcaziPT70n6MuVOzx8Z4uSFjQusXprexKXPBsGdIGdkec/oEaShCjYR2KWyIl\n lZW7MmzkiohLVvKQFdfg4Tk6L8e3yBGtO2K6aXLxMxFPGxL/lzEpZUXLqB2OIzQzScCsFZa1myu\n /368A1NLUwfPVI9phpIfJjsgnDqvKJo1w8ESL2IRh/tBUp3sXuYksy6P2jItVAjEBZLq2uQEiZ/\n wYapEc3YrPwBLr5eIDVwC/xrl1/H/dL9u6Zh0G81jeSU66DxWV+/Cv/WVpQhnXIV7kWvI+aeRiE\n hbEuaJLqSi8Hfxs2rhgOXz6RA6uX6tCwSOKgysceP5npSURtdizu+ol/CBymEmx3zoBV4WTpw=",
        "X-Received": [
            "by 2002:a2e:a239:0:b0:38b:50c7:8239 with SMTP id\n 38308e7fff4ca-38cc305a15fmr840511fa.21.1774981617050;\n Tue, 31 Mar 2026 11:26:57 -0700 (PDT)",
            "by 2002:a2e:a239:0:b0:38b:50c7:8239 with SMTP id\n 38308e7fff4ca-38cc305a15fmr840381fa.21.1774981616482;\n Tue, 31 Mar 2026 11:26:56 -0700 (PDT)"
        ],
        "From": "Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>",
        "To": "kernel-team@lists.ubuntu.com",
        "Subject": "[SRU][J][PATCH 1/2] UBUNTU: SAUCE: Revert \"UBUNTU: SAUCE: overlayfs:\n Skip permission checking for trusted.overlayfs.* xattrs\"",
        "Date": "Tue, 31 Mar 2026 20:26:01 +0200",
        "Message-ID": "<20260331182602.64469-2-massimiliano.pellizzer@canonical.com>",
        "X-Mailer": "git-send-email 2.51.0",
        "In-Reply-To": "<20260331182602.64469-1-massimiliano.pellizzer@canonical.com>",
        "References": "<20260331182602.64469-1-massimiliano.pellizzer@canonical.com>",
        "MIME-Version": "1.0",
        "X-BeenThere": "kernel-team@lists.ubuntu.com",
        "X-Mailman-Version": "2.1.20",
        "Precedence": "list",
        "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>",
        "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>",
        "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>",
        "List-Post": "<mailto:kernel-team@lists.ubuntu.com>",
        "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>",
        "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "kernel-team-bounces@lists.ubuntu.com",
        "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"
    },
    "content": "This reverts commit 3fb38c98e060b327cb58373775dcc95ed52d1f22.\n\nThe reverted commit bypasses vfs_setxattr() in ovl_do_setxattr() by\ncalling __vfs_setxattr_noperm() directly. After After upstream commit\nc914c0e27eb0 (\"ovl: use wrappers to all vfs_*xattr() calls\")\nwas backported, this routed security.capability writes during copy-up\nthrough the unchecked path, bypassing cap_convert_nscap() and enabling\nCVE-2023-2640 and CVE-2023-32629.\n\nCVE-2023-2640\nCVE-2023-32629\nSigned-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>\n---\n fs/overlayfs/overlayfs.h | 15 ++-------------\n fs/xattr.c               | 36 ++++++------------------------------\n include/linux/xattr.h    |  1 -\n 3 files changed, 8 insertions(+), 44 deletions(-)",
    "diff": "diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h\nindex 585797e23b547..43b211cf437cc 100644\n--- a/fs/overlayfs/overlayfs.h\n+++ b/fs/overlayfs/overlayfs.h\n@@ -211,12 +211,7 @@ static inline int ovl_do_setxattr(struct ovl_fs *ofs, struct dentry *dentry,\n \t\t\t\t  const char *name, const void *value,\n \t\t\t\t  size_t size, int flags)\n {\n-\tstruct inode *inode = dentry->d_inode;\n-\tint err;\n-\n-\tinode_lock(inode);\n-\terr = __vfs_setxattr_noperm(&init_user_ns, dentry, name, value, size, flags);\n-\tinode_unlock(inode);\n+\tint err = vfs_setxattr(&init_user_ns, dentry, name, value, size, flags);\n \n \tpr_debug(\"setxattr(%pd2, \\\"%s\\\", \\\"%*pE\\\", %zu, %d) = %i\\n\",\n \t\t dentry, name, min((int)size, 48), value, size, flags, err);\n@@ -233,13 +228,7 @@ static inline int ovl_setxattr(struct ovl_fs *ofs, struct dentry *dentry,\n static inline int ovl_do_removexattr(struct ovl_fs *ofs, struct dentry *dentry,\n \t\t\t\t     const char *name)\n {\n-\tstruct inode *inode = dentry->d_inode;\n-\tint err;\n-\n-\tinode_lock(inode);\n-\terr = __vfs_removexattr_noperm(&init_user_ns, dentry, name);\n-\tinode_unlock(inode);\n-\n+\tint err = vfs_removexattr(&init_user_ns, dentry, name);\n \tpr_debug(\"removexattr(%pd2, \\\"%s\\\") = %i\\n\", dentry, name, err);\n \treturn err;\n }\ndiff --git a/fs/xattr.c b/fs/xattr.c\nindex bad89a9144cc7..030f93f3f9d0e 100644\n--- a/fs/xattr.c\n+++ b/fs/xattr.c\n@@ -239,7 +239,6 @@ int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,\n \n \treturn error;\n }\n-EXPORT_SYMBOL_GPL(__vfs_setxattr_noperm);\n \n /**\n  * __vfs_setxattr_locked - set an extended attribute while holding the inode\n@@ -474,34 +473,6 @@ __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,\n }\n EXPORT_SYMBOL(__vfs_removexattr);\n \n-/**\n- *  __vfs_removexattr_noperm - perform removexattr operation without\n- *  performing permission checks.\n- *\n- *  @dentry - object to perform setxattr on\n- *  @name - xattr name to set\n- *\n- *  returns the result of the internal setxattr or setsecurity operations.\n- *\n- *  This function requires the caller to lock the inode's i_mutex before it\n- *  is executed. It also assumes that the caller will make the appropriate\n- *  permission checks.\n- */\n-int\n-__vfs_removexattr_noperm(struct user_namespace *mnt_userns,\n-\t\t\t struct dentry *dentry, const char *name)\n-{\n-\tint error;\n-\n-\terror =__vfs_removexattr(mnt_userns, dentry, name);\n-\tif (!error) {\n-\t\tfsnotify_xattr(dentry);\n-\t\tevm_inode_post_removexattr(dentry, name);\n-\t}\n-\treturn error;\n-}\n-EXPORT_SYMBOL_GPL(__vfs_removexattr_noperm);\n-\n /**\n  * __vfs_removexattr_locked - set an extended attribute while holding the inode\n  * lock\n@@ -532,7 +503,12 @@ __vfs_removexattr_locked(struct user_namespace *mnt_userns,\n \tif (error)\n \t\tgoto out;\n \n-\terror = __vfs_removexattr_noperm(mnt_userns, dentry, name);\n+\terror = __vfs_removexattr(mnt_userns, dentry, name);\n+\n+\tif (!error) {\n+\t\tfsnotify_xattr(dentry);\n+\t\tevm_inode_post_removexattr(dentry, name);\n+\t}\n \n out:\n \treturn error;\ndiff --git a/include/linux/xattr.h b/include/linux/xattr.h\nindex 077b3844f2eeb..4c379d23ec6e7 100644\n--- a/include/linux/xattr.h\n+++ b/include/linux/xattr.h\n@@ -63,7 +63,6 @@ int __vfs_setxattr_locked(struct user_namespace *, struct dentry *,\n int vfs_setxattr(struct user_namespace *, struct dentry *, const char *,\n \t\t const void *, size_t, int);\n int __vfs_removexattr(struct user_namespace *, struct dentry *, const char *);\n-int __vfs_removexattr_noperm(struct user_namespace *, struct dentry *, const char *);\n int __vfs_removexattr_locked(struct user_namespace *, struct dentry *,\n \t\t\t     const char *, struct inode **);\n int vfs_removexattr(struct user_namespace *, struct dentry *, const char *);\n",
    "prefixes": [
        "SRU",
        "J",
        "1/2"
    ]
}