From patchwork Wed Aug 13 13:48:38 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andy Whitcroft <apw@canonical.com>
X-Patchwork-Id: 379646
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id EB89D140081;
	Wed, 13 Aug 2014 23:49:08 +1000 (EST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1XHYvK-0005GT-0o; Wed, 13 Aug 2014 13:49:06 +0000
Received: from mail-we0-f176.google.com ([74.125.82.176])
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <apw@canonical.com>) id 1XHYv4-00058y-2i
	for kernel-team@lists.ubuntu.com; Wed, 13 Aug 2014 13:48:50 +0000
Received: by mail-we0-f176.google.com with SMTP id q58so11259625wes.21
	for <kernel-team@lists.ubuntu.com>;
	Wed, 13 Aug 2014 06:48:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=mg60QZvMJr0gixAMg4TOhDnU22b0pvi7L/UwDcqMPAU=;
	b=Uf80iAYQ9YgY/sq0xw+dczGRvcE9rCNrwoBVOKzStNUbqCgCq9FGnIqkUpKU1cfaQ+
	r6461sCnu5Pxz6p/fhj+tDZhc19P8n1Zsjd5fyOC4RaiBqzLan570Nr7peHoUHnf01MO
	HZ4CfrelQKBkIq9XwSvSZeGbAPsGowbz6vxLo7A9AYJzFMkgvsMQAm9vw0oLSfqNfruq
	iWwUFDMkOfoMUhE2haY4iVBdE88X2OoJa6V/bxSE6xdTOOKLS7sg5hJw7fsRKyIq++k+
	DSvdpNZaUufRQ1PjKzfa9wA6oSyGMCupAa/xJDXvntMcZHJk1Y7ifQ2MZuyLeljEp86Q
	3Klw==
X-Gm-Message-State: 
 ALoCoQnUR0YCJgESh6DSTOYbLom3SJ+EKIezV4WC7NoSs41Gjd7cFpf+iU4Ytoq/DfF93rkXi5RR
X-Received: by 10.194.222.230 with SMTP id qp6mr4623853wjc.23.1407937729933;
	Wed, 13 Aug 2014 06:48:49 -0700 (PDT)
Received: from localhost ([2001:470:6973:2:6493:b95b:a90e:3bcb])
	by mx.google.com with ESMTPSA id
	lh15sm8667912wic.10.2014.08.13.06.48.48 for <multiple recipients>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Wed, 13 Aug 2014 06:48:49 -0700 (PDT)
From: Andy Whitcroft <apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [trusty 4/4] mnt: Change the default remount atime from relatime to
	the existing value
Date: Wed, 13 Aug 2014 14:48:38 +0100
Message-Id: <1407937718-9362-5-git-send-email-apw@canonical.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1407937718-9362-1-git-send-email-apw@canonical.com>
References: <1407937718-9362-1-git-send-email-apw@canonical.com>
Cc: Andy Whitcroft <apw@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: "Eric W. Biederman" <ebiederm@xmission.com>

Since March 2009 the kernel has treated the state that if no
MS_..ATIME flags are passed then the kernel defaults to relatime.

Defaulting to relatime instead of the existing atime state during a
remount is silly, and causes problems in practice for people who don't
specify any MS_...ATIME flags and to get the default filesystem atime
setting.  Those users may encounter a permission error because the
default atime setting does not work.

A default that does not work and causes permission problems is
ridiculous, so preserve the existing value to have a default
atime setting that is always guaranteed to work.

Using the default atime setting in this way is particularly
interesting for applications built to run in restricted userspace
environments without /proc mounted, as the existing atime mount
options of a filesystem can not be read from /proc/mounts.

In practice this fixes user space that uses the default atime
setting on remount that are broken by the permission checks
keeping less privileged users from changing more privileged users
atime settings.

Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

(cherry picked from commit ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e)
CVE-2014-5207
BugLink: http://bugs.launchpad.net/bugs/1356323
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 fs/namespace.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index 430301f..7789c20 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2493,6 +2493,14 @@ long do_mount(const char *dev_name, const char *dir_name,
 	if (flags & MS_RDONLY)
 		mnt_flags |= MNT_READONLY;
 
+	/* The default atime for remount is preservation */
+	if ((flags & MS_REMOUNT) &&
+	    ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
+		       MS_STRICTATIME)) == 0)) {
+		mnt_flags &= ~MNT_ATIME_MASK;
+		mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
+	}
+
 	flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
 		   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
 		   MS_STRICTATIME);