Commit 3c811eb4 authored Mar 25, 2025 by Christian Brauner Committed by Liu Kai Mar 25, 2025

acct: block access to kernel internal filesystems

stable inclusion
from stable-v6.6.80
commit 28d23f1351b2c9846daf37b5415163bc37123e99
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBSW0O
CVE: CVE-2025-21846

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=28d23f1351b2c9846daf37b5415163bc37123e99

--------------------------------

commit 890ed45bde808c422c3c27d3285fc45affa0f930 upstream.

There's no point in allowing anything kernel internal nor procfs or
sysfs.

Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
Link: https://lore.kernel.org/r/20250211-work-acct-v1-2-1c16aecab8b3@kernel.org


Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reported-by: Zicheng Qu <quzicheng@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Liu Kai <liukai284@huawei.com>

parent bd5d8868

kernel/acct.c

+14 −0

Original line number	Diff line number	Diff line
		@@ -244,6 +244,20 @@ static int acct_on(struct filename *pathname)
		return -EACCES;
		}

		/* Exclude kernel kernel internal filesystems. */
		if (file_inode(file)->i_sb->s_flags & (SB_NOUSER \| SB_KERNMOUNT)) {
		kfree(acct);
		filp_close(file, NULL);
		return -EINVAL;
		}

		/* Exclude procfs and sysfs. */
		if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
		kfree(acct);
		filp_close(file, NULL);
		return -EINVAL;
		}

		if (!(file->f_mode & FMODE_CAN_WRITE)) {
		kfree(acct);
		filp_close(file, NULL);