futex: Fix potential use-after-free in FUTEX_REQUEUE_PI

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / groups.c

diff --git a/kernel/groups.c b/kernel/groups.c
index 984bb629c68cfc1687bc2f84295016c170e7aeb0..67b4ba30475fbc2b902e5a6226aeac2d2aaa5803 100644 (file)
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -6,6 +6,7 @@
 #include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/syscalls.h>
+#include <linux/user_namespace.h>
 #include <asm/uaccess.h>
 
 /* init to 2 - one for init_task, one to ensure it is never freed */
@@ -227,7 +228,8 @@ bool may_setgroups(void)
 {
        struct user_namespace *user_ns = current_user_ns();
 
-       return ns_capable(user_ns, CAP_SETGID);
+       return ns_capable(user_ns, CAP_SETGID) &&
+               userns_may_setgroups(user_ns);
 }
 
 /*