[PATCH AUTOSEL 5.10 11/36] ovl: perform vfs_getxattr() with mounter creds

Sasha Levin Mon, 08 Feb 2021 11:19:16 -0800

From: Miklos Szeredi <mszer...@redhat.com>

[ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ]


The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr
exist on a lower layer file that is to be removed.  If the xattr does not
exist, then no need to copy up the file.

This call of vfs_getxattr() wasn't wrapped in credential override, and this
is probably okay.  But for consitency wrap this instance as well.

Reported-by: "Eric W. Biederman" <ebied...@xmission.com>
Signed-off-by: Miklos Szeredi <mszer...@redhat.com>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 fs/overlayfs/inode.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index b584dca845baa..4fadafd8bdc12 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -346,7 +346,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode 
*inode, const char *name,
                goto out;
 
        if (!value && !upperdentry) {
+               old_cred = ovl_override_creds(dentry->d_sb);
                err = vfs_getxattr(realdentry, name, NULL, 0);
+               revert_creds(old_cred);
                if (err < 0)
                        goto out_drop_write;
        }
-- 
2.27.0

[PATCH AUTOSEL 5.10 11/36] ovl: perform vfs_getxattr() with mounter creds

Reply via email to