Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp909699imu;
        Mon, 5 Nov 2018 10:36:18 -0800 (PST)
X-Google-Smtp-Source: AJdET5dkVjm91zEkUebLb5/8y97hn9VkfAGvNTq6r0mqnuDtAhuKA5rIwHHa0NWseAB9xfuOdopZ
X-Received: by 2002:a62:12d0:: with SMTP id 77-v6mr23306730pfs.140.1541442978616;
        Mon, 05 Nov 2018 10:36:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1541442978; cv=none;
        d=google.com; s=arc-20160816;
        b=EXJdg0Vb/dgx5ev9jPC/P9X8y53kws+w0CWn3WVwgQo88hTpRaTjiebjyUTRwkr8y6
         gLV9JM4P8+q7avZ827WwKekA3798VO8X+7GIn6gyg7hOnA5bntZf8nNuHX5oKsunTctD
         NU4jm5lA8nZZMLfG+zlVVPNLeffRkPtMCF1LorbtSNMogGDJkvHsPKO2vEaE+Vkojeeu
         EDRAbKCYjqa/85MgBDAFo5DNTygooSnc4nrTTWh1HKuInlIQjTamXxjG5h1LJHxLxLms
         YMEMNCHqe8BlGu/GO4+/BiQYXnO/6D5jGPzpuMEVIWhs2i2lJ+cqzTAXHUlVwibgmWgu
         CsxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=rw7yZs/KZ/2L+MwKTyvYUljc1s+TO7g8Kd7LxC69Y8s=;
        b=YRYTWmtbcSEsUzSiBcmT6phqWk0l9GmTct5MiC4EvsZVK/mplXU5wZkLKsR2qRsiBE
         x1SyNFE6SImfXXe2fPbbs6B30XrM3b/MMpL7D07gTsCQ70ORhueZOzi+mawjufztou3k
         j5FTjza6bEgy6x+F8GsRD/mGvP2tZivz+Dsx2HXVNFtYJePDIpSXLmu0pb31eP2Pd/F6
         fRdqKZNIK8WrXfIKEA9R3ABRm33I9QEebRufYND0br+qCYsVrZ7mR7P+cFxSLT7o2rZb
         uzR7DTGYBv4l1dLmYm+/bpb2M5n4h+gPBWVb62FmNxaEnb6k5LgBZlgZCNNLsSP2pPIg
         IaNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=SbtCH6Z9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s22-v6si3649751plp.201.2018.11.05.10.36.02;
        Mon, 05 Nov 2018 10:36:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=SbtCH6Z9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387788AbeKFD41 (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 5 Nov 2018 22:56:27 -0500
Received: from mail-yb1-f194.google.com ([209.85.219.194]:44881 "EHLO
        mail-yb1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387702AbeKFD41 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Nov 2018 22:56:27 -0500
Received: by mail-yb1-f194.google.com with SMTP id p144-v6so4212660yba.11;
        Mon, 05 Nov 2018 10:35:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=rw7yZs/KZ/2L+MwKTyvYUljc1s+TO7g8Kd7LxC69Y8s=;
        b=SbtCH6Z9yRPE4TQJ22VsEMhGVhEjdS0ew6byvQoQgBEAm1+Q0MA6VyET8YNUglSoxU
         xugYFFJqQXmkAoknHo2Pk80Iqb9cpfa8v7rg3y5O7BGjDownj0UgV3ch1wRjoACBM4Wk
         8e1dFohSwJByb7uHaApAayfOAZKi39O5XPXtFFYcIO13xQlIrEx1ic9AUTCwGPxPxxqc
         AKtsQQ4+WAyxCSrpBGxI/1gjgHXN1W8rZ+ZVZdz1B4zRJ6OhAM80cayK9qnj69g1sAmc
         Zbs2MJpYd7i+Zu0ANEm0hsEgVGm0WSnim/bCPLmm5kqQCQ9GCMKjGFtZeZPtdYP7V4AP
         LuFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=rw7yZs/KZ/2L+MwKTyvYUljc1s+TO7g8Kd7LxC69Y8s=;
        b=VilMEkEp7PlvlvPGjBA/sSjXYCKkMKMA5r4aFzBDoKJZsNydIJM+F1F0pfe8qRYvRO
         sEUz99ipcpfq9rQiCX2Yz0RFxIGC0O5cDn2eHUm3b838F7xqqiWRQHs1MXqmvOMbchQP
         Y3ejUjRj92TTr1i7yFwnpiITUgJAHtFQRhFwyXECk036RxyqkpdvPoOnIZoXOcgTmmkL
         ZCBRVMxkQ0hPjnPFguHjnbNpX77rZcg53mOgFWceQvPCEO0Iv00H1kiux12krCADlJCa
         GzqNbK6DJ54raMaQVihCMFZD2UD2pDH71qm61IicGlxqy4u9TSpfUkrypPgnF5dU/78u
         Ckhw==
X-Gm-Message-State: AGRZ1gKTUCKpr1alEcbAW51KEd5yfMuOqFyzgo8S+d1FWEvtTh5ZEG0Y
        W9BZub20DwPS2muAiwMhzQ5ISF1p9lnvgk0HbGU=
X-Received: by 2002:a25:b002:: with SMTP id q2-v6mr2373648ybf.397.1541442929228;
 Mon, 05 Nov 2018 10:35:29 -0800 (PST)
MIME-Version: 1.0
References: <20181105182146.233025-1-salyzyn@android.com> <20181105182146.233025-2-salyzyn@android.com>
In-Reply-To: <20181105182146.233025-2-salyzyn@android.com>
From:   Amir Goldstein <amir73il@gmail.com>
Date:   Mon, 5 Nov 2018 20:35:17 +0200
Message-ID: <CAOQ4uxi_hY4UnGJhr83gfsrKEkK6pgi1OHv8L7p8GvRvR4tF6A@mail.gmail.com>
Subject: Re: [PATCH v6 1/2] overlayfs: check CAP_DAC_READ_SEARCH before
 issuing exportfs_decode_fh
To:     Mark Salyzyn <salyzyn@android.com>
Cc:     linux-kernel <linux-kernel@vger.kernel.org>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Jonathan Corbet <corbet@lwn.net>,
        Vivek Goyal <vgoyal@redhat.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        overlayfs <linux-unionfs@vger.kernel.org>,
        linux-doc@vger.kernel.org, kernel-team@android.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn <salyzyn@android.com> wrote:
>
> Assumption never checked, should fail if the mounter creds are not
> sufficient.
>
> Signed-off-by: Mark Salyzyn <salyzyn@android.com>
> Cc: Miklos Szeredi <miklos@szeredi.hu>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: Vivek Goyal <vgoyal@redhat.com>
> Cc: Eric W. Biederman <ebiederm@xmission.com>
> Cc: Amir Goldstein <amir73il@gmail.com>
> Cc: Randy Dunlap <rdunlap@infradead.org>
> Cc: Stephen Smalley <sds@tycho.nsa.gov>
> Cc: linux-unionfs@vger.kernel.org
> Cc: linux-doc@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: kernel-team@android.com
>
> v5:
> - dependency of "overlayfs: override_creds=off option bypass creator_cred"
>
> v6:
> - rebase

1. rebase onto which branch? doesn't look like the right one
2. pls keep patch revision outside of commit message
    you can put it after --- line
3. revisions are usually ordered latest on the top

> ---
>  fs/overlayfs/namei.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
> index efd372312ef1..aa012b6bd46e 100644
> --- a/fs/overlayfs/namei.c
> +++ b/fs/overlayfs/namei.c
> @@ -163,6 +163,11 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
>         if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
>                 return NULL;
>
> +       if (!capable(CAP_DAC_READ_SEARCH)) {
> +               origin = ERR_PTR(-EPERM);
> +               goto out;

I have a deja vu
there is no out label in this function in upstream kernel
you must post patches that are applies and tested on upstream kernel

Thanks,
Amir.

> +       }
> +
>         bytes = (fh->len - offsetof(struct ovl_fh, fid));
>         real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
>                                   bytes >> 2, (int)fh->type,
> --
> 2.19.1.930.g4563a0d9d0-goog
>