Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1073407imu;
        Mon, 5 Nov 2018 13:23:16 -0800 (PST)
X-Google-Smtp-Source: AJdET5dxlp6FJLuAV28bDdMN91O6mNNl8VSFOeL0Cipc4m05+d3/QUtnvPJA0kypAerp0/D5IMZK
X-Received: by 2002:a63:1321:: with SMTP id i33mr5177686pgl.380.1541452996621;
        Mon, 05 Nov 2018 13:23:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1541452996; cv=none;
        d=google.com; s=arc-20160816;
        b=X4imZQbQJ9Q5KpT53cyB9LF+zLt9DLw4s6XRtaoWo478d1AYK3Y+Auvsq8fdlSXgrm
         cQkdA9U7eIdB27zi/NpKhv/t7E7csbSsW6Bvd7pOSBtToOEqhohAw9+CoSEE4Wdko50+
         XHHA2i72rt8SCxj1Ujou+wSR6plTRbaQemK3Ubg4nZt+m18ZQGcT43DtdAjV+AoAhKyE
         WIM8STBNv8cOShbpPsjub8DRGNeTuoH48TwkeIkF+kG9sYwJ82nIPiJtAZAZ+3dE712W
         caTfan5G0DzXdfhVB7UkKnY0rgjgyE5joHCXAzF+IoTD0n23H79eiOYhBnfpoNS1HyEx
         Lwyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=58heNhsNd2Ed5ZPyDRr/AVayIH7BTABiyfQZIUkpBPc=;
        b=R32fpA87u4qnjgPI5KDpsac7lh3INZGLRPqctF6kh6vksLb2ZzmvgT69VirBkxIoA1
         8ubXNd+7lyz5N1KviJNCkY/X020EtN1c8IKAVyqy83gCPNfE5ysTTV++q0xHIjndXero
         y8Z+DvH263N1DpZBFEcy8YXkvoxirIUEsk5+2SQoIQAue2d4VTXsHkRERxQaZTTy7sjT
         0ivIZgAvtMtRi4xw3NAdDltj8pkCkxzuYqJi/ifkxNe93HnMfVxBZVdITelOtFyTuRbZ
         1NRPVqHCRZvNcz/ZGMW/oOVlxnkPjGdJuF/Wwu8rE/v7+cFJGAGtd1l/89bgL32G4z8N
         A3Kw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@android.com header.s=20161025 header.b=b3VHmN+k;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=android.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h20si7235422pgm.366.2018.11.05.13.23.00;
        Mon, 05 Nov 2018 13:23:16 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@android.com header.s=20161025 header.b=b3VHmN+k;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=android.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387868AbeKFGnE (ORCPT <rfc822;epopevad@gmail.com> + 99 others);
        Tue, 6 Nov 2018 01:43:04 -0500
Received: from mail-pg1-f196.google.com ([209.85.215.196]:38824 "EHLO
        mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387833AbeKFGnE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Nov 2018 01:43:04 -0500
Received: by mail-pg1-f196.google.com with SMTP id f8-v6so4798856pgq.5
        for <linux-kernel@vger.kernel.org>; Mon, 05 Nov 2018 13:21:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=android.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=58heNhsNd2Ed5ZPyDRr/AVayIH7BTABiyfQZIUkpBPc=;
        b=b3VHmN+kB7Kq0VgoM+iUwfJb88ue4iMq0KjRTL7DKS+DbMYy2MbFxbYnJTmS3hMtOw
         2ebjs3BKCEELHkkZSAKSLSi0b7r34dF5w1wxEyFhUFGVdi1UcFeWYEhVZlmHIYI2vYjC
         ReiKhh906n55AFOo0VZikqYiKpqRVD25NqfWBZ9It5Mw8qrDweim4L1A/CpD1WlNCPRf
         4jp3eUhF2hFbLvkyJQJGyBxAK6BRPxBM0LJwMfErvQoyKh3nrV5y9qWS96V1L9di1USf
         0ESC7BiCDeylpdl7TPxoG9LLFkGhEyOi1RRY52V28BktInVWHNBDsAsyDXLbcB+vVCdj
         EAJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=58heNhsNd2Ed5ZPyDRr/AVayIH7BTABiyfQZIUkpBPc=;
        b=Da7YW22TMz6dEy+NvkhGr4XepeXMNxDYZpaOi3XSJKoA/6kvQsx3Kl0WrJg2Lo8qQT
         ivj0USFLBeo/4E3Vsmf4duQX2Y6tK9vJudLzUj6XfMTMxmqe1Vo11wkACncEbzBZwsDk
         oNST1F8hWI12VlQ/capZjGXR4y+hQ/5iJfNuCw0z9KO7g+XzfSW2ugBaBhiAEgtvlhTp
         wF5507k+skGZGrLs1WdQACNtLkTbWgkp+M93D9v1S/je1DMwdj38n5jWMgQkHhyUcmxL
         nHrsqE/qIDaWJgLOd74GmmURwUgVyjSW5mpc0pXMnuETCLdnh4XxIFxoPXLYynz1xBBX
         uS/w==
X-Gm-Message-State: AGRZ1gJ5ZI9oehzV0LgKPcB+NSjs/Os/ZUgsJJNfj+EsgBKBqdCrQGXy
        0gbCLok0p4ybJsDUipaABJV8KgeSmb8=
X-Received: by 2002:a63:cd17:: with SMTP id i23mr21532644pgg.13.1541452885688;
        Mon, 05 Nov 2018 13:21:25 -0800 (PST)
Received: from nebulus.mtv.corp.google.com ([2620:0:1000:1612:b4fb:6752:f21f:3502])
        by smtp.gmail.com with ESMTPSA id l72-v6sm15182369pfi.149.2018.11.05.13.21.24
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 05 Nov 2018 13:21:24 -0800 (PST)
From:   Mark Salyzyn <salyzyn@android.com>
To:     linux-kernel@vger.kernel.org
Cc:     Mark Salyzyn <salyzyn@android.com>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Jonathan Corbet <corbet@lwn.net>,
        Vivek Goyal <vgoyal@redhat.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        Amir Goldstein <amir73il@gmail.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        linux-unionfs@vger.kernel.org, linux-doc@vger.kernel.org,
        kernel-team@android.com
Subject: [PATCH v7 1/2] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
Date:   Mon,  5 Nov 2018 13:21:13 -0800
Message-Id: <20181105212117.135347-1-salyzyn@android.com>
X-Mailer: git-send-email 2.19.1.930.g4563a0d9d0-goog
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Assumption never checked, should fail if the mounter creds are not
sufficient.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-unionfs@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
---
v7:
- This time for realz

v6:
- rebase

v5:
- dependency of "overlayfs: override_creds=off option bypass creator_cred"

 fs/overlayfs/namei.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index efd372312ef1..3ac9dc8f6cc0 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -163,6 +163,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
 	if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
 		return NULL;
 
+	if (!capable(CAP_DAC_READ_SEARCH))
+		return ERR_PTR(-EPERM);
+
 	bytes = (fh->len - offsetof(struct ovl_fh, fid));
 	real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
 				  bytes >> 2, (int)fh->type,
-- 
2.19.1.930.g4563a0d9d0-goog