Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp878949yba; Wed, 24 Apr 2019 11:04:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqyoT/Sx++My53P+pEDgaRmnwli6BHAYPht2OGQ90bG5eMtOmcY03KPsmsxqm2dMHg9wYkbu X-Received: by 2002:a62:e501:: with SMTP id n1mr3145575pff.17.1556129090595; Wed, 24 Apr 2019 11:04:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556129090; cv=none; d=google.com; s=arc-20160816; b=v3km3lVXXVyxUENwQ3sXBe8c9+OKATDiZTG+/yfW/dQj7Bo6ZsDzjB3dfvCS8lXjfn yVAAvTs3LdbKBg4PYZkL/+FrAYNdxr/fLbc5PzRjzmYOasq1Pvy77V8FMeDH96iPn9Ai AzZ20/fE025GSDgVGCGsNk10+6XSyS8c611YKAiG9Fr5vFHLkZbiiBA45Seev7ODIROy XjWBpJTrhjNRYe3NEH+ATt7wZXWf2r8sJ57c2Y/J6nmNUvZFf0boy8luyw2MKpjuXvDv MCMBZxlrLApn+FiMuNo4B9/m84uV7wMQ+Uz9PKPIqf3Cu4iY1wcR7TUMepoEp5kNNi2V THtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WRA8jQ0oddL8LuKTLuMRTYkVpZxHHq0xpicrMdB5T+c=; b=Yf75De/a0v7ihmKl675T04owAPEuZH0fhEXz22XHsuNywANgu9r//gnVoyc2vvRapK dK0sD4xGgOwIIC6o7GsrBig2xlSlUWm3rf77XcwhN626S6bxncqSU2sV4JAH6hBZt48W vozqwY59zLdOXt8zWxgLJtND2CxSu24XSn3XObniOznty4qX6IdiupVU3wbtKbiCiKSy 8FbLXXlA/pFZm+VxTuc/oFS3qMjn3+ad8A8MP7pevxqCnImJhf+iJgFVWKjNz43pxFBO mR2rZw6KQ1kCibhqBrE5XThIti3MEfWKmPlnuQjY5OiK10jz+3TjrJ3iNDyeAII8Xveh hU9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZvJ+6cMU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t18si5432274plr.71.2019.04.24.11.04.35; Wed, 24 Apr 2019 11:04:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZvJ+6cMU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389542AbfDXSBf (ORCPT + 99 others); Wed, 24 Apr 2019 14:01:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:47510 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389473AbfDXRWA (ORCPT ); Wed, 24 Apr 2019 13:22:00 -0400 Received: from localhost (62-193-50-229.as16211.net [62.193.50.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 54A0C20835; Wed, 24 Apr 2019 17:21:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556126519; bh=ml0S4Iuy8sZWzos0nWe01WIqHpo2tudPhIS0AgZL+T8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZvJ+6cMUMp8eZedyC/LYzLN0BN/RivAZdl4L+OR3Qo/PADFtVxxd9QHpXvUgFB8+k DTNISToSyRTg0qKhLPRmYpSMF0RipfpLEOGjjEAeiUiBltLtQLbJZhxYfIMhDj63su UwFbXQCEA7n7s9J9TvLnbgJDwD1OanHkCj5a4o78= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Smalley , Miklos Szeredi , "Sasha Levin (Microsoft)" Subject: [PATCH 4.4 135/168] ovl: fix uid/gid when creating over whiteout Date: Wed, 24 Apr 2019 19:09:39 +0200 Message-Id: <20190424170931.278773930@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190424170923.452349382@linuxfoundation.org> References: <20190424170923.452349382@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0 ] Fix a regression when creating a file over a whiteout. The new file/directory needs to use the current fsuid/fsgid, not the ones from the mounter's credentials. The refcounting is a bit tricky: prepare_creds() sets an original refcount, override_creds() gets one more, which revert_cred() drops. So 1) we need to expicitly put the mounter's credentials when overriding with the updated one 2) we need to put the original ref to the updated creds (and this can safely be done before revert_creds(), since we'll still have the ref from override_creds()). Reported-by: Stephen Smalley Fixes: 3fe6e52f0626 ("ovl: override creds with the ones from the superblock mounter") Signed-off-by: Miklos Szeredi Signed-off-by: Sasha Levin (Microsoft) --- fs/overlayfs/dir.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index f8aa54272121..eedacae889b9 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -408,12 +408,21 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev, err = ovl_create_upper(dentry, inode, &stat, link, hardlink); } else { const struct cred *old_cred; + struct cred *override_cred; old_cred = ovl_override_creds(dentry->d_sb); - err = ovl_create_over_whiteout(dentry, inode, &stat, link, - hardlink); + err = -ENOMEM; + override_cred = prepare_creds(); + if (override_cred) { + override_cred->fsuid = old_cred->fsuid; + override_cred->fsgid = old_cred->fsgid; + put_cred(override_creds(override_cred)); + put_cred(override_cred); + err = ovl_create_over_whiteout(dentry, inode, &stat, + link, hardlink); + } revert_creds(old_cred); } -- 2.19.1