Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2890136pxb; Tue, 19 Jan 2021 08:28:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJyAFTsmUKcS7MACKyGmKmeIP1DN4f1dzj69FFpAX3Ml1L2vQHQ67oXYuSYwxKBSTeMmg7jP X-Received: by 2002:a05:6402:26c9:: with SMTP id x9mr4087235edd.365.1611073684275; Tue, 19 Jan 2021 08:28:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611073684; cv=none; d=google.com; s=arc-20160816; b=sHe2FoToagDZslROdLWHE9ojBw0XdBSMLZ3sJAshMIDQB0B0AX/ZjE3zNBkDL74B3U /TeAz4GUzy3Hbv72GNlSsEWBBSLox12wV1/3VZPdlG1YMiuR2g2NxXl4Mwf7g4UgE6aI g+9nATqCj10r8qvC6x3Aewyc4GQeYGC+jj1rOw7gNg+oD7waDnoMk0begID/GJVcTxEj GlfBW44yCOmRNiuDs1UcsJQY7VhHzIFOrVRCfPUE6SitCzNJPOyBIy1/LXA2Rq5QO6Rx lw6jlM102YB4Miat/FgFI5wBYiWRd7XEZNcXKoGWpMgVoSNjK+UMBMFqUCTe43CgKDKS Tm1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=e0d34g0cQgU3pUUMcwk4mh+TGyc8uh3BJ8u4e70DhUc=; b=Q2ifiKGeore5CcNYtH2sS/wX71+mNUOvifM9lLGy4v5GXM7nkYWCUHxUpZSLkZvCyv RiiIUpxeS7LcVlNrK8qZCcW9BGbYPkEwufMbQHkLavdT6z/Jyl+MzG1xKMjKY6n+8aD7 ESdujdL9eKqja9JRYStzlyTqdQKAKC9LU3mkoR1kbsWKdVv21FJHYHNLnVUnZFtmmxy8 Juwtgw4stkoPRhk62by05+rldbMwebqe7ntW6Bod7pSuUB/JcJCfWTzhUBepSCC1qrnV aE88PGGboZioVSzOmwAKK1abZN2EKAvNBoY5R1ffTMIS3cWUiQ897LmVk3+x5qe3y0X6 ldmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IUYlsU1V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x22si2785572ejv.202.2021.01.19.08.27.37; Tue, 19 Jan 2021 08:28:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IUYlsU1V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730714AbhASQZ1 (ORCPT + 99 others); Tue, 19 Jan 2021 11:25:27 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26097 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731536AbhASQXl (ORCPT ); Tue, 19 Jan 2021 11:23:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611073333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e0d34g0cQgU3pUUMcwk4mh+TGyc8uh3BJ8u4e70DhUc=; b=IUYlsU1V9oJTjDGvC27Kw/THljz9Yef6xx1nT/7VC5goYHf3wv+gHnPTZNCA/8qAGa0tPA 376Ge2xyyabGiOE2c/UrhFdY7dR81WINtlM+kQy7TNOX4ITLgPsVKB5OKAYc08cTyz6WN/ 9XkJrkFFlinn8RrzUveFok2qE/SmUK0= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-375-CUL3zIEPPK2EvUR2TC5C8Q-1; Tue, 19 Jan 2021 11:22:10 -0500 X-MC-Unique: CUL3zIEPPK2EvUR2TC5C8Q-1 Received: by mail-ed1-f69.google.com with SMTP id w4so5904876edu.0 for ; Tue, 19 Jan 2021 08:22:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=e0d34g0cQgU3pUUMcwk4mh+TGyc8uh3BJ8u4e70DhUc=; b=DFUNDM2H2/8v8rdFeyib2s7Dc7mZyAtzuo6RhOVTmD1Ni3sK3kOMaRxUY7vqHU79kn 0lXZyJFq6Yf9jD4Qu8+nrP/bI8jA9BLJGQjMdCv8WfDjpc8gpDuXVod5W3xe5iR2PSjL COH1o8XndjfO9Q6zi/Rxg1ysUmlwSZR6h38YS9vRKrRYsMSSRp4d3bNXiiax98j0FWUg 2SOhLQMFPgS3LqY6tjCc5Z+U9Urun/KVkyZMVtCg5m1hmWHFl8xQNRDJDdfJFH9N9Y3z 7qKxrhonBWMAzv5V4O1E1Q8oQDcitI4fSRwWjUiK6Nk4+KiBIWjNoRbITWu7IPRIeTeB LYAg== X-Gm-Message-State: AOAM532YUNL/kyVWzXMzFO/JIkkkjgbxElAsl2lN/KBobRwWTsZrj/UX 9JbPX7MMew2G/JcH0pSOP13cAyzdU4fDzwHtzJYvOj5xgtGxgWyBmk0jeO2jQbaJmALnMquXNVv fI/gh79Fho/ycxf/I/XsJX8sB X-Received: by 2002:a17:906:f18c:: with SMTP id gs12mr3548353ejb.422.1611073329718; Tue, 19 Jan 2021 08:22:09 -0800 (PST) X-Received: by 2002:a17:906:f18c:: with SMTP id gs12mr3548339ejb.422.1611073329537; Tue, 19 Jan 2021 08:22:09 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id f22sm2168066eje.34.2021.01.19.08.22.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Jan 2021 08:22:09 -0800 (PST) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, "Serge E . Hallyn" , Tyler Hicks Subject: [PATCH 1/2] ecryptfs: fix uid translation for setxattr on security.capability Date: Tue, 19 Jan 2021 17:22:03 +0100 Message-Id: <20210119162204.2081137-2-mszeredi@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210119162204.2081137-1-mszeredi@redhat.com> References: <20210119162204.2081137-1-mszeredi@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Prior to commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") the translation of nscap->rootid did not take stacked filesystems (overlayfs and ecryptfs) into account. That patch fixed the overlay case, but made the ecryptfs case worse. Restore old the behavior for ecryptfs that existed before the overlayfs fix. This does not fix ecryptfs's handling of complex user namespace setups, but it does make sure existing setups don't regress. Reported-by: Eric W. Biederman Cc: Tyler Hicks Fixes: 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") Signed-off-by: Miklos Szeredi --- fs/ecryptfs/inode.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index e23752d9a79f..58d0f7187997 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -1016,15 +1016,19 @@ ecryptfs_setxattr(struct dentry *dentry, struct inode *inode, { int rc; struct dentry *lower_dentry; + struct inode *lower_inode; lower_dentry = ecryptfs_dentry_to_lower(dentry); - if (!(d_inode(lower_dentry)->i_opflags & IOP_XATTR)) { + lower_inode = d_inode(lower_dentry); + if (!(lower_inode->i_opflags & IOP_XATTR)) { rc = -EOPNOTSUPP; goto out; } - rc = vfs_setxattr(lower_dentry, name, value, size, flags); + inode_lock(lower_inode); + rc = __vfs_setxattr_locked(lower_dentry, name, value, size, flags, NULL); + inode_unlock(lower_inode); if (!rc && inode) - fsstack_copy_attr_all(inode, d_inode(lower_dentry)); + fsstack_copy_attr_all(inode, lower_inode); out: return rc; } -- 2.26.2