From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:38704 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752199AbdGCH6I (ORCPT ); Mon, 3 Jul 2017 03:58:08 -0400 Subject: Patch "ovl: copy-up: don't unlock between lookup and link" has been added to the 4.11-stable tree To: mszeredi@redhat.com, gregkh@linuxfoundation.org Cc: , From: Date: Mon, 03 Jul 2017 09:57:55 +0200 Message-ID: <1499068675255128@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled ovl: copy-up: don't unlock between lookup and link to the 4.11-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ovl-copy-up-don-t-unlock-between-lookup-and-link.patch and it can be found in the queue-4.11 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From e85f82ff9b8ef503923a3be8ca6b5fd1908a7f3f Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 28 Jun 2017 13:41:22 +0200 Subject: ovl: copy-up: don't unlock between lookup and link From: Miklos Szeredi commit e85f82ff9b8ef503923a3be8ca6b5fd1908a7f3f upstream. Nothing prevents mischief on upper layer while we are busy copying up the data. Move the lookup right before the looked up dentry is actually used. Signed-off-by: Miklos Szeredi Fixes: 01ad3eb8a073 ("ovl: concurrent copy up of regular files") Signed-off-by: Greg Kroah-Hartman --- fs/overlayfs/copy_up.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -252,15 +252,9 @@ static int ovl_copy_up_locked(struct den .link = link }; - upper = lookup_one_len(dentry->d_name.name, upperdir, - dentry->d_name.len); - err = PTR_ERR(upper); - if (IS_ERR(upper)) - goto out; - err = security_inode_copy_up(dentry, &new_creds); if (err < 0) - goto out1; + goto out; if (new_creds) old_creds = override_creds(new_creds); @@ -284,7 +278,7 @@ static int ovl_copy_up_locked(struct den } if (err) - goto out2; + goto out; if (S_ISREG(stat->mode)) { struct path upperpath; @@ -317,6 +311,14 @@ static int ovl_copy_up_locked(struct den if (err) goto out_cleanup; + upper = lookup_one_len(dentry->d_name.name, upperdir, + dentry->d_name.len); + if (IS_ERR(upper)) { + err = PTR_ERR(upper); + upper = NULL; + goto out_cleanup; + } + if (tmpfile) err = ovl_do_link(temp, udir, upper, true); else @@ -330,17 +332,15 @@ static int ovl_copy_up_locked(struct den /* Restore timestamps on parent (best effort) */ ovl_set_timestamps(upperdir, pstat); -out2: +out: dput(temp); -out1: dput(upper); -out: return err; out_cleanup: if (!tmpfile) ovl_cleanup(wdir, temp); - goto out2; + goto out; } /* Patches currently in stable-queue which might be from mszeredi@redhat.com are queue-4.11/ovl-copy-up-don-t-unlock-between-lookup-and-link.patch