From: Vivek Goyal <vgoyal@redhat.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
overlayfs <linux-unionfs@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2] ovl: untangle copy up call chain
Date: Thu, 25 Oct 2018 09:38:40 -0400 [thread overview]
Message-ID: <20181025133840.GD20565@redhat.com> (raw)
In-Reply-To: <CAJfpegtGtYWbOvVZcobOO_d1OO6GhYEqE=u3OCEG2Cbsm34Eqw@mail.gmail.com>
On Thu, Oct 25, 2018 at 02:44:15PM +0200, Miklos Szeredi wrote:
[..]
> > -static struct dentry *ovl_get_tmpfile(struct ovl_copy_up_ctx *c)
> > +static struct dentry *ovl_get_workdir_temp(struct ovl_copy_up_ctx *c)
> > {
> > int err;
> > struct dentry *temp;
> > @@ -484,10 +510,32 @@ static struct dentry *ovl_get_tmpfile(struct ovl_copy_up_ctx *c)
> > if (new_creds)
> > old_creds = override_creds(new_creds);
> >
> > - if (c->tmpfile)
> > - temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
> > - else
> > - temp = ovl_create_temp(c->workdir, &cattr);
> > + temp = ovl_create_temp(c->workdir, &cattr);
> > +out:
> > + if (new_creds) {
> > + revert_creds(old_creds);
>
> Not new in this patch, but it looks like this will Oops if old_creds
> is NULL, which happens if security_inode_copy_up() returns an error.
>
If security_inode_copy_up() fails, then new_creds will be null too. And
in that case we will never call revert_creds(old_creds)?
IOW, new_creds should be returned by security_inode_copy_up() only if
it succeeds. Otherwise new_creds should be left untouched by hook.
> Trivial to fix, but I'm not sure we need the put_cred(new_creds) in
> the failed security_inode_copy_up() case. Vivek, do you remember the
> reason for this error cleanup?
Same, In case of failure, new_creds should be NULL and we will never
call put_cred(new_creds).
So I can't see the bug. What am I missing?
Thanks
Vivek
prev parent reply other threads:[~2018-10-25 13:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-08 4:25 [PATCH v2] ovl: untangle copy up call chain Amir Goldstein
2018-10-25 12:44 ` Miklos Szeredi
2018-10-25 12:54 ` Amir Goldstein
2018-10-25 12:59 ` Miklos Szeredi
2018-10-25 13:38 ` Vivek Goyal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181025133840.GD20565@redhat.com \
--to=vgoyal@redhat.com \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.