From: Greg KH <gregkh@linuxfoundation.org>
To: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>
Cc: stable@vger.kernel.org, Vivek Goyal <vgoyal@redhat.com>,
Miklos Szeredi <mszeredi@redhat.com>,
akaher@vmware.com, srinidhir@vmware.com, bvikas@vmware.com,
amakhalov@vmware.com, srivatsab@vmware.com
Subject: Re: [4.4.y PATCH 1/4] ovl: modify ovl_permission() to do checks on two inodes
Date: Mon, 1 Jul 2019 17:23:27 +0200 [thread overview]
Message-ID: <20190701152327.GC28557@kroah.com> (raw)
In-Reply-To: <156174754838.35226.13171581960350534112.stgit@srivatsa-ubuntu>
On Fri, Jun 28, 2019 at 11:45:58AM -0700, Srivatsa S. Bhat wrote:
> From: Vivek Goyal <vgoyal@redhat.com>
>
> commit c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 upstream.
>
> Right now ovl_permission() calls __inode_permission(realinode), to do
> permission checks on real inode and no checks are done on overlay inode.
>
> Modify it to do checks both on overlay inode as well as underlying inode.
> Checks on overlay inode will be done with the creds of calling task while
> checks on underlying inode will be done with the creds of mounter.
>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> [ Srivatsa: 4.4.y backport:
> - Skipped the hunk modifying non-existent function ovl_get_acl()
> - Adjusted the error path
> - Included linux/cred.h to get prototype for revert_creds() ]
> Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>
Applied, thanks.
greg k-h
next prev parent reply other threads:[~2019-07-01 15:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-28 18:45 [4.4.y PATCH 0/4] Backported fixes for 4.4 stable tree Srivatsa S. Bhat
2019-06-28 18:45 ` [4.4.y PATCH 1/4] ovl: modify ovl_permission() to do checks on two inodes Srivatsa S. Bhat
2019-07-01 15:23 ` Greg KH [this message]
2019-06-28 18:46 ` [4.4.y PATCH 2/4] KVM: X86: Fix scan ioapic use-before-initialization Srivatsa S. Bhat
2019-07-01 15:23 ` Greg KH
2019-06-28 18:46 ` [4.4.y PATCH 3/4] ip_sockglue: Fix missing-check bug in ip_ra_control() Srivatsa S. Bhat
2019-06-28 18:46 ` [4.4.y PATCH 4/4] ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() Srivatsa S. Bhat
2019-07-01 15:32 ` [4.4.y PATCH 0/4] Backported fixes for 4.4 stable tree Vivek Goyal
2019-07-09 0:09 ` Srivatsa S. Bhat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190701152327.GC28557@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=akaher@vmware.com \
--cc=amakhalov@vmware.com \
--cc=bvikas@vmware.com \
--cc=mszeredi@redhat.com \
--cc=srinidhir@vmware.com \
--cc=srivatsa@csail.mit.edu \
--cc=srivatsab@vmware.com \
--cc=stable@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.