From: Christian Brauner <brauner@kernel.org>
To: Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Christian Brauner <brauner@kernel.org>
Subject: [PATCH v2 14/42] ovl: port ovl_getattr() to cred guard
Date: Thu, 13 Nov 2025 17:37:19 +0100 [thread overview]
Message-ID: <20251113-work-ovl-cred-guard-v2-14-c08940095e90@kernel.org> (raw)
In-Reply-To: <20251113-work-ovl-cred-guard-v2-0-c08940095e90@kernel.org>
Use the scoped ovl cred guard.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/overlayfs/inode.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 7b28318b7f31..00e1a47116d4 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -151,13 +151,22 @@ static void ovl_map_dev_ino(struct dentry *dentry, struct kstat *stat, int fsid)
}
}
+static inline int ovl_real_getattr_nosec(struct super_block *sb,
+ const struct path *path,
+ struct kstat *stat, u32 request_mask,
+ unsigned int flags)
+{
+ with_ovl_creds(sb)
+ return vfs_getattr_nosec(path, stat, request_mask, flags);
+}
+
int ovl_getattr(struct mnt_idmap *idmap, const struct path *path,
struct kstat *stat, u32 request_mask, unsigned int flags)
{
struct dentry *dentry = path->dentry;
+ struct super_block *sb = dentry->d_sb;
enum ovl_path_type type;
struct path realpath;
- const struct cred *old_cred;
struct inode *inode = d_inode(dentry);
bool is_dir = S_ISDIR(inode->i_mode);
int fsid = 0;
@@ -167,10 +176,9 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path,
metacopy_blocks = ovl_is_metacopy_dentry(dentry);
type = ovl_path_real(dentry, &realpath);
- old_cred = ovl_override_creds(dentry->d_sb);
- err = vfs_getattr_nosec(&realpath, stat, request_mask, flags);
+ err = ovl_real_getattr_nosec(sb, &realpath, stat, request_mask, flags);
if (err)
- goto out;
+ return err;
/* Report the effective immutable/append-only STATX flags */
generic_fill_statx_attr(inode, stat);
@@ -193,10 +201,10 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path,
(!is_dir ? STATX_NLINK : 0);
ovl_path_lower(dentry, &realpath);
- err = vfs_getattr_nosec(&realpath, &lowerstat, lowermask,
- flags);
+ err = ovl_real_getattr_nosec(sb, &realpath, &lowerstat,
+ lowermask, flags);
if (err)
- goto out;
+ return err;
/*
* Lower hardlinks may be broken on copy up to different
@@ -246,10 +254,11 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path,
ovl_path_lowerdata(dentry, &realpath);
if (realpath.dentry) {
- err = vfs_getattr_nosec(&realpath, &lowerdatastat,
+ err = ovl_real_getattr_nosec(sb, &realpath,
+ &lowerdatastat,
lowermask, flags);
if (err)
- goto out;
+ return err;
} else {
lowerdatastat.blocks =
round_up(stat->size, stat->blksize) >> 9;
@@ -277,9 +286,6 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path,
if (!is_dir && ovl_test_flag(OVL_INDEX, d_inode(dentry)))
stat->nlink = dentry->d_inode->i_nlink;
-out:
- ovl_revert_creds(old_cred);
-
return err;
}
--
2.47.3
next prev parent reply other threads:[~2025-11-13 16:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 16:37 [PATCH v2 00/42] ovl: convert to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 01/42] ovl: add override_creds cleanup guard extension for overlayfs Christian Brauner
2025-11-13 16:37 ` [PATCH v2 02/42] ovl: port ovl_copy_up_flags() to cred guards Christian Brauner
2025-11-13 16:37 ` [PATCH v2 03/42] ovl: port ovl_create_or_link() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 04/42] ovl: port ovl_set_link_redirect() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 05/42] ovl: port ovl_do_remove() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 06/42] ovl: port ovl_create_tmpfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 07/42] ovl: port ovl_open_realfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 08/42] ovl: port ovl_llseek() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 09/42] ovl: port ovl_fsync() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 10/42] ovl: port ovl_fallocate() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 11/42] ovl: port ovl_fadvise() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 12/42] ovl: port ovl_flush() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 13/42] ovl: port ovl_setattr() " Christian Brauner
2025-11-13 16:37 ` Christian Brauner [this message]
2025-11-13 16:37 ` [PATCH v2 15/42] ovl: port ovl_permission() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 16/42] ovl: port ovl_get_link() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 17/42] ovl: port do_ovl_get_acl() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 18/42] ovl: port ovl_set_or_remove_acl() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 19/42] ovl: port ovl_fiemap() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 20/42] ovl: port ovl_fileattr_set() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 21/42] ovl: port ovl_fileattr_get() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 22/42] ovl: port ovl_maybe_validate_verity() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 23/42] ovl: port ovl_maybe_lookup_lowerdata() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 24/42] ovl: don't override credentials for ovl_check_whiteouts() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 25/42] ovl: refactor ovl_iterate() and port to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 26/42] ovl: port ovl_dir_llseek() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 27/42] ovl: port ovl_check_empty_dir() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 28/42] ovl: port ovl_nlink_start() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 29/42] ovl: port ovl_nlink_end() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 30/42] ovl: port ovl_xattr_set() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 31/42] ovl: port ovl_xattr_get() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 32/42] ovl: port ovl_listxattr() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 33/42] ovl: refactor ovl_rename() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 34/42] ovl: port ovl_rename() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 35/42] ovl: port ovl_copyfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 36/42] ovl: refactor ovl_lookup() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 37/42] ovl: port ovl_lookup() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 38/42] ovl: port ovl_lower_positive() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 39/42] ovl: refactor ovl_fill_super() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 40/42] ovl: port ovl_fill_super() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 41/42] ovl: remove ovl_revert_creds() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 42/42] ovl: detect double credential overrides Christian Brauner
2025-11-13 18:42 ` Amir Goldstein
2025-11-13 21:31 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251113-work-ovl-cred-guard-v2-14-c08940095e90@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).