From: Christian Brauner <brauner@kernel.org>
To: Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Christian Brauner <brauner@kernel.org>
Subject: [PATCH v2 39/42] ovl: refactor ovl_fill_super()
Date: Thu, 13 Nov 2025 17:37:44 +0100 [thread overview]
Message-ID: <20251113-work-ovl-cred-guard-v2-39-c08940095e90@kernel.org> (raw)
In-Reply-To: <20251113-work-ovl-cred-guard-v2-0-c08940095e90@kernel.org>
Split the core into a separate helper in preparation of converting the
caller to the scoped ovl cred guard.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/overlayfs/super.c | 91 +++++++++++++++++++++++++++-------------------------
1 file changed, 48 insertions(+), 43 deletions(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 43ee4c7296a7..e3781fccaef8 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1369,53 +1369,35 @@ static void ovl_set_d_op(struct super_block *sb)
set_default_d_op(sb, &ovl_dentry_operations);
}
-int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
+static int do_ovl_fill_super(struct fs_context *fc, struct super_block *sb)
{
struct ovl_fs *ofs = sb->s_fs_info;
+ struct cred *creator_cred = (struct cred *)ofs->creator_cred;
struct ovl_fs_context *ctx = fc->fs_private;
- const struct cred *old_cred = NULL;
- struct dentry *root_dentry;
- struct ovl_entry *oe;
struct ovl_layer *layers;
- struct cred *cred;
+ struct ovl_entry *oe = NULL;
int err;
- err = -EIO;
- if (WARN_ON(fc->user_ns != current_user_ns()))
- goto out_err;
-
- ovl_set_d_op(sb);
-
- err = -ENOMEM;
- if (!ofs->creator_cred)
- ofs->creator_cred = cred = prepare_creds();
- else
- cred = (struct cred *)ofs->creator_cred;
- if (!cred)
- goto out_err;
-
- old_cred = ovl_override_creds(sb);
-
err = ovl_fs_params_verify(ctx, &ofs->config);
if (err)
- goto out_err;
+ return err;
err = -EINVAL;
if (ctx->nr == 0) {
if (!(fc->sb_flags & SB_SILENT))
pr_err("missing 'lowerdir'\n");
- goto out_err;
+ return err;
}
err = -ENOMEM;
layers = kcalloc(ctx->nr + 1, sizeof(struct ovl_layer), GFP_KERNEL);
if (!layers)
- goto out_err;
+ return err;
ofs->config.lowerdirs = kcalloc(ctx->nr + 1, sizeof(char *), GFP_KERNEL);
if (!ofs->config.lowerdirs) {
kfree(layers);
- goto out_err;
+ return err;
}
ofs->layers = layers;
/*
@@ -1448,12 +1430,12 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
err = -EINVAL;
if (!ofs->config.workdir) {
pr_err("missing 'workdir'\n");
- goto out_err;
+ return err;
}
err = ovl_get_upper(sb, ofs, &layers[0], &ctx->upper);
if (err)
- goto out_err;
+ return err;
upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
if (!ovl_should_sync(ofs)) {
@@ -1461,13 +1443,13 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
if (errseq_check(&upper_sb->s_wb_err, ofs->errseq)) {
err = -EIO;
pr_err("Cannot mount volatile when upperdir has an unseen error. Sync upperdir fs to clear state.\n");
- goto out_err;
+ return err;
}
}
err = ovl_get_workdir(sb, ofs, &ctx->upper, &ctx->work);
if (err)
- goto out_err;
+ return err;
if (!ofs->workdir)
sb->s_flags |= SB_RDONLY;
@@ -1478,7 +1460,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
oe = ovl_get_lowerstack(sb, ctx, ofs, layers);
err = PTR_ERR(oe);
if (IS_ERR(oe))
- goto out_err;
+ return err;
/* If the upper fs is nonexistent, we mark overlayfs r/o too */
if (!ovl_upper_mnt(ofs))
@@ -1531,7 +1513,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
sb->s_export_op = &ovl_export_fid_operations;
/* Never override disk quota limits or use reserved space */
- cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
+ cap_lower(creator_cred->cap_effective, CAP_SYS_RESOURCE);
sb->s_magic = OVERLAYFS_SUPER_MAGIC;
sb->s_xattr = ovl_xattr_handlers(ofs);
@@ -1549,27 +1531,50 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED;
err = -ENOMEM;
- root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe);
- if (!root_dentry)
+ sb->s_root = ovl_get_root(sb, ctx->upper.dentry, oe);
+ if (!sb->s_root)
goto out_free_oe;
- sb->s_root = root_dentry;
-
- ovl_revert_creds(old_cred);
return 0;
out_free_oe:
ovl_free_entry(oe);
-out_err:
- /*
- * Revert creds before calling ovl_free_fs() which will call
- * put_cred() and put_cred() requires that the cred's that are
- * put are not the caller's creds, i.e., current->cred.
- */
- if (old_cred)
+ return err;
+}
+
+int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
+{
+ struct ovl_fs *ofs = sb->s_fs_info;
+ const struct cred *old_cred = NULL;
+ struct cred *cred;
+ int err;
+
+ err = -EIO;
+ if (WARN_ON(fc->user_ns != current_user_ns()))
+ goto out_err;
+
+ ovl_set_d_op(sb);
+
+ err = -ENOMEM;
+ if (!ofs->creator_cred)
+ ofs->creator_cred = cred = prepare_creds();
+ else
+ cred = (struct cred *)ofs->creator_cred;
+ if (!cred)
+ goto out_err;
+
+ old_cred = ovl_override_creds(sb);
+
+ err = do_ovl_fill_super(fc, sb);
+
ovl_revert_creds(old_cred);
+
+out_err:
+ if (err) {
ovl_free_fs(ofs);
sb->s_fs_info = NULL;
+ }
+
return err;
}
--
2.47.3
next prev parent reply other threads:[~2025-11-13 16:38 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 16:37 [PATCH v2 00/42] ovl: convert to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 01/42] ovl: add override_creds cleanup guard extension for overlayfs Christian Brauner
2025-11-13 16:37 ` [PATCH v2 02/42] ovl: port ovl_copy_up_flags() to cred guards Christian Brauner
2025-11-13 16:37 ` [PATCH v2 03/42] ovl: port ovl_create_or_link() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 04/42] ovl: port ovl_set_link_redirect() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 05/42] ovl: port ovl_do_remove() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 06/42] ovl: port ovl_create_tmpfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 07/42] ovl: port ovl_open_realfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 08/42] ovl: port ovl_llseek() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 09/42] ovl: port ovl_fsync() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 10/42] ovl: port ovl_fallocate() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 11/42] ovl: port ovl_fadvise() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 12/42] ovl: port ovl_flush() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 13/42] ovl: port ovl_setattr() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 14/42] ovl: port ovl_getattr() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 15/42] ovl: port ovl_permission() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 16/42] ovl: port ovl_get_link() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 17/42] ovl: port do_ovl_get_acl() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 18/42] ovl: port ovl_set_or_remove_acl() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 19/42] ovl: port ovl_fiemap() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 20/42] ovl: port ovl_fileattr_set() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 21/42] ovl: port ovl_fileattr_get() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 22/42] ovl: port ovl_maybe_validate_verity() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 23/42] ovl: port ovl_maybe_lookup_lowerdata() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 24/42] ovl: don't override credentials for ovl_check_whiteouts() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 25/42] ovl: refactor ovl_iterate() and port to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 26/42] ovl: port ovl_dir_llseek() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 27/42] ovl: port ovl_check_empty_dir() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 28/42] ovl: port ovl_nlink_start() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 29/42] ovl: port ovl_nlink_end() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 30/42] ovl: port ovl_xattr_set() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 31/42] ovl: port ovl_xattr_get() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 32/42] ovl: port ovl_listxattr() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 33/42] ovl: refactor ovl_rename() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 34/42] ovl: port ovl_rename() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 35/42] ovl: port ovl_copyfile() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 36/42] ovl: refactor ovl_lookup() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 37/42] ovl: port ovl_lookup() to cred guard Christian Brauner
2025-11-13 16:37 ` [PATCH v2 38/42] ovl: port ovl_lower_positive() " Christian Brauner
2025-11-13 16:37 ` Christian Brauner [this message]
2025-11-13 16:37 ` [PATCH v2 40/42] ovl: port ovl_fill_super() " Christian Brauner
2025-11-13 16:37 ` [PATCH v2 41/42] ovl: remove ovl_revert_creds() Christian Brauner
2025-11-13 16:37 ` [PATCH v2 42/42] ovl: detect double credential overrides Christian Brauner
2025-11-13 18:42 ` Amir Goldstein
2025-11-13 21:31 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251113-work-ovl-cred-guard-v2-39-c08940095e90@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).