From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from out30-130.freemail.mail.aliyun.com (out30-130.freemail.mail.aliyun.com [115.124.30.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C526314D2D
	for <linux-kernel@vger.kernel.org>; Thu,  7 May 2026 04:28:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.130
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778128142; cv=none; b=SapEiAEkOtoSOEAABTkpSrYr9GTrStjXRcRZtdOYKvLnQLN9qrKRM0NEcxO9nTKRw4CoMsGb1SihM/NwRFJF30TkH8ANAmcxsytohEj25TWXiJ3JBsNSYvfiKs7qSQbYkk2jtMcrNVQz4LrdU9BJ0lXT7hsKuj769ODspvitxjk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778128142; c=relaxed/simple;
	bh=RjSHdbbR8zgd7CEcGzzw2PnwOqcRetOXuEuNCQjet/I=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=APUK/fjBvafj8YaxCYYN5DQWobX5sD6UYxuNmnBaeVTPQayGyxoy6AWLcpiLyDTmjgkT1D1PEGnno4qjsEY0KgstM1URIn26FuXW4lXs9AjPJfQyn9yJSg+J8MgJOiVUdslvRHEZdHAuLLuLMFtvl8PKJx/ORJG9kugHVHwKc5U=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=Ll5Rkvbh; arc=none smtp.client-ip=115.124.30.130
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="Ll5Rkvbh"
DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=linux.alibaba.com; s=default;
	t=1778128137; h=From:To:Subject:Date:Message-ID:MIME-Version;
	bh=luI16Sk/2JyTpmZ1oitX9qtCrcQm4xlAGb133R0V9bo=;
	b=Ll5RkvbhtU9UPu1vm8i3Tdp1YHjgoJqnF7aGw3CrTCjf5A39ajyxRTSw2d1QP/jei8kjP4xcP/LrB5cfSfMd/aY7uQfO4l9kYgQnDlkkuvZl+d4u2NHYAoWrd35XE+EE6mSQ8CK8jDfZwUIAWuqmX68ebSX9Ky/RKeocED/q5Do=
X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R211e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033032089153;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0X2TG13W_1778128131;
Received: from x31i01179.sqa.na131.tbsite.net(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0X2TG13W_1778128131 cluster:ay36)
          by smtp.aliyun-inc.com;
          Thu, 07 May 2026 12:28:56 +0800
From: Gao Xiang <hsiangkao@linux.alibaba.com>
To: linux-erofs@lists.ozalbs.org
Cc: LKML <linux-kernel@vger.kernel.org>,
	Gao Xiang <hsiangkao@linux.alibaba.com>,
	Carlos Llamas <cmllamas@google.com>,
	Sandeep Dhavale <dhavale@google.com>,
	Tatsuyuki Ishi <ishitatsuyuki@google.com>
Subject: [PATCH v2] erofs: use the opener's credential when verifying metadata accesses
Date: Thu,  7 May 2026 12:28:45 +0800
Message-ID: <20260507042845.1318782-1-hsiangkao@linux.alibaba.com>
X-Mailer: git-send-email 2.43.5
In-Reply-To: <20260505155615.2719500-1-hsiangkao@linux.alibaba.com>
References: <20260505155615.2719500-1-hsiangkao@linux.alibaba.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Similar to commit 905eeb2b7c33 ("erofs: impersonate the opener's
credentials when accessing backing file"), rw_verify_area() needs
the same too.

Fixes: 307210c262a2 ("erofs: verify metadata accesses for file-backed mounts")
Cc: Carlos Llamas <cmllamas@google.com>
Cc: Sandeep Dhavale <dhavale@google.com>
Cc: Tatsuyuki Ishi <ishitatsuyuki@google.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---
v2:
 - apply sashiko's suggestion
   https://sashiko.dev/#/patchset/20260505155615.2719500-1-hsiangkao%40linux.alibaba.com

 fs/erofs/data.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/fs/erofs/data.c b/fs/erofs/data.c
index 44da21c9d777..d6f6035fd714 100644
--- a/fs/erofs/data.c
+++ b/fs/erofs/data.c
@@ -29,6 +29,7 @@ void erofs_put_metabuf(struct erofs_buf *buf)
 void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap)
 {
 	pgoff_t index = (buf->off + offset) >> PAGE_SHIFT;
+	const struct cred *old_cred = NULL;
 	struct folio *folio = NULL;
 	loff_t fpos;
 	int err;
@@ -40,9 +41,12 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap)
 	 */
 	if (buf->file) {
 		fpos = (loff_t)index << PAGE_SHIFT;
+		old_cred = override_creds(buf->file->f_cred);
 		err = rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE);
-		if (err < 0)
+		if (err < 0) {
+			revert_creds(old_cred);
 			return ERR_PTR(err);
+		}
 	}
 
 	if (buf->page) {
@@ -53,6 +57,8 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap)
 	if (!folio || !folio_contains(folio, index)) {
 		erofs_put_metabuf(buf);
 		folio = read_mapping_folio(buf->mapping, index, buf->file);
+		if (old_cred)
+			revert_creds(old_cred);
 		if (IS_ERR(folio))
 			return folio;
 	}
-- 
2.43.5