From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CAB42C0650E for ; Mon, 1 Jul 2019 15:23:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 90D2320663 for ; Mon, 1 Jul 2019 15:23:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561994611; bh=yYKjmCA6SZYbCBcp8t3OKmdmXNrvdT2kdtCPdlLtOZE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=PrSUZ/ogdPcOvhfrCNCx2D/kkETj6tRljj0UYpaW2tmQNONr4qwkmtc72Cf7HvR2I ockgrtNEeG6lyywn9tCQ7xnjT3GoAg1mqAS0olVsvL5n1CS4YdCjvriQOP603m+578 Dhi5tlImzLihiho8LZzooV5qXUpCBx9EOWkv2nhs= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727312AbfGAPXb (ORCPT ); Mon, 1 Jul 2019 11:23:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:36090 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726869AbfGAPXb (ORCPT ); Mon, 1 Jul 2019 11:23:31 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9A20920659; Mon, 1 Jul 2019 15:23:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561994610; bh=yYKjmCA6SZYbCBcp8t3OKmdmXNrvdT2kdtCPdlLtOZE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=iTsNz2wUiFXkNhva7M6RSNzzHlWeczT8Xwyls3he+6Agv7XcpEIzCvYkcqKQjoZ3E 6g/iB/qe/K8hQrwKZ/KUD2zeUDdVG8a4xVLeXYgjMAPni/2q/6c/NIj7TFTQ7uvYxb D15HDbzJbV8/59tJZ2LbFFkE0WhgoBZ23+sq8CLM= Date: Mon, 1 Jul 2019 17:23:27 +0200 From: Greg KH To: "Srivatsa S. Bhat" Cc: stable@vger.kernel.org, Vivek Goyal , Miklos Szeredi , akaher@vmware.com, srinidhir@vmware.com, bvikas@vmware.com, amakhalov@vmware.com, srivatsab@vmware.com Subject: Re: [4.4.y PATCH 1/4] ovl: modify ovl_permission() to do checks on two inodes Message-ID: <20190701152327.GC28557@kroah.com> References: <156174751125.35226.7600381640894671668.stgit@srivatsa-ubuntu> <156174754838.35226.13171581960350534112.stgit@srivatsa-ubuntu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <156174754838.35226.13171581960350534112.stgit@srivatsa-ubuntu> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Fri, Jun 28, 2019 at 11:45:58AM -0700, Srivatsa S. Bhat wrote: > From: Vivek Goyal > > commit c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 upstream. > > Right now ovl_permission() calls __inode_permission(realinode), to do > permission checks on real inode and no checks are done on overlay inode. > > Modify it to do checks both on overlay inode as well as underlying inode. > Checks on overlay inode will be done with the creds of calling task while > checks on underlying inode will be done with the creds of mounter. > > Signed-off-by: Vivek Goyal > Signed-off-by: Miklos Szeredi > [ Srivatsa: 4.4.y backport: > - Skipped the hunk modifying non-existent function ovl_get_acl() > - Adjusted the error path > - Included linux/cred.h to get prototype for revert_creds() ] > Signed-off-by: Srivatsa S. Bhat (VMware) Applied, thanks. greg k-h