* [PATCH 5.10 0/1] Fix CVE-2020-16120 @ 2024-08-30 9:27 hsimeliere.opensource 2024-08-30 9:27 ` [PATCH 5.10 1/1] ovl: do not fail because of O_NOATIME hsimeliere.opensource 0 siblings, 1 reply; 3+ messages in thread From: hsimeliere.opensource @ 2024-08-30 9:27 UTC (permalink / raw) To: stable https://nvd.nist.gov/vuln/detail/CVE-2020-16120 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 5.10 1/1] ovl: do not fail because of O_NOATIME 2024-08-30 9:27 [PATCH 5.10 0/1] Fix CVE-2020-16120 hsimeliere.opensource @ 2024-08-30 9:27 ` hsimeliere.opensource 2024-08-30 13:09 ` Greg KH 0 siblings, 1 reply; 3+ messages in thread From: hsimeliere.opensource @ 2024-08-30 9:27 UTC (permalink / raw) To: stable; +Cc: Miklos Szeredi, Hugo SIMELIERE From: Miklos Szeredi <mszeredi@redhat.com> commit b6650dab404c701d7fe08a108b746542a934da84 upstream. In case the file cannot be opened with O_NOATIME because of lack of capabilities, then clear O_NOATIME instead of failing. Remove WARN_ON(), since it would now trigger if O_NOATIME was cleared. Noticed by Amir Goldstein. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> --- fs/overlayfs/file.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 244e4258ce16..4440ff43cb66 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -53,9 +53,10 @@ static struct file *ovl_open_realfile(const struct file *file, err = inode_permission(realinode, MAY_OPEN | acc_mode); if (err) { realfile = ERR_PTR(err); - } else if (!inode_owner_or_capable(realinode)) { - realfile = ERR_PTR(-EPERM); } else { + if (!inode_owner_or_capable(realinode)) + flags &= ~O_NOATIME; + realfile = open_with_fake_path(&file->f_path, flags, realinode, current_cred()); } @@ -75,12 +76,6 @@ static int ovl_change_flags(struct file *file, unsigned int flags) struct inode *inode = file_inode(file); int err; - flags |= OVL_OPEN_FLAGS; - - /* If some flag changed that cannot be changed then something's amiss */ - if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK)) - return -EIO; - flags &= OVL_SETFL_MASK; if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode)) -- 2.43.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 5.10 1/1] ovl: do not fail because of O_NOATIME 2024-08-30 9:27 ` [PATCH 5.10 1/1] ovl: do not fail because of O_NOATIME hsimeliere.opensource @ 2024-08-30 13:09 ` Greg KH 0 siblings, 0 replies; 3+ messages in thread From: Greg KH @ 2024-08-30 13:09 UTC (permalink / raw) To: hsimeliere.opensource; +Cc: stable, Miklos Szeredi On Fri, Aug 30, 2024 at 11:27:45AM +0200, hsimeliere.opensource@witekio.com wrote: > From: Miklos Szeredi <mszeredi@redhat.com> > > commit b6650dab404c701d7fe08a108b746542a934da84 upstream. > > In case the file cannot be opened with O_NOATIME because of lack of > capabilities, then clear O_NOATIME instead of failing. > > Remove WARN_ON(), since it would now trigger if O_NOATIME was cleared. > Noticed by Amir Goldstein. > > Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> > Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> > --- > fs/overlayfs/file.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > Now queued up, thanks. greg k-h ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-08-30 13:09 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-08-30 9:27 [PATCH 5.10 0/1] Fix CVE-2020-16120 hsimeliere.opensource 2024-08-30 9:27 ` [PATCH 5.10 1/1] ovl: do not fail because of O_NOATIME hsimeliere.opensource 2024-08-30 13:09 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox