ovl: during copy up, switch to mounter's creds early

Now, we have the notion that copy up of a file is done with the creds of mounter of overlay filesystem (as opposed to task). Right now before we switch creds, we do some vfs_getattr() operations in the context of task and that itself can fail. We should do that getattr() using the creds of mounter instead. So this patch switches to mounter's creds early during copy up process so that even vfs_getattr() is done with mounter's creds. Do not call revert_creds() unless we have already called ovl_override_creds(). [Reported by Arnd Bergmann] Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
author: Vivek Goyal <vgoyal@redhat.com> 2016-09-06 13:40:32 -0400
committer: Miklos Szeredi <mszeredi@redhat.com> 2016-09-19 10:50:59 -0400
commit: 8eac98b8beb4711c4ab61822cac077fd6660e820 (patch)
tree: 00f99d86265b7bae9c622c90fa4b72f0c1f6e788
parent: 2b6bc7f48d34a6043915beddbf53b981603737c8 (diff)
2 files changed, 11 insertions, 11 deletions
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index abadbc30e013..796d06fafd09 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -348,7 +348,6 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
        struct path parentpath;
        struct dentry *upperdir;
        struct dentry *upperdentry;
-        const struct cred *old_cred;
        char *link = NULL;
        if (WARN_ON(!workdir))
@@ -369,8 +368,6 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
                        return PTR_ERR(link);
        }
-        old_cred = ovl_override_creds(dentry->d_sb);
        err = -EIO;
        if (lock_rename(workdir, upperdir) != NULL) {
                pr_err("overlayfs: failed to lock workdir+upperdir\n");
@@ -391,7 +388,6 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
        }
 out_unlock:
        unlock_rename(workdir, upperdir);
-        revert_creds(old_cred);
        if (link)
                free_page((unsigned long) link);
@@ -401,9 +397,9 @@ out_unlock:
 int ovl_copy_up(struct dentry *dentry)
 {
-        int err;
+        int err = 0;
+        const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
-        err = 0;
        while (!err) {
                struct dentry *next;
                struct dentry *parent;
@@ -435,6 +431,7 @@ int ovl_copy_up(struct dentry *dentry)
                dput(parent);
                dput(next);
        }
+        revert_creds(old_cred);
        return err;
 }
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index c75625c1efa3..ce5d7dfaf769 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -19,6 +19,7 @@ static int ovl_copy_up_truncate(struct dentry *dentry)
        struct dentry *parent;
        struct kstat stat;
        struct path lowerpath;
+        const struct cred *old_cred;
        parent = dget_parent(dentry);
        err = ovl_copy_up(parent);
@@ -26,12 +27,14 @@ static int ovl_copy_up_truncate(struct dentry *dentry)
                goto out_dput_parent;
        ovl_path_lower(dentry, &lowerpath);
-        err = vfs_getattr(&lowerpath, &stat);
-        if (err)
-                goto out_dput_parent;
-        stat.size = 0;
+        old_cred = ovl_override_creds(dentry->d_sb);
-        err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat);
+        err = vfs_getattr(&lowerpath, &stat);
+        if (!err) {
+                stat.size = 0;
+                err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat);
+        }
+        revert_creds(old_cred);
 out_dput_parent:
        dput(parent);
author	Vivek Goyal <vgoyal@redhat.com>	2016-09-06 13:40:32 -0400
committer	Miklos Szeredi <mszeredi@redhat.com>	2016-09-19 10:50:59 -0400
commit	8eac98b8beb4711c4ab61822cac077fd6660e820 (patch)
tree	00f99d86265b7bae9c622c90fa4b72f0c1f6e788
parent	2b6bc7f48d34a6043915beddbf53b981603737c8 (diff)