Re: [4.4.y PATCH 1/4] ovl: modify ovl_permission() to do checks on two inodes

On Fri, Jun 28, 2019 at 11:45:58AM -0700, Srivatsa S. Bhat wrote:

From: Vivek Goyal vgoyal@redhat.com

commit c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 upstream.

Right now ovl_permission() calls __inode_permission(realinode), to do permission checks on real inode and no checks are done on overlay inode.

Modify it to do checks both on overlay inode as well as underlying inode. Checks on overlay inode will be done with the creds of calling task while checks on underlying inode will be done with the creds of mounter.

Signed-off-by: Vivek Goyal vgoyal@redhat.com Signed-off-by: Miklos Szeredi mszeredi@redhat.com [ Srivatsa: 4.4.y backport:

• Skipped the hunk modifying non-existent function ovl_get_acl()
• Adjusted the error path
• Included linux/cred.h to get prototype for revert_creds() ]

Signed-off-by: Srivatsa S. Bhat (VMware) srivatsa@csail.mit.edu

Applied, thanks.

greg k-h