Drop ovl-verify-permissions-in-ovl_path_open.patch

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.14/ovl-verify-permissions-in-ovl_path_open.patch b/queue-4.14/ovl-verify-permissions-in-ovl_path_open.patch
deleted file mode 100644 (file)
index b778752..0000000
--- a/queue-4.14/ovl-verify-permissions-in-ovl_path_open.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From d3d73d1797c87b53a86cffe77b7e3d65e9d1e6f7 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 2 Jun 2020 22:20:26 +0200
-Subject: ovl: verify permissions in ovl_path_open()
-
-From: Miklos Szeredi <mszeredi@redhat.com>
-
-[ Upstream commit 56230d956739b9cb1cbde439d76227d77979a04d ]
-
-Check permission before opening a real file.
-
-ovl_path_open() is used by readdir and copy-up routines.
-
-ovl_permission() theoretically already checked copy up permissions, but it
-doesn't hurt to re-do these checks during the actual copy-up.
-
-For directory reading ovl_permission() only checks access to topmost
-underlying layer.  Readdir on a merged directory accesses layers below the
-topmost one as well.  Permission wasn't checked for these layers.
-
-Note: modifying ovl_permission() to perform this check would be far more
-complex and hence more bug prone.  The result is less precise permissions
-returned in access(2).  If this turns out to be an issue, we can revisit
-this bug.
-
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/overlayfs/util.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
-index afdc2533ce74d..76d6610767f6f 100644
---- a/fs/overlayfs/util.c
-+++ b/fs/overlayfs/util.c
-@@ -307,7 +307,32 @@ bool ovl_is_whiteout(struct dentry *dentry)
- 
- struct file *ovl_path_open(struct path *path, int flags)
- {
--      return dentry_open(path, flags | O_NOATIME, current_cred());
-+      struct inode *inode = d_inode(path->dentry);
-+      int err, acc_mode;
-+
-+      if (flags & ~(O_ACCMODE | O_LARGEFILE))
-+              BUG();
-+
-+      switch (flags & O_ACCMODE) {
-+      case O_RDONLY:
-+              acc_mode = MAY_READ;
-+              break;
-+      case O_WRONLY:
-+              acc_mode = MAY_WRITE;
-+              break;
-+      default:
-+              BUG();
-+      }
-+
-+      err = inode_permission(inode, acc_mode | MAY_OPEN);
-+      if (err)
-+              return ERR_PTR(err);
-+
-+      /* O_NOATIME is an optimization, don't fail if not permitted */
-+      if (inode_owner_or_capable(inode))
-+              flags |= O_NOATIME;
-+
-+      return dentry_open(path, flags, current_cred());
- }
- 
- int ovl_copy_up_start(struct dentry *dentry)
--- 
-2.25.1
-

diff --git a/queue-4.14/series b/queue-4.14/series
index dda84f2b7b2eb882ae9299e556eb844de6e31868..976d836c12733ce4b5ed1c8fb933e7bc2fa6c27f 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -82,7 +82,6 @@ asoc-fsl_asrc_dma-fix-dma_chan-leak-when-config-dma-.patch
 vfio-mdev-fix-reference-count-leak-in-add_mdev_suppo.patch
 openrisc-fix-issue-with-argument-clobbering-for-clon.patch
 gfs2-allow-lock_nolock-mount-to-specify-jid-x.patch
-ovl-verify-permissions-in-ovl_path_open.patch
 scsi-iscsi-fix-reference-count-leak-in-iscsi_boot_cr.patch
 scsi-ufs-don-t-update-urgent-bkops-level-when-toggli.patch
 pinctrl-imxl-fix-an-error-handling-path-in-imx1_pinc.patch

diff --git a/queue-4.19/ovl-verify-permissions-in-ovl_path_open.patch b/queue-4.19/ovl-verify-permissions-in-ovl_path_open.patch
deleted file mode 100644 (file)
index 04b19db..0000000
--- a/queue-4.19/ovl-verify-permissions-in-ovl_path_open.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From b78fa94c3d7b15f905158e0e6284dec795af2b69 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 2 Jun 2020 22:20:26 +0200
-Subject: ovl: verify permissions in ovl_path_open()
-
-From: Miklos Szeredi <mszeredi@redhat.com>
-
-[ Upstream commit 56230d956739b9cb1cbde439d76227d77979a04d ]
-
-Check permission before opening a real file.
-
-ovl_path_open() is used by readdir and copy-up routines.
-
-ovl_permission() theoretically already checked copy up permissions, but it
-doesn't hurt to re-do these checks during the actual copy-up.
-
-For directory reading ovl_permission() only checks access to topmost
-underlying layer.  Readdir on a merged directory accesses layers below the
-topmost one as well.  Permission wasn't checked for these layers.
-
-Note: modifying ovl_permission() to perform this check would be far more
-complex and hence more bug prone.  The result is less precise permissions
-returned in access(2).  If this turns out to be an issue, we can revisit
-this bug.
-
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/overlayfs/util.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
-index db8bdb29b3207..afbc6a97da2ac 100644
---- a/fs/overlayfs/util.c
-+++ b/fs/overlayfs/util.c
-@@ -479,7 +479,32 @@ bool ovl_is_whiteout(struct dentry *dentry)
- 
- struct file *ovl_path_open(struct path *path, int flags)
- {
--      return dentry_open(path, flags | O_NOATIME, current_cred());
-+      struct inode *inode = d_inode(path->dentry);
-+      int err, acc_mode;
-+
-+      if (flags & ~(O_ACCMODE | O_LARGEFILE))
-+              BUG();
-+
-+      switch (flags & O_ACCMODE) {
-+      case O_RDONLY:
-+              acc_mode = MAY_READ;
-+              break;
-+      case O_WRONLY:
-+              acc_mode = MAY_WRITE;
-+              break;
-+      default:
-+              BUG();
-+      }
-+
-+      err = inode_permission(inode, acc_mode | MAY_OPEN);
-+      if (err)
-+              return ERR_PTR(err);
-+
-+      /* O_NOATIME is an optimization, don't fail if not permitted */
-+      if (inode_owner_or_capable(inode))
-+              flags |= O_NOATIME;
-+
-+      return dentry_open(path, flags, current_cred());
- }
- 
- /* Caller should hold ovl_inode->lock */
--- 
-2.25.1
-

diff --git a/queue-4.19/series b/queue-4.19/series
index 8bacadc32be475fe73e43fe02db500cbdc5f177e..9196ea9e52741bb82c01c88725f7c6dd56dcfb00 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -127,7 +127,6 @@ vfio-mdev-fix-reference-count-leak-in-add_mdev_suppo.patch
 rxrpc-adjust-proc-net-rxrpc-calls-to-display-call-de.patch
 openrisc-fix-issue-with-argument-clobbering-for-clon.patch
 gfs2-allow-lock_nolock-mount-to-specify-jid-x.patch
-ovl-verify-permissions-in-ovl_path_open.patch
 scsi-iscsi-fix-reference-count-leak-in-iscsi_boot_cr.patch
 scsi-ufs-don-t-update-urgent-bkops-level-when-toggli.patch
 pinctrl-imxl-fix-an-error-handling-path-in-imx1_pinc.patch

diff --git a/queue-5.4/ovl-verify-permissions-in-ovl_path_open.patch b/queue-5.4/ovl-verify-permissions-in-ovl_path_open.patch
deleted file mode 100644 (file)
index 3224f79..0000000
--- a/queue-5.4/ovl-verify-permissions-in-ovl_path_open.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From fd3b50197726327cc1db1cc1f76c9e2232912d0e Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 2 Jun 2020 22:20:26 +0200
-Subject: ovl: verify permissions in ovl_path_open()
-
-From: Miklos Szeredi <mszeredi@redhat.com>
-
-[ Upstream commit 56230d956739b9cb1cbde439d76227d77979a04d ]
-
-Check permission before opening a real file.
-
-ovl_path_open() is used by readdir and copy-up routines.
-
-ovl_permission() theoretically already checked copy up permissions, but it
-doesn't hurt to re-do these checks during the actual copy-up.
-
-For directory reading ovl_permission() only checks access to topmost
-underlying layer.  Readdir on a merged directory accesses layers below the
-topmost one as well.  Permission wasn't checked for these layers.
-
-Note: modifying ovl_permission() to perform this check would be far more
-complex and hence more bug prone.  The result is less precise permissions
-returned in access(2).  If this turns out to be an issue, we can revisit
-this bug.
-
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/overlayfs/util.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
-index f5678a3f83508..eb325322a893d 100644
---- a/fs/overlayfs/util.c
-+++ b/fs/overlayfs/util.c
-@@ -475,7 +475,32 @@ bool ovl_is_whiteout(struct dentry *dentry)
- 
- struct file *ovl_path_open(struct path *path, int flags)
- {
--      return dentry_open(path, flags | O_NOATIME, current_cred());
-+      struct inode *inode = d_inode(path->dentry);
-+      int err, acc_mode;
-+
-+      if (flags & ~(O_ACCMODE | O_LARGEFILE))
-+              BUG();
-+
-+      switch (flags & O_ACCMODE) {
-+      case O_RDONLY:
-+              acc_mode = MAY_READ;
-+              break;
-+      case O_WRONLY:
-+              acc_mode = MAY_WRITE;
-+              break;
-+      default:
-+              BUG();
-+      }
-+
-+      err = inode_permission(inode, acc_mode | MAY_OPEN);
-+      if (err)
-+              return ERR_PTR(err);
-+
-+      /* O_NOATIME is an optimization, don't fail if not permitted */
-+      if (inode_owner_or_capable(inode))
-+              flags |= O_NOATIME;
-+
-+      return dentry_open(path, flags, current_cred());
- }
- 
- /* Caller should hold ovl_inode->lock */
--- 
-2.25.1
-

diff --git a/queue-5.4/series b/queue-5.4/series
index 73e9f53f90fb0c03aab0e0e1f9ada4fdb88f6de4..b1238c123d6cefecbb1d93d46c138c8fe6f422ff 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -211,7 +211,6 @@ drm-nouveau-disp-gm200-fix-nv_pdisp_sor_hdmi2_ctrl-n.patch
 ceph-don-t-return-estale-if-there-s-still-an-open-fi.patch
 nfsd4-make-drc_slab-global-not-per-net.patch
 gfs2-allow-lock_nolock-mount-to-specify-jid-x.patch
-ovl-verify-permissions-in-ovl_path_open.patch
 scsi-iscsi-fix-reference-count-leak-in-iscsi_boot_cr.patch
 scsi-ufs-don-t-update-urgent-bkops-level-when-toggli.patch
 pinctrl-imxl-fix-an-error-handling-path-in-imx1_pinc.patch

diff --git a/queue-5.7/ovl-verify-permissions-in-ovl_path_open.patch b/queue-5.7/ovl-verify-permissions-in-ovl_path_open.patch
deleted file mode 100644 (file)
index 6d5f4bf..0000000
--- a/queue-5.7/ovl-verify-permissions-in-ovl_path_open.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From d01777f34c182b4f2cd6fc6bb7a6116338a954f2 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 2 Jun 2020 22:20:26 +0200
-Subject: ovl: verify permissions in ovl_path_open()
-
-From: Miklos Szeredi <mszeredi@redhat.com>
-
-[ Upstream commit 56230d956739b9cb1cbde439d76227d77979a04d ]
-
-Check permission before opening a real file.
-
-ovl_path_open() is used by readdir and copy-up routines.
-
-ovl_permission() theoretically already checked copy up permissions, but it
-doesn't hurt to re-do these checks during the actual copy-up.
-
-For directory reading ovl_permission() only checks access to topmost
-underlying layer.  Readdir on a merged directory accesses layers below the
-topmost one as well.  Permission wasn't checked for these layers.
-
-Note: modifying ovl_permission() to perform this check would be far more
-complex and hence more bug prone.  The result is less precise permissions
-returned in access(2).  If this turns out to be an issue, we can revisit
-this bug.
-
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/overlayfs/util.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
-index 36b60788ee473..a0878039332a4 100644
---- a/fs/overlayfs/util.c
-+++ b/fs/overlayfs/util.c
-@@ -459,7 +459,32 @@ bool ovl_is_whiteout(struct dentry *dentry)
- 
- struct file *ovl_path_open(struct path *path, int flags)
- {
--      return dentry_open(path, flags | O_NOATIME, current_cred());
-+      struct inode *inode = d_inode(path->dentry);
-+      int err, acc_mode;
-+
-+      if (flags & ~(O_ACCMODE | O_LARGEFILE))
-+              BUG();
-+
-+      switch (flags & O_ACCMODE) {
-+      case O_RDONLY:
-+              acc_mode = MAY_READ;
-+              break;
-+      case O_WRONLY:
-+              acc_mode = MAY_WRITE;
-+              break;
-+      default:
-+              BUG();
-+      }
-+
-+      err = inode_permission(inode, acc_mode | MAY_OPEN);
-+      if (err)
-+              return ERR_PTR(err);
-+
-+      /* O_NOATIME is an optimization, don't fail if not permitted */
-+      if (inode_owner_or_capable(inode))
-+              flags |= O_NOATIME;
-+
-+      return dentry_open(path, flags, current_cred());
- }
- 
- /* Caller should hold ovl_inode->lock */
--- 
-2.25.1
-

diff --git a/queue-5.7/series b/queue-5.7/series
index 5b0b3b80da1cbc4fd09468dc4e0659639956a91e..24184dd9922b81a362971517358c3461183b6dec 100644 (file)
--- a/queue-5.7/series
+++ b/queue-5.7/series
@@ -310,7 +310,6 @@ ceph-don-t-return-estale-if-there-s-still-an-open-fi.patch
 nfsd4-make-drc_slab-global-not-per-net.patch
 pwm-imx27-fix-rounding-behavior.patch
 gfs2-allow-lock_nolock-mount-to-specify-jid-x.patch
-ovl-verify-permissions-in-ovl_path_open.patch
 scsi-iscsi-fix-reference-count-leak-in-iscsi_boot_cr.patch
 scsi-ufs-don-t-update-urgent-bkops-level-when-toggli.patch
 modpost-fix-i-ignore-errors-makeflags-detection.patch