git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Amir Goldstein <amir73il@gmail.com>
	Wed, 22 Nov 2023 12:27:05 +0000 (14:27 +0200)
committer	Christian Brauner <brauner@kernel.org>
	Fri, 24 Nov 2023 08:22:28 +0000 (09:22 +0100)
commit	dfad37051ade6ac0d404ef4913f3bd01954ee51c
tree	4dc2f4ee1ad03043ea4025a20d99cbe09323acb6	tree \| snapshot
parent	d53471ba6f7ae97a4e223539029528108b705af1	commit \| diff

remap_range: move permission hooks out of do_clone_file_range()

In many of the vfs helpers, file permission hook is called before
taking sb_start_write(), making them "start-write-safe".
do_clone_file_range() is an exception to this rule.

do_clone_file_range() has two callers - vfs_clone_file_range() and
overlayfs. Move remap_verify_area() checks from do_clone_file_range()
out to vfs_clone_file_range() to make them "start-write-safe".

Overlayfs already has calls to rw_verify_area() with the same security
permission hooks as remap_verify_area() has.
The rest of the checks in remap_verify_area() are irrelevant for
overlayfs that calls do_clone_file_range() offset 0 and positive length.

This is needed for fanotify "pre content" events.

Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Link: https://lore.kernel.org/r/20231122122715.2561213-7-amir73il@gmail.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>