ovl: remove privs in ovl_copyfile()

commit b306e90ffabdaa7e3b3350dbcd19b7663e71ab17 upstream.

Underlying fs doesn't remove privs because copy_range/remap_range are
called with privileged mounter credentials.

This fixes some failures in fstest generic/673.

Fixes: 8ede205541ff ("ovl: add reflink/copyfile/dedup support")
Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index b019f27c1360145f8f4be59b729ea2a9536c6a65..259b2d41b70737e0c7d57f7c48b812163fd57cda 100644 (file)
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -687,14 +687,23 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
        const struct cred *old_cred;
        loff_t ret;
 
+       inode_lock(inode_out);
+       if (op != OVL_DEDUPE) {
+               /* Update mode */
+               ovl_copyattr(ovl_inode_real(inode_out), inode_out);
+               ret = file_remove_privs(file_out);
+               if (ret)
+                       goto out_unlock;
+       }
+
        ret = ovl_real_fdget(file_out, &real_out);
        if (ret)
-               return ret;
+               goto out_unlock;
 
        ret = ovl_real_fdget(file_in, &real_in);
        if (ret) {
                fdput(real_out);
-               return ret;
+               goto out_unlock;
        }
 
        old_cred = ovl_override_creds(file_inode(file_out)->i_sb);
@@ -723,6 +732,9 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
        fdput(real_in);
        fdput(real_out);
 
+out_unlock:
+       inode_unlock(inode_out);
+
        return ret;
 }