ovl: add copy up credential guard

Add a credential guard for copy up. This will allows us to waste struct
struct ovl_cu_creds and simplify the code.

Link: https://patch.msgid.link/20251114-work-ovl-cred-guard-copyup-v1-1-ea3fb15cf427@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 859e75daff8e44a410643c4aeda006954f06c6ba..a7f70dadf94f5432b0703531a3c30f581cf77593 100644 (file)
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -752,6 +752,33 @@ static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
        }
 }
 
+static const struct cred *ovl_prepare_copy_up_creds(struct dentry *dentry)
+{
+       struct cred *copy_up_cred = NULL;
+       int err;
+
+       err = security_inode_copy_up(dentry, &copy_up_cred);
+       if (err < 0)
+               return ERR_PTR(err);
+
+       if (!copy_up_cred)
+               return NULL;
+
+       return override_creds(copy_up_cred);
+}
+
+static void ovl_revert_copy_up_creds(const struct cred *orig_cred)
+{
+       const struct cred *copy_up_cred;
+
+       copy_up_cred = revert_creds(orig_cred);
+       put_cred(copy_up_cred);
+}
+
+DEFINE_CLASS(copy_up_creds, const struct cred *,
+            if (!IS_ERR_OR_NULL(_T)) ovl_revert_copy_up_creds(_T),
+            ovl_prepare_copy_up_creds(dentry), struct dentry *dentry)
+
 /*
  * Copyup using workdir to prepare temp file.  Used when copying up directories,
  * special files or when upper fs doesn't support O_TMPFILE.