ovl: port ovl_open_realfile() to cred guard

author Christian Brauner <brauner@kernel.org>

Mon, 17 Nov 2025 09:33:38 +0000 (10:33 +0100)

committer Christian Brauner <brauner@kernel.org>

Wed, 19 Nov 2025 20:58:20 +0000 (21:58 +0100)
author Christian Brauner <brauner@kernel.org>
Mon, 17 Nov 2025 09:33:38 +0000 (10:33 +0100)
committer Christian Brauner <brauner@kernel.org>
Wed, 19 Nov 2025 20:58:20 +0000 (21:58 +0100)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c

index 7ab2c9daffd0176b7a28f26ef790e5d37919a0a1..ebcd737e87ef14fe3ff5d0060d82992bef6beb15 100644 (file)
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -31,7 +31,6 @@ static struct file *ovl_open_realfile(const struct file *file,
         struct inode *inode = file_inode(file);
         struct mnt_idmap *real_idmap;
         struct file *realfile;
-       const struct cred *old_cred;
         int flags = file->f_flags | OVL_OPEN_FLAGS;
         int acc_mode = ACC_MODE(flags);
         int err;
@@ -39,19 +38,19 @@ static struct file *ovl_open_realfile(const struct file *file,
         if (flags & O_APPEND)
                 acc_mode |= MAY_APPEND;
  
-       old_cred = ovl_override_creds(inode->i_sb);
-       real_idmap = mnt_idmap(realpath->mnt);
-       err = inode_permission(real_idmap, realinode, MAY_OPEN | acc_mode);
-       if (err) {
-               realfile = ERR_PTR(err);
-       } else {
-               if (!inode_owner_or_capable(real_idmap, realinode))
-                       flags &= ~O_NOATIME;
-
-               realfile = backing_file_open(file_user_path(file),
-                                            flags, realpath, current_cred());
+       with_ovl_creds(inode->i_sb) {
+               real_idmap = mnt_idmap(realpath->mnt);
+               err = inode_permission(real_idmap, realinode, MAY_OPEN | acc_mode);
+               if (err) {
+                       realfile = ERR_PTR(err);
+               } else {
+                       if (!inode_owner_or_capable(real_idmap, realinode))
+                               flags &= ~O_NOATIME;
+
+                       realfile = backing_file_open(file_user_path(file),
+                                                    flags, realpath, current_cred());
+               }
         }
-       ovl_revert_creds(old_cred);
  
         pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",
                  file, file, ovl_whatisit(inode, realinode), file->f_flags,
author	Christian Brauner <brauner@kernel.org>
	Mon, 17 Nov 2025 09:33:38 +0000 (10:33 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Wed, 19 Nov 2025 20:58:20 +0000 (21:58 +0100)