From: Miklos Szeredi <mszeredi@redhat.com>
Date: Thu, 28 Jan 2021 09:22:48 +0000 (+0100)
Subject: ovl: perform vfs_getxattr() with mounter creds
X-Git-Tag: v4.19.177~45
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f1cb5984909ce2737caa205b63509c59141bcf49;p=thirdparty%2Fkernel%2Fstable.git

ovl: perform vfs_getxattr() with mounter creds

[ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ]

The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr
exist on a lower layer file that is to be removed.  If the xattr does not
exist, then no need to copy up the file.

This call of vfs_getxattr() wasn't wrapped in credential override, and this
is probably okay.  But for consitency wrap this instance as well.

Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 8b3c284ce92ea..08e60a6df77c3 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -340,7 +340,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name,
 		goto out;
 
 	if (!value && !upperdentry) {
+		old_cred = ovl_override_creds(dentry->d_sb);
 		err = vfs_getxattr(realdentry, name, NULL, 0);
+		revert_creds(old_cred);
 		if (err < 0)
 			goto out_drop_write;
 	}