diff options
| author | Christian Brauner <brauner@kernel.org> | 2025-11-17 10:33:55 +0100 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2025-11-19 21:58:23 +0100 |
| commit | 198d1822884a79e92a6e33284be90db5c09a48df (patch) | |
| tree | 053a1ae340460aed8a777805d20e2f01c7acdfa3 | |
| parent | cb3c8cbaed041b8cf229f48b9d7503eca7969f97 (diff) | |
ovl: don't override credentials for ovl_check_whiteouts()
The function is only called when rdd->dentry is non-NULL:
if (!err && rdd->first_maybe_whiteout && rdd->dentry)
err = ovl_check_whiteouts(realpath, rdd);
| Caller | Sets rdd->dentry? | Can call ovl_check_whiteouts()? |
|-------------------------------|-------------------|---------------------------------|
| ovl_dir_read_merged() | ✓ Yes (line 430) | ✓ YES |
| ovl_dir_read_impure() | ✗ No | ✗ NO |
| ovl_check_d_type_supported() | ✗ No | ✗ NO |
| ovl_workdir_cleanup_recurse() | ✗ No | ✗ NO |
| ovl_indexdir_cleanup() | ✗ No | ✗ NO |
VFS layer (.iterate_shared file operation)
→ ovl_iterate()
[CRED OVERRIDE]
→ ovl_cache_get()
→ ovl_dir_read_merged()
→ ovl_dir_read()
→ ovl_check_whiteouts()
[CRED REVERT]
ovl_unlink()
→ ovl_do_remove()
→ ovl_check_empty_dir()
[CRED OVERRIDE]
→ ovl_dir_read_merged()
→ ovl_dir_read()
→ ovl_check_whiteouts()
[CRED REVERT]
ovl_rename()
→ ovl_check_empty_dir()
[CRED OVERRIDE]
→ ovl_dir_read_merged()
→ ovl_dir_read()
→ ovl_check_whiteouts()
[CRED REVERT]
All valid callchains already override credentials so drop the override.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-24-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
| -rw-r--r-- | fs/overlayfs/readdir.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index 77ecc39fc33a..2e345d39b193 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c @@ -348,11 +348,7 @@ static bool ovl_fill_merge(struct dir_context *ctx, const char *name, static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data *rdd) { - int err = 0; struct dentry *dentry, *dir = path->dentry; - const struct cred *old_cred; - - old_cred = ovl_override_creds(rdd->dentry->d_sb); while (rdd->first_maybe_whiteout) { struct ovl_cache_entry *p = @@ -365,13 +361,11 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data p->is_whiteout = ovl_is_whiteout(dentry); dput(dentry); } else if (PTR_ERR(dentry) == -EINTR) { - err = -EINTR; - break; + return -EINTR; } } - ovl_revert_creds(old_cred); - return err; + return 0; } static inline int ovl_dir_read(const struct path *realpath, |