ovl: perform vfs_getxattr() with mounter creds

The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr exist on a lower layer file that is to be removed. If the xattr does not exist, then no need to copy up the file. This call of vfs_getxattr() wasn't wrapped in credential override, and this is probably okay. But for consitency wrap this instance as well. Reported-by: "Eric W. Biederman" <[email protected]> Signed-off-by: Miklos Szeredi <[email protected]>
ashr · Jan 28, 2021 · 554677b · 554677b
1 parent 9efb069
commit 554677b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
@@ -352,7 +352,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name,
 		goto out;
 
 	if (!value && !upperdentry) {
+		old_cred = ovl_override_creds(dentry->d_sb);
 		err = vfs_getxattr(realdentry, name, NULL, 0);
+		revert_creds(old_cred);
 		if (err < 0)
 			goto out_drop_write;
 	}