diff options
Diffstat (limited to 'android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch')
-rw-r--r-- | android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch | 148 |
1 files changed, 56 insertions, 92 deletions
diff --git a/android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch b/android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch index 2277eeea..f4894eb1 100644 --- a/android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch +++ b/android-mainline/ANDROID-overlayfs-override_creds-off-option-bypass-creator_cred.patch @@ -43,18 +43,18 @@ Signed-off-by: Mark Salyzyn <salyzyn@android.com> Signed-off-by: Daniel Rosenberg <drosen@google.com> Test: adb-remount-test.sh --- - Documentation/filesystems/overlayfs.rst | 24 +++++++++++++++++++++ + Documentation/filesystems/overlayfs.rst | 24 ++++++++++++++++++++++ fs/overlayfs/copy_up.c | 2 +- - fs/overlayfs/dir.c | 17 ++++++++------- - fs/overlayfs/file.c | 27 ++++++++++++------------ - fs/overlayfs/inode.c | 28 ++++++++++++------------- - fs/overlayfs/namei.c | 8 +++---- + fs/overlayfs/dir.c | 17 +++++++++------- + fs/overlayfs/file.c | 27 +++++++++++++------------ + fs/overlayfs/inode.c | 20 +++++++++--------- + fs/overlayfs/namei.c | 8 ++++---- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/params.c | 10 +++++++++ - fs/overlayfs/readdir.c | 8 +++---- + fs/overlayfs/readdir.c | 8 ++++---- fs/overlayfs/util.c | 13 ++++++++++-- - 11 files changed, 94 insertions(+), 45 deletions(-) + 11 files changed, 90 insertions(+), 41 deletions(-) diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst --- a/Documentation/filesystems/overlayfs.rst @@ -93,7 +93,7 @@ diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c -@@ -1148,7 +1148,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) +@@ -1195,7 +1195,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) dput(parent); dput(next); } @@ -114,7 +114,7 @@ diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c struct cred *override_cred; struct dentry *parent = dentry->d_parent; -@@ -596,13 +596,14 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, +@@ -592,13 +592,14 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, override_cred->fsuid = inode->i_uid; override_cred->fsgid = inode->i_gid; err = security_dentry_create_files_as(dentry, @@ -131,7 +131,7 @@ diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c put_cred(override_cred); } -@@ -612,7 +613,9 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, +@@ -608,7 +609,9 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, err = ovl_create_over_whiteout(dentry, inode, attr); out_revert_creds: @@ -151,7 +151,7 @@ diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c return err; } -@@ -908,7 +911,7 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) +@@ -899,7 +902,7 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) err = ovl_remove_upper(dentry, is_dir, &list); else err = ovl_remove_and_whiteout(dentry, &list); @@ -160,7 +160,7 @@ diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c if (!err) { if (is_dir) clear_nlink(dentry->d_inode); -@@ -1283,7 +1286,7 @@ static int ovl_rename(struct mnt_idmap *idmap, struct inode *olddir, +@@ -1275,7 +1278,7 @@ static int ovl_rename(struct mnt_idmap *idmap, struct inode *olddir, out_unlock: unlock_rename(new_upperdir, old_upperdir); out_revert_creds: @@ -168,11 +168,11 @@ diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c + ovl_revert_creds(old->d_sb, old_cred); if (update_nlink) ovl_nlink_end(new); - out_drop_write: + else diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c -@@ -59,13 +59,14 @@ static struct file *ovl_open_realfile(const struct file *file, +@@ -62,13 +62,14 @@ static struct file *ovl_open_realfile(const struct file *file, if (err) { realfile = ERR_PTR(err); } else { @@ -189,7 +189,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", file, file, ovl_whatisit(inode, realinode), file->f_flags, -@@ -227,7 +228,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) +@@ -230,7 +231,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) old_cred = ovl_override_creds(inode->i_sb); ret = vfs_llseek(real.file, offset, whence); @@ -198,7 +198,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c file->f_pos = real.file->f_pos; ovl_inode_unlock(inode); -@@ -341,7 +342,7 @@ static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) +@@ -387,7 +388,7 @@ static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) ovl_aio_cleanup_handler(aio_req); } out: @@ -207,7 +207,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c ovl_file_accessed(file); out_fdput: fdput(real); -@@ -414,7 +415,7 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) +@@ -465,7 +466,7 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) ovl_aio_cleanup_handler(aio_req); } out: @@ -216,7 +216,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c out_fdput: fdput(real); -@@ -438,7 +439,7 @@ static ssize_t ovl_splice_read(struct file *in, loff_t *ppos, +@@ -489,7 +490,7 @@ static ssize_t ovl_splice_read(struct file *in, loff_t *ppos, old_cred = ovl_override_creds(file_inode(in)->i_sb); ret = vfs_splice_read(real.file, ppos, pipe, len, flags); @@ -225,16 +225,16 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c ovl_file_accessed(in); fdput(real); -@@ -480,7 +481,7 @@ static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, +@@ -531,7 +532,7 @@ static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, file_end_write(real.file); /* Update size */ - ovl_copyattr(inode); + ovl_file_modified(out); - revert_creds(old_cred); + ovl_revert_creds(inode->i_sb, old_cred); fdput(real); out_unlock: -@@ -507,7 +508,7 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) +@@ -558,7 +559,7 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fsync_range(real.file, start, end, datasync); @@ -243,7 +243,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c } fdput(real); -@@ -531,7 +532,7 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma) +@@ -582,7 +583,7 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma) old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = call_mmap(vma->vm_file, vma); @@ -252,7 +252,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c ovl_file_accessed(file); return ret; -@@ -557,7 +558,7 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len +@@ -608,7 +609,7 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fallocate(real.file, mode, offset, len); @@ -260,8 +260,8 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c + ovl_revert_creds(file_inode(file)->i_sb, old_cred); /* Update size */ - ovl_copyattr(inode); -@@ -582,7 +583,7 @@ static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) + ovl_file_modified(file); +@@ -633,7 +634,7 @@ static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fadvise(real.file, offset, len, advice); @@ -270,7 +270,7 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c fdput(real); -@@ -641,7 +642,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, +@@ -692,7 +693,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, flags); break; } @@ -278,8 +278,8 @@ diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c + ovl_revert_creds(file_inode(file_out)->i_sb, old_cred); /* Update size */ - ovl_copyattr(inode_out); -@@ -703,7 +704,7 @@ static int ovl_flush(struct file *file, fl_owner_t id) + ovl_file_modified(file_out); +@@ -754,7 +755,7 @@ static int ovl_flush(struct file *file, fl_owner_t id) if (real.file->f_op->flush) { old_cred = ovl_override_creds(file_inode(file)->i_sb); err = real.file->f_op->flush(real.file, id); @@ -327,43 +327,7 @@ diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c return p; } -@@ -369,7 +369,7 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, - ovl_path_lower(dentry, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); - err = vfs_getxattr(mnt_idmap(realpath.mnt), realdentry, name, NULL, 0); -- revert_creds(old_cred); -+ ovl_revert_creds(dentry->d_sb, old_cred); - if (err < 0) - goto out_drop_write; - } -@@ -390,7 +390,7 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, - WARN_ON(flags != XATTR_REPLACE); - err = ovl_do_removexattr(ofs, realdentry, name); - } -- revert_creds(old_cred); -+ ovl_revert_creds(dentry->d_sb, old_cred); - - /* copy c/mtime */ - ovl_copyattr(inode); -@@ -411,7 +411,7 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name, - ovl_i_path_real(inode, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); - res = vfs_getxattr(mnt_idmap(realpath.mnt), realpath.dentry, name, value, size); -- revert_creds(old_cred); -+ ovl_revert_creds(dentry->d_sb, old_cred); - return res; - } - -@@ -439,7 +439,7 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) - - old_cred = ovl_override_creds(dentry->d_sb); - res = vfs_listxattr(realdentry, list, size); -- revert_creds(old_cred); -+ ovl_revert_creds(dentry->d_sb, old_cred); - if (res <= 0 || size == 0) - return res; - -@@ -594,7 +594,7 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idmap, +@@ -470,7 +470,7 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idmap, old_cred = ovl_override_creds(inode->i_sb); acl = ovl_get_acl_path(&realpath, posix_acl_xattr_name(type), noperm); @@ -372,7 +336,7 @@ diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c } return acl; -@@ -627,7 +627,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, +@@ -499,7 +499,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, old_cred = ovl_override_creds(dentry->d_sb); real_acl = vfs_get_acl(mnt_idmap(realpath.mnt), realdentry, acl_name); @@ -380,17 +344,17 @@ diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c + ovl_revert_creds(dentry->d_sb, old_cred); if (IS_ERR(real_acl)) { err = PTR_ERR(real_acl); - goto out_drop_write; -@@ -648,7 +648,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, + goto out; +@@ -524,7 +524,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, err = ovl_do_set_acl(ofs, realdentry, acl_name, acl); else err = ovl_do_remove_acl(ofs, realdentry, acl_name); - revert_creds(old_cred); + ovl_revert_creds(dentry->d_sb, old_cred); + ovl_drop_write(dentry); /* copy c/mtime */ - ovl_copyattr(inode); -@@ -726,7 +726,7 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, +@@ -601,7 +601,7 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, old_cred = ovl_override_creds(inode->i_sb); err = realinode->i_op->fiemap(realinode, fieinfo, start, len); @@ -399,16 +363,16 @@ diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c return err; } -@@ -797,7 +797,7 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, +@@ -672,7 +672,7 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, err = ovl_set_protattr(inode, upperpath.dentry, fa); if (!err) err = ovl_real_fileattr_set(&upperpath, fa); - revert_creds(old_cred); + ovl_revert_creds(inode->i_sb, old_cred); + ovl_drop_write(dentry); /* - * Merge real inode flags with inode flags read from -@@ -859,7 +859,7 @@ int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa) +@@ -734,7 +734,7 @@ int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa) old_cred = ovl_override_creds(inode->i_sb); err = ovl_real_fileattr_get(&realpath, fa); ovl_fileattr_prot_flags(inode, fa); @@ -420,7 +384,7 @@ diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c -@@ -966,7 +966,7 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) +@@ -986,7 +986,7 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) old_cred = ovl_override_creds(dentry->d_sb); err = ovl_lookup_data_layers(dentry, redirect, &datapath); @@ -429,7 +393,7 @@ diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c if (err) goto out_err; -@@ -1311,7 +1311,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, +@@ -1331,7 +1331,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); @@ -438,7 +402,7 @@ diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c if (origin_path) { dput(origin_path->dentry); kfree(origin_path); -@@ -1335,7 +1335,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, +@@ -1355,7 +1355,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, kfree(upperredirect); out: kfree(d.redirect); @@ -447,7 +411,7 @@ diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c return ERR_PTR(err); } -@@ -1388,7 +1388,7 @@ bool ovl_lower_positive(struct dentry *dentry) +@@ -1412,7 +1412,7 @@ bool ovl_lower_positive(struct dentry *dentry) dput(this); } } @@ -459,7 +423,7 @@ diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h -@@ -402,6 +402,7 @@ int ovl_want_write(struct dentry *dentry); +@@ -425,6 +425,7 @@ int ovl_want_write(struct dentry *dentry); void ovl_drop_write(struct dentry *dentry); struct dentry *ovl_workdir(struct dentry *dentry); const struct cred *ovl_override_creds(struct super_block *sb); @@ -490,10 +454,10 @@ diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c +MODULE_PARM_DESC(ovl_override_creds_def, + "Use mounter's credentials for accesses"); + - enum { + enum ovl_opt { Opt_lowerdir, - Opt_upperdir, -@@ -57,6 +62,7 @@ enum { + Opt_lowerdir_add, +@@ -59,6 +64,7 @@ enum ovl_opt { Opt_metacopy, Opt_verity, Opt_volatile, @@ -501,7 +465,7 @@ diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c }; static const struct constant_table ovl_parameter_bool[] = { -@@ -154,6 +160,7 @@ const struct fs_parameter_spec ovl_parameter_spec[] = { +@@ -159,6 +165,7 @@ const struct fs_parameter_spec ovl_parameter_spec[] = { fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), fsparam_enum("verity", Opt_verity, ovl_parameter_verity), fsparam_flag("volatile", Opt_volatile), @@ -509,7 +473,7 @@ diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c {} }; -@@ -601,6 +608,9 @@ static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) +@@ -619,6 +626,9 @@ static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) case Opt_userxattr: config->userxattr = true; break; @@ -522,7 +486,7 @@ diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c -@@ -286,7 +286,7 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data +@@ -290,7 +290,7 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data } inode_unlock(dir->d_inode); } @@ -531,7 +495,7 @@ diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c return err; } -@@ -794,7 +794,7 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) +@@ -807,7 +807,7 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) } err = 0; out: @@ -540,7 +504,7 @@ diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c return err; } -@@ -846,7 +846,7 @@ static struct file *ovl_dir_open_realfile(const struct file *file, +@@ -859,7 +859,7 @@ static struct file *ovl_dir_open_realfile(const struct file *file, old_cred = ovl_override_creds(file_inode(file)->i_sb); res = ovl_path_open(realpath, O_RDONLY | (file->f_flags & O_LARGEFILE)); @@ -549,7 +513,7 @@ diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c return res; } -@@ -973,7 +973,7 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list) +@@ -986,7 +986,7 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list) old_cred = ovl_override_creds(dentry->d_sb); err = ovl_dir_read_merged(dentry, list, &root); @@ -561,7 +525,7 @@ diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c -@@ -39,9 +39,18 @@ const struct cred *ovl_override_creds(struct super_block *sb) +@@ -65,9 +65,18 @@ const struct cred *ovl_override_creds(struct super_block *sb) { struct ovl_fs *ofs = OVL_FS(sb); @@ -580,16 +544,16 @@ diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c /* * Check if underlying fs supports file handles and try to determine encoding * type, in order to deduce maximum inode number used by fs. -@@ -1073,7 +1082,7 @@ int ovl_nlink_start(struct dentry *dentry) +@@ -1165,7 +1174,7 @@ int ovl_nlink_start(struct dentry *dentry) * value relative to the upper inode nlink in an upper inode xattr. */ err = ovl_set_nlink_upper(dentry); - revert_creds(old_cred); + ovl_revert_creds(dentry->d_sb, old_cred); - - out: if (err) -@@ -1091,7 +1100,7 @@ void ovl_nlink_end(struct dentry *dentry) + goto out_drop_write; + +@@ -1190,7 +1199,7 @@ void ovl_nlink_end(struct dentry *dentry) old_cred = ovl_override_creds(dentry->d_sb); ovl_cleanup_index(dentry); |