[PATCH 2/2] ovl: ignore permissions on underlying lookup

From: Miklos Szeredi
Date: Tue Mar 22 2016 - 09:21:57 EST

Next message: Peter Zijlstra: "Re: [PATCH 1/9] sched: add schedule_timeout_idle()"
Previous message: Steven Rostedt: "Re: [PATCH trace-cmd 2/2] trace-recorder: better error handling during copy"
In reply to: Miklos Szeredi: "[PATCH 1/2] vfs: export lookup_hash() to modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Generally permission checking is not necessary when overlayfs looks up a
dentry on one of the underlying layers, since search permission on base
directory was already checked in ovl_permission().

More specifically using lookup_one_len() causes a problem when the lower
directory lacks search permission for a specific user while the upper
directory does have search permission. Since lookups are cached, this
causes inconsistency in behavior: success depends on who did the first
lookup.

So instead use lookup_hash() which doesn't do the permission check.

Reported-by: Ignacy GawÄdzki <ignacy.gawedzki@xxxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
---
fs/overlayfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -379,7 +379,7 @@ static inline struct dentry *ovl_lookup_
struct dentry *dentry;

inode_lock(dir->d_inode);
- dentry = lookup_one_len(name->name, dir, name->len);
+ dentry = lookup_hash(name, dir, 0);
inode_unlock(dir->d_inode);

if (IS_ERR(dentry)) {

Next message: Peter Zijlstra: "Re: [PATCH 1/9] sched: add schedule_timeout_idle()"
Previous message: Steven Rostedt: "Re: [PATCH trace-cmd 2/2] trace-recorder: better error handling during copy"
In reply to: Miklos Szeredi: "[PATCH 1/2] vfs: export lookup_hash() to modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]