From patchwork Mon Jan 30 22:06:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 721737
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3vC3Q974G7z9s1h;
	Tue, 31 Jan 2017 09:06:41 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=canonical-com.20150623.gappssmtp.com
	header.i=@canonical-com.20150623.gappssmtp.com
	header.b="g43jIu/u"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1cYK5v-0004o7-7e; Mon, 30 Jan 2017 22:06:39 +0000
Received: from mail-io0-f170.google.com ([209.85.223.170])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1cYK5p-0004nI-M0
	for kernel-team@lists.ubuntu.com; Mon, 30 Jan 2017 22:06:33 +0000
Received: by mail-io0-f170.google.com with SMTP id j13so118213570iod.3
	for <kernel-team@lists.ubuntu.com>;
	Mon, 30 Jan 2017 14:06:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=wszIZS9kFU+BFnSff6/W1zxA7Oy4CM30/SMVes944fk=;
	b=g43jIu/uPoKWVntFxmXJ+sMoYRyEkGxDaZx/l2tMl1x7WrYAC9fLdCbEtG399tfjPg
	uSkl2OxbbLXyvZ1UVS9BRXBmthQlJZ0eXHvik70RB3fuG3akpQJ26l+V7luDFNtOd8e6
	2XAoR//jpDPUB5xqh4yC1I+6DVg9S6yB8SDtH/LJZ9zuxJ+Kky5uMbBs9ed07aPBsF/s
	iPyyxfZA2E0Vx+LI7PF4UOY2twfz38NsZFeJcbZqwD+7tCisUu2mbJRM5UCUH7dovxax
	aGWVsMTyEMY1lnWNn+naI9GPIdptSwn8zwd67tCqL5laY0bhecs8NPfIAjzk3689UPjv
	Qm1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=wszIZS9kFU+BFnSff6/W1zxA7Oy4CM30/SMVes944fk=;
	b=pac1fn1NZL+FPHQkea0M4dfXekXHcpr8z99HYbDU5oF6ZI9P6e0vv7kzUsImyu9pa3
	bcjlGMRuUnW38KAMgGP17nZgox90gU3dfrmtKb6jX82DYm0eQDUWXN9cyf3qZxiwNg6Y
	IEKCYOvm2hxkG4zr/Q3fYh7xoN/wfA8uDFGHKQ+5N/VK91cyTAjnFznusVUi/IMU5eZb
	vd1bzoa6lXcBmcRlhTGbRHkeGh5pz9Al66qDIIHkOABawpelJNS6bRY+IwK9jRlGSMiz
	25T9XvYNkR/7cr//iuFyOd2BumZOJWtoacj4ljeP2niiDXTbhPpg0PiaMZnyG1v5gtXR
	3t3Q==
X-Gm-Message-State: 
 AIkVDXLJXoxUvNUguMjTBanJ+exznGsYlmqB3tIZCa/BeeHlK7llQ98HQ1WCdzxlE5y8zIhR
X-Received: by 10.107.59.69 with SMTP id i66mr17400937ioa.10.1485813992239;
	Mon, 30 Jan 2017 14:06:32 -0800 (PST)
Received: from localhost ([2605:a601:aa7:8220:d525:2d8c:d0b4:d509])
	by smtp.gmail.com with ESMTPSA id
	16sm7081427itu.17.2017.01.30.14.06.30
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 30 Jan 2017 14:06:31 -0800 (PST)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 2/2][Xenial SRU] ovl: ignore permissions on underlying
	lookup
Date: Mon, 30 Jan 2017 16:06:26 -0600
Message-Id: <1485813986-58913-3-git-send-email-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1485813986-58913-1-git-send-email-seth.forshee@canonical.com>
References: <1485813986-58913-1-git-send-email-seth.forshee@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: Miklos Szeredi <mszeredi@redhat.com>

BugLink: http://bugs.launchpad.net/bugs/1659417

Generally permission checking is not necessary when overlayfs looks up a
dentry on one of the underlying layers, since search permission on base
directory was already checked in ovl_permission().

More specifically using lookup_one_len() causes a problem when the lower
directory lacks search permission for a specific user while the upper
directory does have search permission.  Since lookups are cached, this
causes inconsistency in behavior: success depends on who did the first
lookup.

So instead use lookup_hash() which doesn't do the permission check.

Reported-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
(backported from commit 38b78a5f18584db6fa7441e0f4531b283b0e6725)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 fs/overlayfs/super.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 526a2e193afe..e409ffba4a65 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -475,9 +475,7 @@ static inline struct dentry *ovl_lookup_real(struct dentry *dir,
 {
 	struct dentry *dentry;
 
-	mutex_lock(&dir->d_inode->i_mutex);
-	dentry = lookup_one_len(name->name, dir, name->len);
-	mutex_unlock(&dir->d_inode->i_mutex);
+	dentry = lookup_hash(name, dir);
 
 	if (IS_ERR(dentry)) {
 		if (PTR_ERR(dentry) == -ENOENT)