Commit 7ca1d7fc authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Cheng Jian
Browse files

ovl: check permission to open real file 



mainline inclusion
from mainline-v5.8-rc1
commit 05acefb4
category: bugfix
bugzilla: NA
CVE: CVE-2020-16120

--------------------------------

Call inode_permission() on real inode before opening regular file on one of
the underlying layers.

In some cases ovl_permission() already checks access to an underlying file,
but it misses the metacopy case, and possibly other ones as well.

Removing the redundant permission check from ovl_permission() should be
considered later.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
Conflicts:
  fs/overlayfs/file.c
[yyl: adjust context]
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarCheng Jian <cj.chengjian@huawei.com>
parent 50530970
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment