@@ -334,7 +334,6 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
struct dentry *upperdir;
struct dentry *upperdentry;
const struct cred *old_cred;
- struct cred *override_cred;
char *link = NULL;
if (WARN_ON(!workdir))
@@ -361,11 +360,7 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
return PTR_ERR(link);
}
- err = -ENOMEM;
- override_cred = ovl_prepare_creds(dentry->d_sb);
- if (!override_cred)
- goto out_free_link;
- old_cred = override_creds(override_cred);
+ old_cred = ovl_override_creds(dentry->d_sb);
err = -EIO;
if (lock_rename(workdir, upperdir) != NULL) {
@@ -388,9 +383,7 @@ int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
out_unlock:
unlock_rename(workdir, upperdir);
revert_creds(old_cred);
- put_cred(override_cred);
-out_free_link:
if (link)
free_page((unsigned long) link);
@@ -448,20 +448,10 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
if (!ovl_dentry_is_opaque(dentry)) {
err = ovl_create_upper(dentry, inode, &stat, link, hardlink);
} else {
- const struct cred *old_cred;
- struct cred *override_cred;
-
- err = -ENOMEM;
- override_cred = ovl_prepare_creds(dentry->d_sb);
- if (!override_cred)
- goto out_iput;
- old_cred = override_creds(override_cred);
-
+ const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
err = ovl_create_over_whiteout(dentry, inode, &stat, link,
hardlink);
-
revert_creds(old_cred);
- put_cred(override_cred);
}
if (!err)
@@ -691,19 +681,9 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir)
if (OVL_TYPE_PURE_UPPER(type)) {
err = ovl_remove_upper(dentry, is_dir);
} else {
- const struct cred *old_cred;
- struct cred *override_cred;
-
- err = -ENOMEM;
- override_cred = ovl_prepare_creds(dentry->d_sb);
- if (!override_cred)
- goto out_drop_write;
- old_cred = override_creds(override_cred);
-
+ const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
err = ovl_remove_and_whiteout(dentry, is_dir);
-
revert_creds(old_cred);
- put_cred(override_cred);
}
out_drop_write:
ovl_drop_write(dentry);
@@ -787,7 +767,6 @@ static int ovl_rename2(struct inode *olddir, struct dentry *old,
bool new_is_dir = false;
struct dentry *opaquedir = NULL;
const struct cred *old_cred = NULL;
- struct cred *override_cred = NULL;
err = -EINVAL;
if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
@@ -856,13 +835,8 @@ static int ovl_rename2(struct inode *olddir, struct dentry *old,
old_opaque = !OVL_TYPE_PURE_UPPER(old_type);
new_opaque = !OVL_TYPE_PURE_UPPER(new_type);
- if (old_opaque || new_opaque) {
- err = -ENOMEM;
- override_cred = ovl_prepare_creds(old->d_sb);
- if (!override_cred)
- goto out_drop_write;
- old_cred = override_creds(override_cred);
- }
+ if (old_opaque || new_opaque)
+ old_cred = ovl_override_creds(old->d_sb);
if (overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir) {
opaquedir = ovl_check_empty_and_clear(new);
@@ -996,10 +970,8 @@ out_unlock:
if (!err && ovl_config_legacy(old) && flags & RENAME_WHITEOUT)
ovl_downgrade_whiteout(old_upperdir, old);
out_revert_creds:
- if (old_opaque || new_opaque) {
+ if (old_opaque || new_opaque)
revert_creds(old_cred);
- put_cred(override_cred);
- }
out_drop_write:
ovl_drop_write(old);
out:
@@ -163,7 +163,7 @@ static inline int ovl_do_whiteout(struct inode *dir, struct dentry *dentry,
return ovl_do_whiteout_v2(dir, dentry);
}
-struct cred *ovl_prepare_creds(struct super_block *sb);
+const struct cred *ovl_override_creds(struct super_block *sb);
enum ovl_path_type ovl_path_type(struct dentry *dentry);
u64 ovl_dentry_version_get(struct dentry *dentry);
void ovl_dentry_version_inc(struct dentry *dentry);
@@ -208,12 +208,8 @@ static int ovl_check_whiteouts(struct dentry *dir, struct ovl_readdir_data *rdd)
struct ovl_cache_entry *p;
struct dentry *dentry;
const struct cred *old_cred;
- struct cred *override_cred;
- override_cred = ovl_prepare_creds(rdd->dentry->d_sb);
- if (!override_cred)
- return -ENOMEM;
- old_cred = override_creds(override_cred);
+ old_cred = ovl_override_creds(rdd->dentry->d_sb);
err = mutex_lock_killable(&dir->d_inode->i_mutex);
if (!err) {
@@ -229,7 +225,6 @@ static int ovl_check_whiteouts(struct dentry *dir, struct ovl_readdir_data *rdd)
mutex_unlock(&dir->d_inode->i_mutex);
}
revert_creds(old_cred);
- put_cred(override_cred);
return err;
}
@@ -65,25 +65,11 @@ struct ovl_entry {
#define OVL_MAX_STACK 500
-/*
- * Returns a set of credentials suitable for overlayfs internal
- * operations which require elevated capabilities, equivalent to those
- * of the user which mounted the superblock. Caller must put the
- * returned credentials.
- */
-struct cred *ovl_prepare_creds(struct super_block *sb)
+const struct cred *ovl_override_creds(struct super_block *sb)
{
struct ovl_fs *ofs = sb->s_fs_info;
- struct cred *new_cred;
-
- if (sb->s_magic != OVERLAYFS_SUPER_MAGIC)
- return NULL;
-
- new_cred = clone_cred(ofs->mounter_creds);
- if (!new_cred)
- return NULL;
- return new_cred;
+ return override_creds(ofs->mounter_creds);
}
static struct dentry *__ovl_dentry_lower(struct ovl_entry *oe)
BugLink: http://bugs.launchpad.net/bugs/1659417 There is no longer any need to raise additional capabilities in the mounter's credentials, so we can do away with the extra complexity of cloning the credentials and associated error handling. Replace that with the same interface which was later adopted upstream, ovl_override_creds(). Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- fs/overlayfs/copy_up.c | 9 +-------- fs/overlayfs/dir.c | 38 +++++--------------------------------- fs/overlayfs/overlayfs.h | 2 +- fs/overlayfs/readdir.c | 7 +------ fs/overlayfs/super.c | 18 ++---------------- 5 files changed, 10 insertions(+), 64 deletions(-)