www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Mon, 6 Jun 2016 14:21:37 +0000 (16:21 +0200)
committer	Shan Hai <shan.hai@oracle.com>
	Fri, 4 Aug 2017 05:53:09 +0000 (13:53 +0800)
commit	c99f00ee885562bb4f269263a320703c8d4a55fa
tree	e4d2f317c4085e0ea90117225906d556150d776f	tree
parent	27e68e0d0f3e0ae42d719273e62bd2d0b38132da	commit \| diff

ovl: xattr filter fix

a) ovl_need_xattr_filter() is wrong, we can have multiple lower layers
overlaid, all of which (except the lowest one) honouring the
"trusted.overlay.opaque" xattr. So need to filter everything except the
bottom and the pure-upper layer.

b) we no longer can assume that inode is attached to dentry in
get/setxattr.

This patch unconditionally filters private xattrs to fix both of the above.
Performance impact for get/removexattrs is likely in the noise.

For listxattrs it might be measurable in pathological cases, but I very
much hope nobody cares. If they do, we'll fix it then.

Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: b96809173e94 ("security_d_instantiate(): move to the point prior to attaching dentry to inode")
Orabug: 26401569

(backport upstream commit b581755b1c565391c72d03b157ba2dd0b18e9d15)

Signed-off-by: Shan Hai <shan.hai@oracle.com>
Reviewed-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>