ovl: dilute permission checks on lower only if not special file

Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from
mask as lower/ will never be written and file will be copied up. But this
is not true for special files. These files are not copied up and are opened
in place. So don't dilute the checks for these types of files.

Reported-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Orabug: 26401569

(backport upstream commit e29841a0ab3d03e77313abd8fb4c16e80fb26e29)

Signed-off-by: Shan Hai <shan.hai@oracle.com>
Reviewed-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 8fe071b9ee7e4bfe3e391fb8e06e587b4b1398e7..80613f03db51e8dad5cb586b806e358471446eec 100644 (file)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -121,7 +121,7 @@ int ovl_permission(struct inode *inode, int mask)
                return err;
 
        old_cred = ovl_override_creds(inode->i_sb);
-       if (!is_upper)
+       if (!is_upper && !special_file(realinode->i_mode))
                mask &= ~(MAY_WRITE | MAY_APPEND);
        err = inode_permission(realinode, mask);
        revert_creds(old_cred);