mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/overlayfs
History
Linus Torvalds 716f4aaa7b vfs-6.8-rc5.fixes 
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZcoMdAAKCRCRxhvAZXjc
 ogy4AQDVp4huR6BBnRMhOCZbIsmkuHmq6ynpIZNTTAM0DdMn5AEAlJ03aEIaG9WS
 RQMdaYajeVpZfR/vIUg8UdVkHQxOEgw=
 =akNF
 -----END PGP SIGNATURE-----

Merge tag 'vfs-6.8-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull vfs fixes from Christian Brauner:

 - Fix performance regression introduced by moving the security
   permission hook out of do_clone_file_range() and into its caller
   vfs_clone_file_range().

   This causes the security hook to be called in situation were it
   wasn't called before as the fast permission checks were left in
   do_clone_file_range().

   Fix this by merging the two implementations back together and
   restoring the old ordering: fast permission checks first, expensive
   ones later.

 - Tweak mount_setattr() permission checking so that mount properties on
   the real rootfs can be changed.

   When we added mount_setattr() we added additional checks compared to
   legacy mount(2). If the mount had a parent then verify that the
   caller and the mount namespace the mount is attached to match and if
   not make sure that it's an anonymous mount.

   But the real rootfs falls into neither category. It is neither an
   anoymous mount because it is obviously attached to the initial mount
   namespace but it also obviously doesn't have a parent mount. So that
   means legacy mount(2) allows changing mount properties on the real
   rootfs but mount_setattr(2) blocks this. This causes regressions (See
   the commit for details).

   Fix this by relaxing the check. If the mount has a parent or if it
   isn't a detached mount, verify that the mount namespaces of the
   caller and the mount are the same. Technically, we could probably
   write this even simpler and check that the mount namespaces match if
   it isn't a detached mount. But the slightly longer check makes it
   clearer what conditions one needs to think about.

* tag 'vfs-6.8-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  fs: relax mount_setattr() permission checks
  remap_range: merge do_clone_file_range() into vfs_clone_file_range()
 		2024-02-12 07:15:45 -08:00
..
Kconfig fs: prepare for stackable filesystems backing file helpers 2023-12-23 16:35:08 +02:00
Makefile ovl: Move xattr support to new xattrs.c file 2023-10-31 00:12:59 +02:00
copy_up.c remap_range: merge do_clone_file_range() into vfs_clone_file_range() 2024-02-06 17:07:21 +01:00
dir.c rename(): avoid a deadlock in the case of parents having no common ancestor 2023-11-25 02:54:14 -05:00
export.c dcache stuff for this cycle 2024-01-11 20:11:35 -08:00
file.c fs: factor out backing_file_mmap() helper 2023-12-23 16:35:09 +02:00
inode.c fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-11-18 14:54:07 +01:00
namei.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
overlayfs.h ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
ovl_entry.h ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
params.c ovl: remove redundant ofs->indexdir member 2023-11-20 09:49:09 +02:00
params.h ovl: store and show the user provided lowerdir mount option 2023-10-31 00:13:02 +02:00
readdir.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
super.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
util.c ovl: mark xwhiteouts directory with overlay.opaque='x' 2024-01-23 12:39:48 +02:00
xattrs.c ovl: Support escaped overlay.* xattrs 2023-10-31 00:12:59 +02:00