ovl: remove privs in ovl_copyfile()

[ Upstream commit b306e90ffabdaa7e3b3350dbcd19b7663e71ab17 ]

Underlying fs doesn't remove privs because copy_range/remap_range are
called with privileged mounter credentials.

This fixes some failures in fstest generic/673.

Fixes: 8ede205541ff ("ovl: add reflink/copyfile/dedup support")
Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index a1a22f5..755a11c 100644 (file)
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -567,14 +567,23 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
        const struct cred *old_cred;
        loff_t ret;
 
+       inode_lock(inode_out);
+       if (op != OVL_DEDUPE) {
+               /* Update mode */
+               ovl_copyattr(inode_out);
+               ret = file_remove_privs(file_out);
+               if (ret)
+                       goto out_unlock;
+       }
+
        ret = ovl_real_fdget(file_out, &real_out);
        if (ret)
-               return ret;
+               goto out_unlock;
 
        ret = ovl_real_fdget(file_in, &real_in);
        if (ret) {
                fdput(real_out);
-               return ret;
+               goto out_unlock;
        }
 
        old_cred = ovl_override_creds(file_inode(file_out)->i_sb);
@@ -603,6 +612,9 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
        fdput(real_in);
        fdput(real_out);
 
+out_unlock:
+       inode_unlock(inode_out);
+
        return ret;
 }