From: Miklos Szeredi <mszeredi@redhat.com>
Date: Tue, 2 Jun 2020 20:20:26 +0000 (+0200)
Subject: ovl: call secutiry hook in ovl_real_ioctl()
X-Git-Tag: v5.15~3633^2~9
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=292f902a40c11f043a5ca1305a114da0e523eaa3;p=platform%2Fkernel%2Flinux-starfive.git

ovl: call secutiry hook in ovl_real_ioctl()

Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do
it.

[Stephen Rothwell] export security_file_ioctl

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index 87c362f..1860e22 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -10,6 +10,7 @@
 #include <linux/uio.h>
 #include <linux/uaccess.h>
 #include <linux/splice.h>
+#include <linux/security.h>
 #include <linux/mm.h>
 #include <linux/fs.h>
 #include "overlayfs.h"
@@ -520,7 +521,9 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
 		return ret;
 
 	old_cred = ovl_override_creds(file_inode(file)->i_sb);
-	ret = vfs_ioctl(real.file, cmd, arg);
+	ret = security_file_ioctl(real.file, cmd, arg);
+	if (!ret)
+		ret = vfs_ioctl(real.file, cmd, arg);
 	revert_creds(old_cred);
 
 	fdput(real);
diff --git a/security/security.c b/security/security.c
index 7fed24b..a674141 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1459,6 +1459,7 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	return call_int_hook(file_ioctl, 0, file, cmd, arg);
 }
+EXPORT_SYMBOL_GPL(security_file_ioctl);
 
 static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
 {