From patchwork Thu Aug 25 08:15:02 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eryu Guan <guaneryu@gmail.com>
X-Patchwork-Id: 9298911
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D2A1A608A7 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 25 Aug 2016 08:18:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C2CB429211
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 25 Aug 2016 08:18:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AAAAA29212; Thu, 25 Aug 2016 08:18:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4229B29212
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 25 Aug 2016 08:18:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757661AbcHYIQ5 (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Thu, 25 Aug 2016 04:16:57 -0400
Received: from mail-pa0-f67.google.com ([209.85.220.67]:35186 "EHLO
	mail-pa0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753631AbcHYIQe (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 25 Aug 2016 04:16:34 -0400
Received: by mail-pa0-f67.google.com with SMTP id cf3so2700077pad.2;
	Thu, 25 Aug 2016 01:15:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=TO6xPJEQ4CeAwYKwjz+XXxfRmmgR0DGYUlrlh2Xvzu0=;
	b=ar5WkswfCd/uXfPGNyMxhWgyuKaLr/5WLPUW8/nf0RzhaRHbNzjYQiKQjorsthM3IR
	xiOik/mOeTOVe5casczXFBo8qgk29U7OJ1WRTKcGw+aFV6uqN6xDXPz7gG3gucuyIWSr
	Q+MNuuY7ynHtL/O/9wk7W4qR2CJ/cUVEQG/L1XPVhrfdd/axaRY028F090n5iB9KlwLg
	nIJ9BEQuR8fGa4hrR4+6boBrxLra31nESzng5dCrtoEX/LlRERw5Q4FrL76SZ0wCB7FX
	0giF25R68dEC4EkjVLgcKWBB2/7/V/6O6lSW+BtAkdIOAp9H2iSIWYnywMIKckA6VKki
	SiRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=TO6xPJEQ4CeAwYKwjz+XXxfRmmgR0DGYUlrlh2Xvzu0=;
	b=btWEhbp9HBSE1n4SpwIpoZz8rhOf7xGgmtgJnKvEnN/l50MLl/tiE56HC/HSqj50Af
	B9QqdTLMpdNh1ALXT9wAdZRFJ+bN5erN/l0W66dPpcl8JUdDu84jbfPXYaEWDUeDFvXT
	Sk/MKOFKHJifn6Gm8E7J0MWqlmoPtMhRT+PCwwP+OWNm7Urla5GuzxWQ9nHUAvhEhN98
	22Yny/Rt7AB9QRqDQUsgLboZMBebvXiezfwJCEQ0lAhTaE8Q1UdbZgerBUvy+pVxhQg+
	xvAnyRmA5EGaifdtoQTb7KbN2fmV3A6VnRjTOH/zaGX8c+6fJkuGez5eleBDLYAOox7j
	Ju7A==
X-Gm-Message-State: 
 AE9vXwO69ZmmUj2SAkqtUU4CWiI1y3pLcXoZT0aqgQ1BHMbHFXxd1OuiXwNgnld5GNTXIw==
X-Received: by 10.66.66.233 with SMTP id i9mr13767247pat.45.1472112916397;
	Thu, 25 Aug 2016 01:15:16 -0700 (PDT)
Received: from localhost ([128.199.137.77]) by smtp.gmail.com with ESMTPSA id
	l191sm18816545pfc.91.2016.08.25.01.15.15
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 25 Aug 2016 01:15:15 -0700 (PDT)
From: Eryu Guan <guaneryu@gmail.com>
To: linux-unionfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, Eryu Guan <guaneryu@gmail.com>
Subject: [PATCH] ovl: fix sgid inhertance over whiteout
Date: Thu, 25 Aug 2016 16:15:02 +0800
Message-Id: <1472112902-11767-1-git-send-email-guaneryu@gmail.com>
X-Mailer: git-send-email 2.7.4
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In commit bb0d2b8ad296 ("ovl: fix sgid on directory"), mode of newly
created files & dirs over whiteout was updated to pickup sgid bit. But
it used stat->mode directly, which could not be the correct mode,
because stat->mode could be tailored against umask.

This can be demonstrated by the following script:

umask 022
mkdir -p lower/dir upper work mnt
chown test:test lower/dir
chmod 2775 lower/dir
touch lower/dir/testdir
touch lower/dir/testfile

mount -t overlay -olowerdir=lower,upperdir=upper,workdir=work none mnt
rm -f mnt/dir/testdir
mkdir mnt/dir/testdir
rm -f mnt/dir/testfile
touch mnt/dir/testfile
touch mnt/dir/newfile
ls -l mnt/dir

-rw-r--r--. 1 root test 0 Aug 25 15:45 newfile
drwxrwsrwx. 2 root test 6 Aug 25 15:45 testdir
-rw-rw-rw-. 1 root test 0 Aug 25 15:45 testfile

testdir and testfile are created over whiteout, the modes contain write
permission for group and other, but they shouldn't, like 'newfile'.

Fix it by resetting mode against upperdir inode using
inode_init_owner().

Fixes: bb0d2b8ad296 ("ovl: fix sgid on directory")
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
---

A new fstests test case followed to fstests list.

 fs/overlayfs/dir.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 12bcd07..9a5e716 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -370,17 +370,19 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
 		goto out_dput2;
 
 	/*
-	 * mode could have been mutilated due to umask (e.g. sgid directory)
+	 * mode could lose sgid bit if upperdir has it set, because workdir has
+	 * no sgid. Reset mode against upperdir.
 	 */
-	if (!hardlink &&
-	    !S_ISLNK(stat->mode) && newdentry->d_inode->i_mode != stat->mode) {
+	if (!hardlink && !S_ISLNK(stat->mode)) {
+		struct inode *newinode = newdentry->d_inode;
 		struct iattr attr = {
 			.ia_valid = ATTR_MODE,
-			.ia_mode = stat->mode,
 		};
-		inode_lock(newdentry->d_inode);
+		inode_init_owner(newinode, udir, newinode->i_mode);
+		attr.ia_mode = newinode->i_mode;
+		inode_lock(newinode);
 		err = notify_change(newdentry, &attr, NULL);
-		inode_unlock(newdentry->d_inode);
+		inode_unlock(newinode);
 		if (err)
 			goto out_cleanup;
 	}