A file can be opened with open(O_WRONLY | O_RDWR), so a FMORE_READ
will not be set, and overlayfs will consider another copy_up() on the same
file leading to a deadlock on mnt_want_write(). Fix it by masking
O_RDWR while opening the file in read-only mode.
Reported-by: syzbot+ae82084b07d0297e566b@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions")
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@xxxxxxxx>
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d9e7728027c6..2efa04e47ff0 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -422,7 +422,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
/* Open a new file instance in O_RDONLY if we cannot read */
if (!(file->f_mode & FMODE_READ)) {
int flags = file->f_flags & ~(O_WRONLY | O_APPEND |
- O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
+ O_RDWR | O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
flags |= O_RDONLY;
f = dentry_open(&file->f_path, flags, file->f_cred);
if (IS_ERR(f)) {
--
Goldwyn
