On Mon, 2018-11-26 at 10:38 -0600, Goldwyn Rodrigues wrote:
> A file can be opened with open(O_WRONLY | O_RDWR), so a FMORE_READ
> will not be set, and overlayfs will consider another copy_up() on the same
> file leading to a deadlock on mnt_want_write(). Fix it by masking
> O_RDWR while opening the file in read-only mode.
Shouldn't the open itself fail if both O_WRONLY and O_RDWR are
specified?
Mimi
>
>
> Reported-by: syzbot+ae82084b07d0297e566b@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions")
> Signed-off-by: Goldwyn Rodrigues <rgoldwyn@xxxxxxxx>
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index d9e7728027c6..2efa04e47ff0 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -422,7 +422,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
> /* Open a new file instance in O_RDONLY if we cannot read */
> if (!(file->f_mode & FMODE_READ)) {
> int flags = file->f_flags & ~(O_WRONLY | O_APPEND |
> - O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
> + O_RDWR | O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
> flags |= O_RDONLY;
> f = dentry_open(&file->f_path, flags, file->f_cred);
> if (IS_ERR(f)) {
>
