This is a note to let you know that I've just added the patch titled ovl: perform vfs_getxattr() with mounter creds to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ovl-perform-vfs_getxattr-with-mounter-creds.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit cedc5ac80e87fe4d49da40dd0c6b42bb2f65cf88 Author: Miklos Szeredi <mszeredi@xxxxxxxxxx> Date: Thu Jan 28 10:22:48 2021 +0100 ovl: perform vfs_getxattr() with mounter creds [ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ] The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr exist on a lower layer file that is to be removed. If the xattr does not exist, then no need to copy up the file. This call of vfs_getxattr() wasn't wrapped in credential override, and this is probably okay. But for consitency wrap this instance as well. Reported-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index b584dca845baa..4fadafd8bdc12 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -346,7 +346,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, goto out; if (!value && !upperdentry) { + old_cred = ovl_override_creds(dentry->d_sb); err = vfs_getxattr(realdentry, name, NULL, 0); + revert_creds(old_cred); if (err < 0) goto out_drop_write; }