This is a note to let you know that I've just added the patch titled ovl: remove privs in ovl_fallocate() to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ovl-remove-privs-in-ovl_fallocate.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 23a8ce16419a3066829ad4a8b7032a75817af65b Mon Sep 17 00:00:00 2001 From: Amir Goldstein <amir73il@xxxxxxxxx> Date: Mon, 17 Oct 2022 17:06:39 +0200 Subject: ovl: remove privs in ovl_fallocate() From: Amir Goldstein <amir73il@xxxxxxxxx> commit 23a8ce16419a3066829ad4a8b7032a75817af65b upstream. Underlying fs doesn't remove privs because fallocate is called with privileged mounter credentials. This fixes some failure in fstests generic/683..687. Fixes: aab8848cee5e ("ovl: add ovl_fallocate()") Acked-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> Signed-off-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/overlayfs/file.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -531,9 +531,16 @@ static long ovl_fallocate(struct file *f const struct cred *old_cred; int ret; + inode_lock(inode); + /* Update mode */ + ovl_copyattr(ovl_inode_real(inode), inode); + ret = file_remove_privs(file); + if (ret) + goto out_unlock; + ret = ovl_real_fdget(file, &real); if (ret) - return ret; + goto out_unlock; old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fallocate(real.file, mode, offset, len); @@ -544,6 +551,9 @@ static long ovl_fallocate(struct file *f fdput(real); +out_unlock: + inode_unlock(inode); + return ret; } Patches currently in stable-queue which might be from amir73il@xxxxxxxxx are queue-5.10/ovl-remove-privs-in-ovl_fallocate.patch queue-5.10/ovl-remove-privs-in-ovl_copyfile.patch