Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in ovl_do_(s…

…et|remove)xattr" This reverts commit 520b471. This is needed in order to revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs". CVE-2023-2640 CVE-2023-32629 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com> Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
mariux64 · Jul 7, 2023 · 5fb536e · 5fb536e
1 parent 654f4c1
commit 5fb536e
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
@@ -255,7 +255,7 @@ static inline int ovl_do_setxattr(struct ovl_fs *ofs, struct dentry *dentry,
 	int err;
 
 	inode_lock(inode);
-	err = __vfs_setxattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name, value, size, flags);
+	err = __vfs_setxattr_noperm(&init_user_ns, dentry, name, value, size, flags);
 	inode_unlock(inode);
 
 	pr_debug("setxattr(%pd2, \"%s\", \"%*pE\", %zu, %d) = %i\n",
@@ -277,7 +277,7 @@ static inline int ovl_do_removexattr(struct ovl_fs *ofs, struct dentry *dentry,
 	int err;
 
 	inode_lock(inode);
-	err = __vfs_removexattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name);
+	err = __vfs_removexattr_noperm(&init_user_ns, dentry, name);
 	inode_unlock(inode);
 
 	pr_debug("removexattr(%pd2, \"%s\") = %i\n", dentry, name, err);