| From 0480334fa60488d12ae101a02d7d9e1a3d03d7dd Mon Sep 17 00:00:00 2001 |
| From: David Howells <dhowells@redhat.com> |
| Date: Fri, 18 Sep 2015 11:45:12 +0100 |
| Subject: ovl: use O_LARGEFILE in ovl_copy_up() |
| |
| From: David Howells <dhowells@redhat.com> |
| |
| commit 0480334fa60488d12ae101a02d7d9e1a3d03d7dd upstream. |
| |
| Open the lower file with O_LARGEFILE in ovl_copy_up(). |
| |
| Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for |
| catching 32-bit userspace dealing with a file large enough that it'll be |
| mishandled if the application isn't aware that there might be an integer |
| overflow. Inside the kernel, there shouldn't be any problems. |
| |
| Reported-by: Ulrich Obergfell <uobergfe@redhat.com> |
| Signed-off-by: David Howells <dhowells@redhat.com> |
| Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/overlayfs/copy_up.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/fs/overlayfs/copy_up.c |
| +++ b/fs/overlayfs/copy_up.c |
| @@ -81,11 +81,11 @@ static int ovl_copy_up_data(struct path |
| if (len == 0) |
| return 0; |
| |
| - old_file = ovl_path_open(old, O_RDONLY); |
| + old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); |
| if (IS_ERR(old_file)) |
| return PTR_ERR(old_file); |
| |
| - new_file = ovl_path_open(new, O_WRONLY); |
| + new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); |
| if (IS_ERR(new_file)) { |
| error = PTR_ERR(new_file); |
| goto out_fput; |