summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2025-11-17 10:33:53 +0100
committerChristian Brauner <brauner@kernel.org>2025-11-19 21:58:22 +0100
commitb1c47b3abcc6bf81cfc3b4e01faadc23ff261ba2 (patch)
tree87542ca4a747118f2ac2e29a386eb2e9aa171102
parent4975e683c2786c698827aaef18c999a3398bfe6a (diff)
ovl: port ovl_maybe_validate_verity() to cred guard
Use the scoped ovl cred guard. Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-22-b31603935724@kernel.org Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat
-rw-r--r--fs/overlayfs/namei.c9
1 files changed, 2 insertions, 7 deletions
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index e93bcc5727bc..dbacf02423cb 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -979,15 +979,10 @@ static int ovl_maybe_validate_verity(struct dentry *dentry)
return err;
if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) {
- const struct cred *old_cred;
-
- old_cred = ovl_override_creds(dentry->d_sb);
-
- err = ovl_validate_verity(ofs, &metapath, &datapath);
+ with_ovl_creds(dentry->d_sb)
+ err = ovl_validate_verity(ofs, &metapath, &datapath);
if (err == 0)
ovl_set_flag(OVL_VERIFIED_DIGEST, inode);
-
- ovl_revert_creds(old_cred);
}
ovl_inode_unlock(inode);
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-09 11:32:19 +0000