nilfs2: fix potential memory overrun on inode

[firefly-linux-kernel-4.4.55.git] / fs / inode.c

diff --git a/fs/inode.c b/fs/inode.c
index 00d5fc3b86e12419d2d350032b173009bddcd2cd..1b300a06b8be34d822eb6b75d9ff0a8535aa0d2c 100644 (file)
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1837,14 +1837,18 @@ EXPORT_SYMBOL(inode_init_owner);
  * inode_owner_or_capable - check current task permissions to inode
  * @inode: inode being checked
  *
- * Return true if current either has CAP_FOWNER to the inode, or
- * owns the file.
+ * Return true if current either has CAP_FOWNER in a namespace with the
+ * inode owner uid mapped, or owns the file.
  */
 bool inode_owner_or_capable(const struct inode *inode)
 {
+       struct user_namespace *ns;
+
        if (uid_eq(current_fsuid(), inode->i_uid))
                return true;
-       if (inode_capable(inode, CAP_FOWNER))
+
+       ns = current_user_ns();
+       if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid))
                return true;
        return false;
 }