nilfs2: fix potential memory overrun on inode

[firefly-linux-kernel-4.4.55.git] / fs / inode.c

diff --git a/fs/inode.c b/fs/inode.c
index a898b3d43ccf3990986d51be3305bdc3e6d665ef..1b300a06b8be34d822eb6b75d9ff0a8535aa0d2c 100644 (file)
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1803,7 +1803,7 @@ void init_special_inode(struct inode *inode, umode_t mode, dev_t rdev)
                inode->i_fop = &def_blk_fops;
                inode->i_rdev = rdev;
        } else if (S_ISFIFO(mode))
-               inode->i_fop = &def_fifo_fops;
+               inode->i_fop = &pipefifo_fops;
        else if (S_ISSOCK(mode))
                inode->i_fop = &bad_sock_fops;
        else
@@ -1837,14 +1837,18 @@ EXPORT_SYMBOL(inode_init_owner);
  * inode_owner_or_capable - check current task permissions to inode
  * @inode: inode being checked
  *
- * Return true if current either has CAP_FOWNER to the inode, or
- * owns the file.
+ * Return true if current either has CAP_FOWNER in a namespace with the
+ * inode owner uid mapped, or owns the file.
  */
 bool inode_owner_or_capable(const struct inode *inode)
 {
+       struct user_namespace *ns;
+
        if (uid_eq(current_fsuid(), inode->i_uid))
                return true;
-       if (inode_capable(inode, CAP_FOWNER))
+
+       ns = current_user_ns();
+       if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid))
                return true;
        return false;
 }