vfs: move cap_convert_nscap() call into vfs_setxattr()

cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns. This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Acked-by: James Morris <jamorris@linux.microsoft.com>
author: Miklos Szeredi <mszeredi@redhat.com> 2020-12-14 15:26:13 +0100
committer: Miklos Szeredi <mszeredi@redhat.com> 2020-12-14 15:26:13 +0100
commit: 7c03e2cda4a584cadc398e8f6641ca9988a39d52 (patch)
tree: fb00450cfbec40734c00495f1715fdf4d8b2d873 /security
parent: c11faf32599fee59f33896c8d59f9b3c17ca76fc (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 59bf3c1674c8..bacc1111d871 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -473,7 +473,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap)
  *
  * If all is ok, we return the new size, on error return < 0.
  */
-int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
+int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size)
 {
 	struct vfs_ns_cap_data *nscap;
 	uid_t nsrootid;
@@ -516,7 +516,6 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
 	nscap->magic_etc = cpu_to_le32(nsmagic);
 	memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
 
-	kvfree(*ivalue);
 	*ivalue = nscap;
 	return newsize;
 }
author	Miklos Szeredi <mszeredi@redhat.com>	2020-12-14 15:26:13 +0100
committer	Miklos Szeredi <mszeredi@redhat.com>	2020-12-14 15:26:13 +0100
commit	7c03e2cda4a584cadc398e8f6641ca9988a39d52 (patch)
tree	fb00450cfbec40734c00495f1715fdf4d8b2d873 /security
parent	c11faf32599fee59f33896c8d59f9b3c17ca76fc (diff)