ovl: call secutiry hook in ovl_real_ioctl()

mainline inclusion
from mainline-v5.8-rc1
commit 292f902a
category: bugfix
bugzilla: NA
CVE: CVE-2020-16120

--------------------------------

Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do
it.

[Stephen Rothwell] export security_file_ioctl
Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
Conflicts:
  fs/overlayfs/file.c
[yyl: adjust context]
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NCheng Jian <cj.chengjian@huawei.com>

fs/overlayfs/file.c

@@ -12,6 +12,7 @@
 #include <linux/xattr.h>
 #include <linux/uio.h>
 #include <linux/uaccess.h>
+#include <linux/security.h>
 #include "overlayfs.h"
 
 static char ovl_whatisit(struct inode *inode, struct inode *realinode)
@@ -403,6 +404,8 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
 		return ret;
 
 	old_cred = ovl_override_creds(file_inode(file)->i_sb);
+	ret = security_file_ioctl(real.file, cmd, arg);
+	if (!ret)
 		ret = vfs_ioctl(real.file, cmd, arg);
 	revert_creds(old_cred);
 

security/security.c

@@ -877,6 +877,7 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	return call_int_hook(file_ioctl, 0, file, cmd, arg);
 }
+EXPORT_SYMBOL_GPL(security_file_ioctl);
 
 static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
 {