From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Amir Goldstein <amir73il@gmail.com>,
Miklos Szeredi <mszeredi@redhat.com>
Subject: [PATCH 4.19 15/44] ovl: fix decode of dir file handle with multi lower layers
Date: Tue, 18 Dec 2018 17:39:27 +0100 [thread overview]
Message-ID: <20181218163929.344397789@linuxfoundation.org> (raw)
In-Reply-To: <20181218163927.119623235@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amir Goldstein <amir73il@gmail.com>
commit 155b8a0492a90a4c6e22f046a3568b92a6bc48da upstream.
When decoding a lower file handle, we first call ovl_check_origin_fh()
with connected=false to get any real lower dentry for overlay inode
cache lookup.
If the real dentry is a disconnected dir dentry, ovl_check_origin_fh()
is called again with connected=true to get a connected real dentry
and find the lower layer the real dentry belongs to.
If the first call returned a connected real dentry, we use it to
lookup an overlay connected dentry, but the first ovl_check_origin_fh()
call with connected=false did not check that the found dentry is under
the root of the layer (see ovl_acceptable()), it only checked that
the found dentry super block matches the uuid of the lower file handle.
In case there are multiple lower layers on the same fs and the found
dentry is not from the top most lower layer, using the layer index
returned from the first ovl_check_origin_fh() is wrong and we end
up failing to decode the file handle.
Fix this by always calling ovl_check_origin_fh() with connected=true
if we got a directory dentry in the first call.
Fixes: 8b58924ad55c ("ovl: lookup in inode cache first when decoding...")
Cc: <stable@vger.kernel.org> # v4.17
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/export.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -754,9 +754,8 @@ static struct dentry *ovl_lower_fh_to_d(
goto out;
}
- /* Otherwise, get a connected non-upper dir or disconnected non-dir */
- if (d_is_dir(origin.dentry) &&
- (origin.dentry->d_flags & DCACHE_DISCONNECTED)) {
+ /* Find origin.dentry again with ovl_acceptable() layer check */
+ if (d_is_dir(origin.dentry)) {
dput(origin.dentry);
origin.dentry = NULL;
err = ovl_check_origin_fh(ofs, fh, true, NULL, &stack);
@@ -769,6 +768,7 @@ static struct dentry *ovl_lower_fh_to_d(
goto out_err;
}
+ /* Get a connected non-upper dir or disconnected non-dir */
dentry = ovl_get_dentry(sb, NULL, &origin, index);
out:
next prev parent reply other threads:[~2018-12-18 16:42 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-18 16:39 [PATCH 4.19 00/44] 4.19.11-stable review Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 01/44] sched/pelt: Fix warning and clean up IRQ PELT config Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 02/44] scsi: raid_attrs: fix unused variable warning Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 03/44] staging: olpc_dcon: add a missing dependency Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 04/44] slimbus: ngd: mark PM functions as __maybe_unused Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 05/44] i2c: aspeed: fix build warning Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 06/44] ARM: dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 07/44] drm/msm: fix address space warning Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 08/44] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 09/44] aio: fix spectre gadget in lookup_ioctx Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 10/44] scripts/spdxcheck.py: always open files in binary mode Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 11/44] fs/iomap.c: get/put the page in iomap_page_create/release() Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 12/44] userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 13/44] arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 14/44] block/bio: Do not zero user pages Greg Kroah-Hartman
2018-12-18 16:39 ` Greg Kroah-Hartman [this message]
2018-12-18 16:39 ` [PATCH 4.19 16/44] ovl: fix missing override creds in link of a metacopy upper Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 17/44] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 18/44] mmc: core: use mrq->sbc when sending CMD23 for RPMB Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 19/44] mmc: sdhci-omap: Fix DCRC error handling during tuning Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 20/44] mmc: sdhci: fix the timeout check window for clock and reset Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 21/44] fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 22/44] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 23/44] ARM: dts: bcm2837: Fix polarity of wifi reset GPIOs Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 24/44] dm thin: send event about thin-pool state change _after_ making it Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 25/44] dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 26/44] dm: call blk_queue_split() to impose device limits on bios Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 27/44] tracing: Fix memory leak in create_filter() Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 28/44] tracing: Fix memory leak in set_trigger_filter() Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 29/44] tracing: Fix memory leak of instance function hash filters Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 30/44] media: vb2: dont call __vb2_queue_cancel if vb2_start_streaming failed Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 31/44] powerpc/msi: Fix NULL pointer access in teardown code Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 32/44] powerpc: Look for "stdout-path" when setting up legacy consoles Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 33/44] drm/nouveau/kms: Fix memory leak in nv50_mstm_del() Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 34/44] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 35/44] Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 36/44] drm/i915/gvt: Fix tiled memory decoding bug on BDW Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 37/44] drm/i915/execlists: Apply a full mb before execution for Braswell Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 38/44] drm/amdgpu/powerplay: Apply avfs cks-off voltages on VI Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 39/44] drm/amdkfd: add new vega10 pci ids Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 40/44] drm/amdgpu: add some additional " Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 41/44] drm/amdgpu: update smu firmware images for VI variants (v2) Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 42/44] drm/amdgpu: update SMC firmware image for polaris10 variants Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 43/44] dm zoned: Fix target BIO completion handling Greg Kroah-Hartman
2018-12-18 16:39 ` [PATCH 4.19 44/44] x86/build: Fix compiler support check for CONFIG_RETPOLINE Greg Kroah-Hartman
2018-12-18 20:26 ` [PATCH 4.19 00/44] 4.19.11-stable review shuah
2018-12-19 13:19 ` Greg Kroah-Hartman
2018-12-18 21:10 ` Dan Rue
2018-12-19 13:19 ` Greg Kroah-Hartman
2018-12-19 15:01 ` Harsh Shandilya
2018-12-19 15:14 ` Greg Kroah-Hartman
2018-12-19 17:23 ` Guenter Roeck
2018-12-19 18:37 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181218163929.344397789@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=amir73il@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).