Received: by 10.213.65.68 with SMTP id h4csp420725imn; Tue, 13 Mar 2018 08:31:24 -0700 (PDT) X-Google-Smtp-Source: AG47ELtTccLsm0etMrko5o663XDZDztudlbRlTVIia9aNhTVsRUxx4TW++VljtLSJvYMKxbzM4Zx X-Received: by 2002:a17:902:9a08:: with SMTP id v8-v6mr951196plp.252.1520955084824; Tue, 13 Mar 2018 08:31:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520955084; cv=none; d=google.com; s=arc-20160816; b=OSKHjSmdSFnb3ppMIwsZLYCbbtAJUC67k4naG9hMgRhOIHe1mSUyKsmojwSVNkVwgD KHgZ2TzpDbXwZTW0ww+D29RuydQlwdxNIggiFRqw8y6tRpvIKVT6c1f+Ylc4Ezd+DRiH /vtdpqeDQEV4h6jbgQgV2uKEJhPdXq9lir8D+2fTq9BQZHqLpRPH8MOelypaMnkCmPyl mgvUfbSD3gQajjSSxY7kuHiCp0ukdsKWHJpN0WO4pCPorlKqLZLaAwHP14Fy68f4QJgT N/QLz4NNO2HQWI9V4ZDTVRoM/06tKI31zIoNEDBd691/WNh12fGVzoyY5AmPF24mN6ku X3KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=0KASJQq3ughfwExoPbrLnwE76SElaDesH36gSt200SA=; b=rFoiUFqLcoa6KrLebf9lJHnz1N4XiH1WBXICTBMui5mbAKaZOqmqJ7bgg3ji1KmWfi o/bwcgYg4ttIOfUDVoNlVIBCVyMq9luZ2vr/n6Zrp3cUSnRkvwz2JigL14JpGmyeibp1 2IYj4puBaaL6504W8BZRN9ID0DKZVevZ66tu/9Egg41CmFlEvLIGTxSYO3U/bD20K8zL OAnwQAfF783q+5G3N4tiA+tYA84Wnrl+PWaWApYC0fH0qpLQLq8nt/ymDxrPpLO13tMt tKQK6ppn+V7hHviwLMLBlq/hmqScoBmTF8l/bNgERbQVpr1dAWthP1XLCo4EbQni57Ze Az0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10-v6si294334plm.188.2018.03.13.08.31.07; Tue, 13 Mar 2018 08:31:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932909AbeCMP3R (ORCPT + 99 others); Tue, 13 Mar 2018 11:29:17 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58308 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932268AbeCMP3Q (ORCPT ); Tue, 13 Mar 2018 11:29:16 -0400 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 90B80F27; Tue, 13 Mar 2018 15:29:15 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vivek Goyal , Miklos Szeredi Subject: [PATCH 4.15 039/146] ovl: redirect_dir=nofollow should not follow redirect for opaque lower Date: Tue, 13 Mar 2018 16:23:26 +0100 Message-Id: <20180313152323.579717003@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180313152320.439085687@linuxfoundation.org> References: <20180313152320.439085687@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Vivek Goyal commit d1fe96c0e4de78ba0cd336ea3df3b850d06b9b9a upstream. redirect_dir=nofollow should not follow a redirect. But in a specific configuration it can still follow it. For example try this. $ mkdir -p lower0 lower1/foo upper work merged $ touch lower1/foo/lower-file.txt $ setfattr -n "trusted.overlay.opaque" -v "y" lower1/foo $ mount -t overlay -o lowerdir=lower1:lower0,workdir=work,upperdir=upper,redirect_dir=on none merged $ cd merged $ mv foo foo-renamed $ umount merged # mount again. This time with redirect_dir=nofollow $ mount -t overlay -o lowerdir=lower1:lower0,workdir=work,upperdir=upper,redirect_dir=nofollow none merged $ ls merged/foo-renamed/ # This lists lower-file.txt, while it should not have. Basically, we are doing redirect check after we check for d.stop. And if this is not last lower, and we find an opaque lower, d.stop will be set. ovl_lookup_single() if (!d->last && ovl_is_opaquedir(this)) { d->stop = d->opaque = true; goto out; } To fix this, first check redirect is allowed. And after that check if d.stop has been set or not. Signed-off-by: Vivek Goyal Fixes: 438c84c2f0c7 ("ovl: don't follow redirects if redirect_dir=off") Cc: #v4.15 Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/overlayfs/namei.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -678,9 +678,6 @@ struct dentry *ovl_lookup(struct inode * stack[ctr].layer = lower.layer; ctr++; - if (d.stop) - break; - /* * Following redirects can have security consequences: it's like * a symlink into the lower layer without the permission checks. @@ -697,6 +694,9 @@ struct dentry *ovl_lookup(struct inode * goto out_put; } + if (d.stop) + break; + if (d.redirect && d.redirect[0] == '/' && poe != roe) { poe = roe;