Received: by 10.192.165.156 with SMTP id m28csp226053imm; Tue, 17 Apr 2018 09:07:29 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/dfZAtkjkIr9hKC9UkcRyKIlEDl2VqPpnHBIVAqkErAP7P7+EBZq/KowwkZPwR07LAO0w9 X-Received: by 10.99.154.82 with SMTP id e18mr2263871pgo.365.1523981249721; Tue, 17 Apr 2018 09:07:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523981249; cv=none; d=google.com; s=arc-20160816; b=MNrsKzu7IJIMp9EP5HgOOaQQf+nwdszGSY4AdPeduaP1i94VxdJx0G097acLU5XJAS yEBgwkaeCH1BKzZpGo+WGrFSdqhMFb4WK3bXkT6A0iRG+zv80/fcMc1q0i1bPfI4NUWC FxpfWfIMZCHDF3yKBbEDwFzbf/p8w0e/vkTbU+7KWnuxkWvNdbs+kOmwiFqwYFfhON15 sPmhkyjjTl0ood5poait76PR+8TJUmxPnj3Ybv3r0d3g99PDfVX9jjsN+OnmuDn1RLBB xgiImdfLLaqsPtxUQLoTy7vna3QDlTi5gsbsbrjSi68ZfttTrDWTsRe3gsp3HOcq+TgA A7Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=TTKR7rGp3S/d5WDcSSG7rVQzU/sSEE+M16za5+v4rMU=; b=R1G8Wny4+FhGkD/7wjHT8hTtLV/OURQF9ZjIzY5hcoPdOHPAK8eko2TR/HGeE7D/dH u4vREFQzkvTrfmEUs0e7VnAxGLJ8DBeJSxvLONFAI2fQoguq6CWHdVGjqqztJoW3lzbw 6FFfvx32tx1G7VIWX46euPBX2VJgGdGtQNkvXeRVTkw5tXLNRCZUtkJVGvH2wpnzOSmO L9mU/kiZCRBPF8DZUNAQA+HTYTBhA3HabohWUXNxRO3dGVBBbKT0C/vOGIlPXQoQMBZ9 tVi7lx94ia+N7xTVIS+6azGINTXNBsfzK+CBK8vnXOUnqwr75xungBpOmBxikwf3k+hO R9NA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3-v6si14857624pld.2.2018.04.17.09.07.15; Tue, 17 Apr 2018 09:07:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754518AbeDQQEk (ORCPT + 99 others); Tue, 17 Apr 2018 12:04:40 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:34224 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754496AbeDQQEh (ORCPT ); Tue, 17 Apr 2018 12:04:37 -0400 Received: from localhost (unknown [46.44.180.42]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 93DE3C16; Tue, 17 Apr 2018 16:04:22 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Amir Goldstein , Vivek Goyal , Miklos Szeredi Subject: [PATCH 4.15 33/53] ovl: fix lookup with middle layer opaque dir and absolute path redirects Date: Tue, 17 Apr 2018 17:58:58 +0200 Message-Id: <20180417155724.756173533@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180417155723.091120060@linuxfoundation.org> References: <20180417155723.091120060@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Amir Goldstein commit 3ec9b3fafcaf441cc4d46b9742cd6ec0c79f8df0 upstream. As of now if we encounter an opaque dir while looking for a dentry, we set d->last=true. This means that there is no need to look further in any of the lower layers. This works fine as long as there are no redirets or relative redircts. But what if there is an absolute redirect on the children dentry of opaque directory. We still need to continue to look into next lower layer. This patch fixes it. Here is an example to demonstrate the issue. Say you have following setup. upper: /redirect (redirect=/a/b/c) lower1: /a/[b]/c ([b] is opaque) (c has absolute redirect=/a/b/d/) lower0: /a/b/d/foo Now "redirect" dir should merge with lower1:/a/b/c/ and lower0:/a/b/d. Note, despite the fact lower1:/a/[b] is opaque, we need to continue to look into lower0 because children c has an absolute redirect. Following is a reproducer. Watch me make foo disappear: $ mkdir lower middle upper work work2 merged $ mkdir lower/origin $ touch lower/origin/foo $ mount -t overlay none merged/ \ -olowerdir=lower,upperdir=middle,workdir=work2 $ mkdir merged/pure $ mv merged/origin merged/pure/redirect $ umount merged $ mount -t overlay none merged/ \ -olowerdir=middle:lower,upperdir=upper,workdir=work $ mv merged/pure/redirect merged/redirect Now you see foo inside a twice redirected merged dir: $ ls merged/redirect foo $ umount merged $ mount -t overlay none merged/ \ -olowerdir=middle:lower,upperdir=upper,workdir=work After mount cycle you don't see foo inside the same dir: $ ls merged/redirect During middle layer lookup, the opaqueness of middle/pure is left in the lookup state and then middle/pure/redirect is wrongly treated as opaque. Fixes: 02b69b284cd7 ("ovl: lookup redirects") Cc: #v4.10 Signed-off-by: Amir Goldstein Signed-off-by: Vivek Goyal Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/overlayfs/namei.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -55,6 +55,15 @@ static int ovl_check_redirect(struct den if (s == next) goto invalid; } + /* + * One of the ancestor path elements in an absolute path + * lookup in ovl_lookup_layer() could have been opaque and + * that will stop further lookup in lower layers (d->stop=true) + * But we have found an absolute redirect in decendant path + * element and that should force continue lookup in lower + * layers (reset d->stop). + */ + d->stop = false; } else { if (strchr(buf, '/') != NULL) goto invalid;