Received: by 10.192.165.156 with SMTP id m28csp254790imm; Tue, 17 Apr 2018 09:35:22 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+BUfdcfwb7kcmEvVXXjw4KgNiLJIzicw3leiQn45z5HBxVUmLjvmh7AhPJXzjhN5fUFOWK X-Received: by 2002:a17:902:125:: with SMTP id 34-v6mr2753819plb.42.1523982921990; Tue, 17 Apr 2018 09:35:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523982921; cv=none; d=google.com; s=arc-20160816; b=vGr0rsCsZldHfxrveaeC4hvpx8L5yxKl/V6uWd1uQaAqH14Wi8kKZm8e0+Nw6vQpf1 /HpOtBnTjbb0baCM4z87HWInsrb/BFg9TBdkfOMNvLiRbgcPNPethpxAvwbUSk+id9qu jX5WNc2jHceluf0AZWmj8hcTMHIitiuZ15VltxqUr+ShQQYH3qZx0SNOZRzSuCRsQYcq V/vPp64a0MmXLCbtiXMvSOU8TCr1IpZlVyjmkKV8WK39Mvxxb626VoyPxxTfApOFGLRO Zgqqnr0pdeFC7Gub7OJ/uqNB6DAmdLvgsxGOSUL7wDFr5+Muz65Pa1ZgM9esyhgR2qGT merQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=XQRWThXI/wQxAirEDiLMg7PGYDHuXEHHXd593KWpVAE=; b=AAQSlvAOjCijB3l4wmnW6P5Sc7E0EEJDmNYGo+iOE6r37rty+K1NriQEYOjggGkyOa b2Oh/n6cr5sD6dNiDdrzCq/muQiYLUoN9x/gQpLhlEKf82ptMfp98F4mZTDUH7v5sDky Rj1NX5wR6WoL7r+6BDj+H29w7BGPsaw7MGUOhGYDUWd/4xMbqAuSxYkYDd6hASFBL0j+ 0DGIJvTOnXXHef7qTaBi3G9D62+FniAs5eSZaz6jQPWMK+ddwLR5kzR8y4CMMEHdxBPc mxJQpr/Cf6FHG2/gmmnVioSJKc9wDR1dJDOLt6ZORsaq0JT+mQd5rxqzFdsGGcLIKcYu rdtw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i14si10417297pgf.284.2018.04.17.09.35.08; Tue, 17 Apr 2018 09:35:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755221AbeDQQHc (ORCPT + 99 others); Tue, 17 Apr 2018 12:07:32 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:35160 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755184AbeDQQHa (ORCPT ); Tue, 17 Apr 2018 12:07:30 -0400 Received: from localhost (unknown [46.44.180.42]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7D8CFE66; Tue, 17 Apr 2018 16:07:29 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Amir Goldstein , Vivek Goyal , Miklos Szeredi Subject: [PATCH 4.14 46/49] ovl: fix lookup with middle layer opaque dir and absolute path redirects Date: Tue, 17 Apr 2018 17:59:25 +0200 Message-Id: <20180417155717.228185033@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180417155715.032245882@linuxfoundation.org> References: <20180417155715.032245882@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Amir Goldstein commit 3ec9b3fafcaf441cc4d46b9742cd6ec0c79f8df0 upstream. As of now if we encounter an opaque dir while looking for a dentry, we set d->last=true. This means that there is no need to look further in any of the lower layers. This works fine as long as there are no redirets or relative redircts. But what if there is an absolute redirect on the children dentry of opaque directory. We still need to continue to look into next lower layer. This patch fixes it. Here is an example to demonstrate the issue. Say you have following setup. upper: /redirect (redirect=/a/b/c) lower1: /a/[b]/c ([b] is opaque) (c has absolute redirect=/a/b/d/) lower0: /a/b/d/foo Now "redirect" dir should merge with lower1:/a/b/c/ and lower0:/a/b/d. Note, despite the fact lower1:/a/[b] is opaque, we need to continue to look into lower0 because children c has an absolute redirect. Following is a reproducer. Watch me make foo disappear: $ mkdir lower middle upper work work2 merged $ mkdir lower/origin $ touch lower/origin/foo $ mount -t overlay none merged/ \ -olowerdir=lower,upperdir=middle,workdir=work2 $ mkdir merged/pure $ mv merged/origin merged/pure/redirect $ umount merged $ mount -t overlay none merged/ \ -olowerdir=middle:lower,upperdir=upper,workdir=work $ mv merged/pure/redirect merged/redirect Now you see foo inside a twice redirected merged dir: $ ls merged/redirect foo $ umount merged $ mount -t overlay none merged/ \ -olowerdir=middle:lower,upperdir=upper,workdir=work After mount cycle you don't see foo inside the same dir: $ ls merged/redirect During middle layer lookup, the opaqueness of middle/pure is left in the lookup state and then middle/pure/redirect is wrongly treated as opaque. Fixes: 02b69b284cd7 ("ovl: lookup redirects") Cc: #v4.10 Signed-off-by: Amir Goldstein Signed-off-by: Vivek Goyal Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/overlayfs/namei.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -56,6 +56,15 @@ static int ovl_check_redirect(struct den if (s == next) goto invalid; } + /* + * One of the ancestor path elements in an absolute path + * lookup in ovl_lookup_layer() could have been opaque and + * that will stop further lookup in lower layers (d->stop=true) + * But we have found an absolute redirect in decendant path + * element and that should force continue lookup in lower + * layers (reset d->stop). + */ + d->stop = false; } else { if (strchr(buf, '/') != NULL) goto invalid;