diff options
| author | Amir Goldstein <amir73il@gmail.com> | 2017-10-24 05:24:11 -0400 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2017-10-24 10:06:17 -0400 |
| commit | fa0096e3bad69ed6f34843fd7ae1c45ca987012a (patch) | |
| tree | baef2db65b514249b1d5299bb8f9f3a2b872b48a | |
| parent | 7937a56fdf0b064c2ffa33025210f725a4ebc822 (diff) | |
ovl: do not cleanup unsupported index entries
With index=on, ovl_indexdir_cleanup() tries to cleanup invalid index
entries (e.g. bad index name). This behavior could result in cleaning of
entries created by newer kernels and is therefore undesirable.
Instead, abort mount if such entries are encountered. We still cleanup
'stale' entries and 'orphan' entries, both those cases can be a result
of offline changes to lower and upper dirs.
When encoutering an index entry of type directory or whiteout, kernel
was supposed to fallback to read-only mount, but the fill_super()
operation returns EROFS in this case instead of returning success with
read-only mount flag, so mount fails when encoutering directory or
whiteout index entries. Bless this behavior by returning -EINVAL on
directory and whiteout index entries as we do for all unsupported index
entries.
Fixes: 61b674710cd9 ("ovl: do not cleanup directory and whiteout index..")
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
| -rw-r--r-- | fs/overlayfs/namei.c | 7 | ||||
| -rw-r--r-- | fs/overlayfs/readdir.c | 11 |
2 files changed, 8 insertions, 10 deletions
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 0d9b8ce5ea43..a12dc10bf726 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c | |||
| @@ -405,14 +405,13 @@ int ovl_verify_index(struct dentry *index, struct path *lowerstack, | |||
| 405 | * be treated as stale (i.e. after unlink of the overlay inode). | 405 | * be treated as stale (i.e. after unlink of the overlay inode). |
| 406 | * We don't know the verification rules for directory and whiteout | 406 | * We don't know the verification rules for directory and whiteout |
| 407 | * index entries, because they have not been implemented yet, so return | 407 | * index entries, because they have not been implemented yet, so return |
| 408 | * EROFS if those entries are found to avoid corrupting an index that | 408 | * EINVAL if those entries are found to abort the mount to avoid |
| 409 | * was created by a newer kernel. | 409 | * corrupting an index that was created by a newer kernel. |
| 410 | */ | 410 | */ |
| 411 | err = -EROFS; | 411 | err = -EINVAL; |
| 412 | if (d_is_dir(index) || ovl_is_whiteout(index)) | 412 | if (d_is_dir(index) || ovl_is_whiteout(index)) |
| 413 | goto fail; | 413 | goto fail; |
| 414 | 414 | ||
| 415 | err = -EINVAL; | ||
| 416 | if (index->d_name.len < sizeof(struct ovl_fh)*2) | 415 | if (index->d_name.len < sizeof(struct ovl_fh)*2) |
| 417 | goto fail; | 416 | goto fail; |
| 418 | 417 | ||
diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index 0f85ee9c3268..698b74dd750e 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c | |||
| @@ -1021,13 +1021,12 @@ int ovl_indexdir_cleanup(struct dentry *dentry, struct vfsmount *mnt, | |||
| 1021 | break; | 1021 | break; |
| 1022 | } | 1022 | } |
| 1023 | err = ovl_verify_index(index, lowerstack, numlower); | 1023 | err = ovl_verify_index(index, lowerstack, numlower); |
| 1024 | if (err) { | 1024 | /* Cleanup stale and orphan index entries */ |
| 1025 | if (err == -EROFS) | 1025 | if (err && (err == -ESTALE || err == -ENOENT)) |
| 1026 | break; | ||
| 1027 | err = ovl_cleanup(dir, index); | 1026 | err = ovl_cleanup(dir, index); |
| 1028 | if (err) | 1027 | if (err) |
| 1029 | break; | 1028 | break; |
| 1030 | } | 1029 | |
| 1031 | dput(index); | 1030 | dput(index); |
| 1032 | index = NULL; | 1031 | index = NULL; |
| 1033 | } | 1032 | } |