ovl: fix race in private xattr checks

Xattr operations can race with copy up. This does not matter as long as we consistently fiter out "trunsted.overlay.opaque" attribute on upper directories. Previously we checked parent against OVL_PATH_MERGE. This is too general, and prone to race with copy-up. I.e. we found the parent to be on the lower layer but ovl_dentry_real() would return the copied-up dentry, possibly with the "opaque" attribute. So instead use ovl_path_real() and decide to filter the attributes based on the actual type of the dentry we'll use. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
author: Miklos Szeredi <mszeredi@suse.cz> 2014-11-20 10:40:00 -0500
committer: Miklos Szeredi <mszeredi@suse.cz> 2014-11-20 10:40:00 -0500
commit: 521484639ec19a6f1ed56de6993feb255f5f676c (patch)
tree: 53cad82bc4ae05b1d2d21a22a2ccde9658e5c8c7
parent: a105d685a8483985a01776411de191a726b48132 (diff)
1 files changed, 18 insertions, 9 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index af2d18c9fcee..07d74b24913b 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -235,26 +235,36 @@ out:
        return err;
 }
+static bool ovl_need_xattr_filter(struct dentry *dentry,
+                                  enum ovl_path_type type)
+{
+        return type == OVL_PATH_UPPER && S_ISDIR(dentry->d_inode->i_mode);
+}
 ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
                     void *value, size_t size)
 {
-        if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
+        struct path realpath;
-            ovl_is_private_xattr(name))
+        enum ovl_path_type type = ovl_path_real(dentry, &realpath);
+        if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
                return -ENODATA;
-        return vfs_getxattr(ovl_dentry_real(dentry), name, value, size);
+        return vfs_getxattr(realpath.dentry, name, value, size);
 }
 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
 {
+        struct path realpath;
+        enum ovl_path_type type = ovl_path_real(dentry, &realpath);
        ssize_t res;
        int off;
-        res = vfs_listxattr(ovl_dentry_real(dentry), list, size);
+        res = vfs_listxattr(realpath.dentry, list, size);
        if (res <= 0 || size == 0)
                return res;
-        if (ovl_path_type(dentry->d_parent) != OVL_PATH_MERGE)
+        if (!ovl_need_xattr_filter(dentry, type))
                return res;
        /* filter out private xattrs */
@@ -279,17 +289,16 @@ int ovl_removexattr(struct dentry *dentry, const char *name)
 {
        int err;
        struct path realpath;
-        enum ovl_path_type type;
+        enum ovl_path_type type = ovl_path_real(dentry, &realpath);
        err = ovl_want_write(dentry);
        if (err)
                goto out;
-        if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
+        err = -ENODATA;
-            ovl_is_private_xattr(name))
+        if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
                goto out_drop_write;
-        type = ovl_path_real(dentry, &realpath);
        if (type == OVL_PATH_LOWER) {
                err = vfs_getxattr(realpath.dentry, name, NULL, 0);
                if (err < 0)
author	Miklos Szeredi <mszeredi@suse.cz>	2014-11-20 10:40:00 -0500
committer	Miklos Szeredi <mszeredi@suse.cz>	2014-11-20 10:40:00 -0500
commit	521484639ec19a6f1ed56de6993feb255f5f676c (patch)
tree	53cad82bc4ae05b1d2d21a22a2ccde9658e5c8c7
parent	a105d685a8483985a01776411de191a726b48132 (diff)