From patchwork Thu Jun 2 08:13:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 9149489 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E75BC60467 for ; Thu, 2 Jun 2016 08:14:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D79A320120 for ; Thu, 2 Jun 2016 08:14:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC7C72665D; Thu, 2 Jun 2016 08:14:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7CC1F20120 for ; Thu, 2 Jun 2016 08:14:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932309AbcFBINr (ORCPT ); Thu, 2 Jun 2016 04:13:47 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:32849 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932272AbcFBINm (ORCPT ); Thu, 2 Jun 2016 04:13:42 -0400 Received: by mail-wm0-f67.google.com with SMTP id a136so13588978wme.0 for ; Thu, 02 Jun 2016 01:13:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=m5w9rscXZK/P7mp8wnxQlBDjEBXLctdjneYhj5vFRzQ=; b=NcPN4N9Nl/BpEG8/9I5mG1cGaK4Su/NuOig0hjYCeGijAwsFsqX3belGbZPY4nFMSF 3UwXpwBX0oRokWeq0uHq/zD13PLEIm3ySCqjWskjcZsdsNfdvKjZ8v+W1E7NODIBm1wu +ub/3GPkThdZgipfmRJNeGAA4HFAnekYi8rxU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=m5w9rscXZK/P7mp8wnxQlBDjEBXLctdjneYhj5vFRzQ=; b=LWWlbuda+QU4sVsKtZe3a25oq9aC6/+W/zf42Cvg+lvHZAYSy1DQV2BYiEoHPaAKJx ebfBwuM9sVo5+8Nl8c7nj2fjyFTywsuFYvJFu2vSUAWmnvns1PqzLFoyI28YtKfYOv/L n2L5errJK79Gfb/ME+9cAOIkOBsXWT7hwRrBG7+GicwqXueMAzgkt6FvucH3nfetCM5g 30NHsshhfO7J2NHtGOC47QDpbS5w4KLnR7UqczMOXhM9x9ZJQk9UIAuwnFyl0kyNu5P5 uFzolUAS2J+v4xqF6OYGTOqREkoGnect6Ig6eHKpjEuFoa46C1YFRgbchmZPB6tk740O N1mQ== X-Gm-Message-State: ALyK8tKzxN5EEqNOzr0/Unkjg4PjeYYiANVRyAeMgiOAM1LawZHJJcNJefPpnRalaUsmMg== X-Received: by 10.28.186.132 with SMTP id k126mr7503182wmf.103.1464855220603; Thu, 02 Jun 2016 01:13:40 -0700 (PDT) Received: from veci.piliscsaba.szeredi.hu (54009904.dsl.pool.telekom.hu. [84.0.153.4]) by smtp.gmail.com with ESMTPSA id c185sm39362334wme.9.2016.06.02.01.13.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Jun 2016 01:13:39 -0700 (PDT) Date: Thu, 2 Jun 2016 10:13:33 +0200 From: Miklos Szeredi To: Al Viro Cc: Vivek Goyal , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ovl: xattr filter fix Message-ID: <20160602081333.GA25805@veci.piliscsaba.szeredi.hu> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP a) ovl_need_xattr_filter() is wrong, we can have multiple lower layers overlaid, all of which (except the lowest one) honouring the "trusted.overlay.opaque" xattr. So need to filter everything except the bottom and the pure-upper layer. b) we no longer can assume that inode is attached to dentry in get/setxattr. This patch unconditionally filters private xattrs to fix both of the above. Performance impact for get/removexattrs is likely in the noise. For listxattrs it might be measurable in pathological cases, but I very much hope nobody cares. If they do, we'll fix it then. Reported-by: Vivek Goyal Signed-off-by: Miklos Szeredi Fixes: b96809173e94 ("security_d_instantiate(): move to the point prior to attaching dentry to inode") Reviewed-by: Vivek Goyal --- fs/overlayfs/inode.c | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -238,41 +238,27 @@ int ovl_setxattr(struct dentry *dentry, return err; } -static bool ovl_need_xattr_filter(struct dentry *dentry, - enum ovl_path_type type) -{ - if ((type & (__OVL_PATH_PURE | __OVL_PATH_UPPER)) == __OVL_PATH_UPPER) - return S_ISDIR(dentry->d_inode->i_mode); - else - return false; -} - ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size) { - struct path realpath; - enum ovl_path_type type = ovl_path_real(dentry, &realpath); + struct dentry *realdentry = ovl_dentry_real(dentry); - if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name)) + if (ovl_is_private_xattr(name)) return -ENODATA; - return vfs_getxattr(realpath.dentry, name, value, size); + return vfs_getxattr(realdentry, name, value, size); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) { - struct path realpath; - enum ovl_path_type type = ovl_path_real(dentry, &realpath); + struct dentry *realdentry = ovl_dentry_real(dentry); ssize_t res; int off; - res = vfs_listxattr(realpath.dentry, list, size); + res = vfs_listxattr(realdentry, list, size); if (res <= 0 || size == 0) return res; - if (!ovl_need_xattr_filter(dentry, type)) - return res; - /* filter out private xattrs */ for (off = 0; off < res;) { char *s = list + off; @@ -302,7 +288,7 @@ int ovl_removexattr(struct dentry *dentr goto out; err = -ENODATA; - if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name)) + if (ovl_is_private_xattr(name)) goto out_drop_write; if (!OVL_TYPE_UPPER(type)) {