[v2,1/5] ovl: don't allow datadir only

Message ID	20250325104634.162496-2-mszeredi@redhat.com (mailing list archive)
State	New
Headers	show Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D683254AE2 for <linux-fsdevel@vger.kernel.org>; Tue, 25 Mar 2025 10:46:42 +0000 (UTC) From: Miklos Szeredi <mszeredi@redhat.com> To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein <amir73il@gmail.com>, linux-fsdevel@vger.kernel.org, Giuseppe Scrivano <gscrivan@redhat.com>, Alexander Larsson <alexl@redhat.com>, stable@vger.kernel.org Subject: [PATCH v2 1/5] ovl: don't allow datadir only Date: Tue, 25 Mar 2025 11:46:29 +0100 Message-ID: <20250325104634.162496-2-mszeredi@redhat.com> In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	ovl: metacopy/verity fixes and improvements \| expand [v2,0/5] ovl: metacopy/verity fixes and improvements [v2,1/5] ovl: don't allow datadir only [v2,2/5] ovl: remove unused forward declaration [v2,3/5] ovl: make redirect/metacopy rejection consistent [v2,4/5] ovl: relax redirect/metacopy requirements for lower -> data redirect [v2,5/5] ovl: don't require "metacopy=on" for "verity"

Message ID

20250325104634.162496-2-mszeredi@redhat.com (mailing list archive)

State

New

Headers

From: Miklos Szeredi <mszeredi@redhat.com>
To: linux-unionfs@vger.kernel.org
Cc: Amir Goldstein <amir73il@gmail.com>,
	linux-fsdevel@vger.kernel.org,
	Giuseppe Scrivano <gscrivan@redhat.com>,
	Alexander Larsson <alexl@redhat.com>,
	stable@vger.kernel.org
Subject: [PATCH v2 1/5] ovl: don't allow datadir only
Date: Tue, 25 Mar 2025 11:46:29 +0100
Message-ID: <20250325104634.162496-2-mszeredi@redhat.com>
In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com>
References: <20250325104634.162496-1-mszeredi@redhat.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

ovl: metacopy/verity fixes and improvements | expand

Commit Message

Miklos Szeredi March 25, 2025, 10:46 a.m. UTC

In theory overlayfs could support upper layer directly referring to a data
layer, but there's no current use case for this.

Originally, when data-only layers were introduced, this wasn't allowed,
only introduced by the "datadir+" feature, but without actually handling
this case, resulting in an Oops.

Fix by disallowing datadir without lowerdir.

Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one")
Cc: <stable@vger.kernel.org> # v6.7
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
 fs/overlayfs/super.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Alexander Larsson March 25, 2025, 11:57 a.m. UTC | #1

On Tue, 2025-03-25 at 11:46 +0100, Miklos Szeredi wrote:
> In theory overlayfs could support upper layer directly referring to a
> data
> layer, but there's no current use case for this.
> 
> Originally, when data-only layers were introduced, this wasn't
> allowed,
> only introduced by the "datadir+" feature, but without actually
> handling
> this case, resulting in an Oops.
> 
> Fix by disallowing datadir without lowerdir.
> 
> Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
> Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by
> one")
> Cc: <stable@vger.kernel.org> # v6.7
> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Reviewed-by: Alexander Larsson <alexl@redhat.com>


>  		return ERR_PTR(-EINVAL);
>  	}
>  
> +	if (ctx->nr == ctx->nr_data) {
> +		pr_err("at least one non-data lowerdir is
> required\n");
> +		return ERR_PTR(-EINVAL);
> +	}
> +
>  	err = -EINVAL;
>  	for (i = 0; i < ctx->nr; i++) {
>  		l = &ctx->lower[i];

Christian Brauner March 25, 2025, 2:36 p.m. UTC | #2

On Tue, Mar 25, 2025 at 11:46:29AM +0100, Miklos Szeredi wrote:
> In theory overlayfs could support upper layer directly referring to a data
> layer, but there's no current use case for this.
> 
> Originally, when data-only layers were introduced, this wasn't allowed,
> only introduced by the "datadir+" feature, but without actually handling
> this case, resulting in an Oops.
> 
> Fix by disallowing datadir without lowerdir.
> 
> Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
> Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one")
> Cc: <stable@vger.kernel.org> # v6.7
> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> ---

Reviewed-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 86ae6f6da36b..b11094acdd8f 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1137,6 +1137,11 @@  static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
 		return ERR_PTR(-EINVAL);
 	}
 
+	if (ctx->nr == ctx->nr_data) {
+		pr_err("at least one non-data lowerdir is required\n");
+		return ERR_PTR(-EINVAL);
+	}
+
 	err = -EINVAL;
 	for (i = 0; i < ctx->nr; i++) {
 		l = &ctx->lower[i];

[v2,1/5] ovl: don't allow datadir only

Commit Message

Comments

Patch