Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.134 2024-10-10T09:57:44+00:00 2024-10-10T09:57:44+00:00 Mike Baynton mike@mbaynton.com 2024-07-11T03:52:04+00:00 urn:sha1:bf47be5479b3e611910e1133f4d5413aa77e86c5 commit 6c4a5f96450415735c31ed70ff354f0ee5cbf67b upstream. Some overlayfs features require permission to read/write trusted.* xattrs. These include redirect_dir, verity, metacopy, and data-only layers. This patch adds additional validations at mount time to stop overlays from mounting in certain cases where the resulting mount would not function according to the user's expectations because they lack permission to access trusted.* xattrs (for example, not global root.) Similar checks in ovl_make_workdir() that disable features instead of failing are still relevant and used in cases where the resulting mount can still work "reasonably well." Generally, if the feature was enabled through kernel config or module option, any mount that worked before will still work the same; this applies to redirect_dir and metacopy. The user must explicitly request these features in order to generate a mount failure. Verity and data-only layers on the other hand must be explictly requested and have no "reasonable" disabled or degraded alternative, so mounts attempting either always fail. "lower data-only dirs require metacopy support" moved down in case userxattr is set, which disables metacopy. Cc: stable@vger.kernel.org # v6.6+ Signed-off-by: Mike Baynton <mike@mbaynton.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-09-04T11:28:23+00:00 Zhihao Cheng chengzhihao1@huawei.com 2024-07-05T01:15:10+00:00 urn:sha1:9de10f5b7ba9ad9ea0722ba189a04225cb06d603 [ Upstream commit 441e36ef5b347d9ab4f54f7b54853266be687556 ] Add '\n' for pr_err in function ovl_parse_param_lowerdir(), which ensures that error message is displayed at once. Fixes: b36a5780cb44 ("ovl: modify layer parameter parsing") Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Link: https://lore.kernel.org/r/20240705011510.794025-4-chengzhihao1@huawei.com Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-09-04T11:28:23+00:00 Zhihao Cheng chengzhihao1@huawei.com 2024-07-05T01:15:09+00:00 urn:sha1:dce7cbeaa10f27b7cd027d2fb9d54b7e1f69db4a [ Upstream commit ca76ac36bb6068866feca185045e7edf2a8f392f ] The max count of lowerdir is OVL_MAX_STACK[500], which is broken by commit 37f32f526438("ovl: fix memory leak in ovl_parse_param()") for parameter Opt_lowerdir. Since commit 819829f0319a("ovl: refactor layer parsing helpers") and commit 24e16e385f22("ovl: add support for appending lowerdirs one by one") added check ovl_mount_dir_check() in function ovl_parse_param_lowerdir(), the 'ctx->nr' should be smaller than OVL_MAX_STACK, after commit 37f32f526438("ovl: fix memory leak in ovl_parse_param()") is applied, the 'ctx->nr' is updated before the check ovl_mount_dir_check(), which leads the max count of lowerdir to become 499 for parameter Opt_lowerdir. Fix it by replacing lower layers parsing code with the existing helper function ovl_parse_layer(). Fixes: 37f32f526438 ("ovl: fix memory leak in ovl_parse_param()") Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Link: https://lore.kernel.org/r/20240705011510.794025-3-chengzhihao1@huawei.com Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-09-04T11:28:23+00:00 Christian Brauner brauner@kernel.org 2024-07-05T01:15:08+00:00 urn:sha1:0e1c9709d70b44cc5d5302b3fd4a358b195bfd49 [ Upstream commit 7eff3453cbd7e0bfc7524d59694119b5ca844778 ] So it can be used for parsing the Opt_lowerdir. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Link: https://lore.kernel.org/r/20240705011510.794025-2-chengzhihao1@huawei.com Signed-off-by: Christian Brauner <brauner@kernel.org> Stable-dep-of: ca76ac36bb60 ("ovl: fix wrong lowerdir number check for parameter Opt_lowerdir") Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-05-02T14:32:49+00:00 Amir Goldstein amir73il@gmail.com 2023-11-12T08:11:25+00:00 urn:sha1:be9857a4d280bc5d6f9fdfc134918a7f13dda9ae commit 37f32f52643869131ec01bb69bdf9f404f6109fb upstream. On failure to parse parameters in ovl_parse_param_lowerdir(), it is necessary to update ctx->nr with the correct nr before using ovl_reset_lowerdirs() to release l->name. Reported-and-tested-by: syzbot+26eedf3631650972f17c@syzkaller.appspotmail.com Fixes: c835110b588a ("ovl: remove unused code in lowerdir param parsing") Co-authored-by: Edward Adam Davis <eadavis@qq.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-03-26T22:19:18+00:00 Gabriel Krisman Bertazi krisman@suse.de 2024-02-21T17:14:03+00:00 urn:sha1:c6f95031cf21701db5d2b449bf77b73e98edabde [ Upstream commit 2824083db76cb9d4b7910607b367e93b02912865 ] overlayfs relies on the filesystem setting DCACHE_OP_HASH or DCACHE_OP_COMPARE to reject mounting over case-insensitive directories. Since commit bb9cd9106b22 ("fscrypt: Have filesystems handle their d_ops"), we set ->d_op through a hook in ->d_lookup, which means the root dentry won't have them, causing the mount to accidentally succeed. In v6.7-rc7, the following sequence will succeed to mount, but any dentry other than the root dentry will be a "weird" dentry to ovl and fail with EREMOTE. mkfs.ext4 -O casefold lower.img mount -O loop lower.img lower mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=work ovl /mnt Mounting on a subdirectory fails, as expected, because DCACHE_OP_HASH and DCACHE_OP_COMPARE are properly set by ->lookup. Fix by explicitly rejecting superblocks that allow case-insensitive dentries. Yes, this will be solved when we move d_op configuration back to ->s_d_op. Yet, we better have an explicit fix to avoid messing up again. While there, re-sort the entries to have more descriptive error messages first. Fixes: bb9cd9106b22 ("fscrypt: Have filesystems handle their d_ops") Acked-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Link: https://lore.kernel.org/r/20240221171412.10710-2-krisman@suse.de Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-03-26T22:19:18+00:00 Amir Goldstein amir73il@gmail.com 2023-10-30T18:34:42+00:00 urn:sha1:cc0918b3582c98f12cfb30bf7496496d14bff3e9 [ Upstream commit 24e16e385f2272b1a9df51337a5c32d28a29c7ad ] Add new mount options lowerdir+ and datadir+ that can be used to add layers to lower layers stack one by one. Unlike the legacy lowerdir mount option, special characters (i.e. colons and cammas) are not unescaped with these new mount options. The new mount options can be repeated to compose a large stack of lower layers, but they may not be mixed with the lagacy lowerdir mount option, because for displaying lower layers in mountinfo, we do not want to mix escaped with unescaped lower layers path syntax. Similar to data-only layer rules with the lowerdir mount option, the datadir+ option must follow at least one lowerdir+ option and the lowerdir+ option must not follow the datadir+ option. If the legacy lowerdir mount option follows lowerdir+ and datadir+ mount options, it overrides them. Sepcifically, calling: fsconfig(FSCONFIG_SET_STRING, "lowerdir", "", 0); can be used to reset previously setup lower layers. Suggested-by: Miklos Szeredi <miklos@szeredi.hu> Link: https://lore.kernel.org/r/CAJfpegt7VC94KkRtb1dfHG8+4OzwPBLYqhtc8=QFUxpFJE+=RQ@mail.gmail.com/ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Stable-dep-of: 2824083db76c ("ovl: Always reject mounting over case-insensitive directories") Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-03-26T22:19:18+00:00 Amir Goldstein amir73il@gmail.com 2023-10-29T12:00:39+00:00 urn:sha1:0d8097526ba8f13a177ff77b365faae05d214588 [ Upstream commit 819829f0319a759e8a6ccb7e4f1113f3f9f07aa3 ] In preparation for new mount options to add lowerdirs one by one, generalize ovl_parse_param_upperdir() into helper ovl_parse_layer() that will be used for parsing a single lower layers. Suggested-by: Miklos Szeredi <miklos@szeredi.hu> Link: https://lore.kernel.org/r/CAJfpegt7VC94KkRtb1dfHG8+4OzwPBLYqhtc8=QFUxpFJE+=RQ@mail.gmail.com/ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Stable-dep-of: 2824083db76c ("ovl: Always reject mounting over case-insensitive directories") Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-03-26T22:19:18+00:00 Amir Goldstein amir73il@gmail.com 2023-10-28T08:25:30+00:00 urn:sha1:26532aeb3cec005d85b99298430077cb44858490 [ Upstream commit 0cea4c097d97fdc89de488bd4202d0b087ccec58 ] We are about to add new mount options for adding lowerdir one by one, but those mount options will not support escaping. For the existing case, where lowerdir mount option is provided as a colon separated list, store the user provided (possibly escaped) string and display it as is when showing the lowerdir mount option. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Stable-dep-of: 2824083db76c ("ovl: Always reject mounting over case-insensitive directories") Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-03-26T22:19:17+00:00 Amir Goldstein amir73il@gmail.com 2023-10-28T09:07:45+00:00 urn:sha1:1fff0482186bf82e0b55156360c1f2c7f67de717 [ Upstream commit c835110b588a750650988ca5000913c3c60d246b ] Commit beae836e9c61 ("ovl: temporarily disable appending lowedirs") removed the ability to append lowerdirs with syntax lowerdir=":<path>". Remove leftover code and comments that are irrelevant with lowerdir append mode disabled. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Stable-dep-of: 2824083db76c ("ovl: Always reject mounting over case-insensitive directories") Signed-off-by: Sasha Levin <sashal@kernel.org>