summaryrefslogtreecommitdiff
path: root/fs/overlayfs/overlayfs.h
diff options
context:
space:
mode:
authorAmir Goldstein <amir73il@gmail.com>2018-05-11 11:15:15 +0300
committerMiklos Szeredi <mszeredi@redhat.com>2018-05-31 12:06:12 +0300
commit01b39dcc95680b04c7af5de7f39f577e9c4865e3 (patch)
tree18675377623d5ef108a90a72a9b523cf535e4210 /fs/overlayfs/overlayfs.h
parentac6a52eb65b5327859135269c9374bf2ff731c9f (diff)
downloadlinux-01b39dcc95680b04c7af5de7f39f577e9c4865e3.tar.xz
ovl: use inode_insert5() to hash a newly created inode
Currently, there is a small window where ovl_obtain_alias() can race with ovl_instantiate() and create two different overlay inodes with the same underlying real non-dir non-hardlink inode. The race requires an adversary to guess the file handle of the yet to be created upper inode and decode the guessed file handle after ovl_creat_real(), but before ovl_instantiate(). This race does not affect overlay directory inodes, because those are decoded via ovl_lookup_real() and not with ovl_obtain_alias(). This patch fixes the race, by using inode_insert5() to add a newly created inode to cache. If the newly created inode apears to already exist in cache (hashed by the same real upper inode), we instantiate the dentry with the old inode and drop the new inode, instead of silently not hashing the new inode. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/overlayfs/overlayfs.h')
-rw-r--r--fs/overlayfs/overlayfs.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index b8a0160742b2..3c5e9f18b0d9 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -329,6 +329,7 @@ int ovl_update_time(struct inode *inode, struct timespec *ts, int flags);
bool ovl_is_private_xattr(const char *name);
struct ovl_inode_params {
+ struct inode *newinode;
struct dentry *upperdentry;
struct ovl_path *lowerpath;
struct dentry *index;