Changes to lower layer while overlay in mounted result in undefined
behavior. Therefore, we can change the behavior to invalidate the
overlay dentry on dcache lookup if one of the dentries in the lowerstack
was renamed since the lowerstack was composed.
To be absolute certain that lower dentry was not renamed we would need to
know the redirect path that lead to it, but that is not necessary.
Instead, we just store the hash of the parent/name from when we composed
the stack, which gives a good enough probablity to detect a lower rename
and is much less complexity.
We do not provide this protection for upper dentries, because that would
require updating the hash on overlay initiated renames and that is harder
to implement with lockless lookup.
This doesn't make live changes to underlying layers valid, because
invalid dentry stacks may still be referenced by open files, but it
reduces the window for possible bugs caused by lower rename, because
lookup cannot return those invalid dentry stacks.
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
---
fs/overlayfs/export.c | 1 +
fs/overlayfs/namei.c | 4 +++-
fs/overlayfs/ovl_entry.h | 2 ++
fs/overlayfs/super.c | 17 ++++++++++-------
4 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c
index 0e696f72cf65..7221b6226e26 100644
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -319,6 +319,7 @@ static struct dentry *ovl_obtain_alias(struct super_block *sb,
if (lower) {
oe->lowerstack->dentry = dget(lower);
oe->lowerstack->layer = lowerpath->layer;
+ oe->lowerstack->hash = lower->d_name.hash_len;
}
dentry->d_fsdata = oe;
if (upper_alias)
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 3566282a9199..ae1c1216a038 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -375,7 +375,8 @@ int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
}
**stackp = (struct ovl_path){
.dentry = origin,
- .layer = &ofs->layers[i]
+ .layer = &ofs->layers[i],
+ .hash = origin->d_name.hash_len,
};
return 0;
@@ -968,6 +969,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
} else {
stack[ctr].dentry = this;
stack[ctr].layer = lower.layer;
+ stack[ctr].hash = this->d_name.hash_len;
ctr++;
}
diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h
index b429c80879ee..557f1782f53b 100644
--- a/fs/overlayfs/ovl_entry.h
+++ b/fs/overlayfs/ovl_entry.h
@@ -42,6 +42,8 @@ struct ovl_layer {
struct ovl_path {
const struct ovl_layer *layer;
struct dentry *dentry;
+ /* Hash of the lower parent/name when we found it */
+ u64 hash;
};
/* private information held for overlayfs's superblock */
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index f2c74387e05b..4b7cb2d98203 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -119,13 +119,13 @@ static bool ovl_dentry_is_dead(struct dentry *d)
}
static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak,
- bool is_upper)
+ bool is_upper, u64 hash)
{
bool strict = !weak;
int ret = 1;
- /* Invalidate dentry if real was deleted since we found it */
- if (ovl_dentry_is_dead(d)) {
+ /* Invalidate dentry if real was deleted/renamed since we found it */
+ if (ovl_dentry_is_dead(d) || (hash && hash != d->d_name.hash_len)) {
ret = 0;
/* Raced with overlay unlink/rmdir? */
if (is_upper)
@@ -156,17 +156,18 @@ static int ovl_dentry_revalidate_common(struct dentry *dentry,
unsigned int flags, bool weak)
{
struct ovl_entry *oe = dentry->d_fsdata;
+ struct ovl_path *lower = oe->lowerstack;
struct dentry *upper;
unsigned int i;
int ret = 1;
upper = ovl_dentry_upper(dentry);
if (upper)
- ret = ovl_revalidate_real(upper, flags, weak, true);
+ ret = ovl_revalidate_real(upper, flags, weak, true, 0);
- for (i = 0; ret > 0 && i < oe->numlower; i++) {
- ret = ovl_revalidate_real(oe->lowerstack[i].dentry, flags,
- weak, false);
+ for (i = 0; ret > 0 && i < oe->numlower; i++, lower++) {
+ ret = ovl_revalidate_real(lower->dentry, flags, weak, false,
+ lower->hash);
}
return ret;
}
@@ -1652,6 +1653,8 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
for (i = 0; i < numlower; i++) {
oe->lowerstack[i].dentry = dget(stack[i].dentry);
oe->lowerstack[i].layer = &ofs->layers[i+1];
+ /* layer root should not be invalidated by rename */
+ oe->lowerstack->hash = 0;
}
out:
--
2.17.1
