If memory for uperredirect was allocated with kstrdup()
in upperdir != NULL and d.redirect != NULL path, it may seem
that it can be lost when upperredirect is reassigned later, but
it's not possible.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0a2d0d3f2f291 ("ovl: Check redirect on index as well")
Signed-off-by: Stanislav Goriainov <goriainov@xxxxxxxxx>
---
fs/overlayfs/namei.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 69dc577974f8..2a21331e6ccd 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -1085,6 +1085,11 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
.mnt = ovl_upper_mnt(ofs),
};
+ /* There is no overwrite of upperredirect here as the first
+ * assignment of upperredirect happens only if
+ * upperdentry is non-NULL, while here we are only
+ * if upperdentry is NULL.
+ */
upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
if (IS_ERR(upperredirect)) {
err = PTR_ERR(upperredirect);
--
2.34.1
