/proc/$pid/maps and /proc/$pid/exe contain display paths of mapped file. audot and tomoyo also log the display path of the mapped exec file. When the mapped file comes from overlayfs, we need to use the macro file_fake_path() to make sure that we get the fake overlayfs path and not the real internal path. At the time of this commit, file_fake_path() always returns f_path, where overlayfs has stored the fake overlayfs path, but soon we are going to change the location that the fake path is stored. Cc: Paul Moore <paul@xxxxxxxxxxxxxx> Cc: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> --- fs/proc/base.c | 8 +++++--- fs/seq_file.c | 2 +- kernel/audit.c | 3 ++- kernel/fork.c | 5 +++-- security/tomoyo/util.c | 3 ++- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 05452c3b9872..d6f8c77a3e38 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1730,8 +1730,9 @@ static int proc_exe_link(struct dentry *dentry, struct path *exe_path) exe_file = get_task_exe_file(task); put_task_struct(task); if (exe_file) { - *exe_path = exe_file->f_path; - path_get(&exe_file->f_path); + /* Overlayfs mapped files have fake path */ + *exe_path = *file_fake_path(exe_file); + path_get(exe_path); fput(exe_file); return 0; } else @@ -2218,7 +2219,8 @@ static int map_files_get_link(struct dentry *dentry, struct path *path) rc = -ENOENT; vma = find_exact_vma(mm, vm_start, vm_end); if (vma && vma->vm_file) { - *path = vma->vm_file->f_path; + /* Overlayfs mapped files have fake path */ + *path = *file_fake_path(vma->vm_file); path_get(path); rc = 0; } diff --git a/fs/seq_file.c b/fs/seq_file.c index f5fdaf3b1572..7e65fde4336a 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -497,7 +497,7 @@ EXPORT_SYMBOL(seq_path); */ int seq_file_path(struct seq_file *m, struct file *file, const char *esc) { - return seq_path(m, &file->f_path, esc); + return seq_path(m, file_fake_path(file), esc); } EXPORT_SYMBOL(seq_file_path); diff --git a/kernel/audit.c b/kernel/audit.c index 9bc0b0301198..91975f139a03 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2202,7 +2202,8 @@ void audit_log_d_path_exe(struct audit_buffer *ab, if (!exe_file) goto out_null; - audit_log_d_path(ab, " exe=", &exe_file->f_path); + /* Overlayfs mapped files have fake path */ + audit_log_d_path(ab, " exe=", file_fake_path(exe_file)); fput(exe_file); return; out_null: diff --git a/kernel/fork.c b/kernel/fork.c index ed4e01daccaa..9a3c138a677e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1455,8 +1455,9 @@ int replace_mm_exe_file(struct mm_struct *mm, struct file *new_exe_file) for_each_vma(vmi, vma) { if (!vma->vm_file) continue; - if (path_equal(&vma->vm_file->f_path, - &old_exe_file->f_path)) { + /* Overlayfs mapped files have fake path */ + if (path_equal(file_fake_path(vma->vm_file), + file_fake_path(old_exe_file))) { ret = -EBUSY; break; } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 6799b1122c9d..ff0d94fb431c 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -975,7 +975,8 @@ const char *tomoyo_get_exe(void) if (!exe_file) return NULL; - cp = tomoyo_realpath_from_path(&exe_file->f_path); + /* Overlayfs mapped files have fake path */ + cp = tomoyo_realpath_from_path(file_fake_path(exe_file)); fput(exe_file); return cp; } -- 2.34.1