When the lowerdir of an overlayfs is a merged directory of another
overlayfs, ovl_open_realfile() will fail to open the real file and point
to a lower dentry copy, without the proper parent path. After this,
d_path() will then display the path incorrectly as if the file is placed
in the root directory.
This bug can be triggered with the following setup:
mkdir -p ovl-A/lower ovl-A/upper ovl-A/merge ovl-A/work
mkdir -p ovl-B/upper ovl-B/merge ovl-B/work
cp /bin/cat ovl-A/lower/
mount -t overlay overlay -o \
lowerdir=ovl-A/lower,upperdir=ovl-A/upper,workdir=ovl-A/work \
ovl-A/merge
mount -t overlay overlay -o \
lowerdir=ovl-A/merge,upperdir=ovl-B/upper,workdir=ovl-B/work \
ovl-B/merge
ovl-A/merge/cat /proc/self/maps | grep --color cat
ovl-B/merge/cat /proc/self/maps | grep --color cat
The first cat will correctly show `/ovl-A/merge/cat`, while the second
one shows just `/cat`.
To fix that, uses file_user_path() inside of backing_file_open() to get
the correct file path for the dentry.
Co-developed-by: John Schoenick <johns@valvesoftware.com>
Signed-off-by: John Schoenick <johns@valvesoftware.com>
Signed-off-by: André Almeida <andrealmeid@igalia.com>
Fixes: def3ae83da02 ("fs: store real path instead of fake path in backing file f_path")
Cc: <stable@vger.kernel.org> # v6.7
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
if (!inode_owner_or_capable(real_idmap, realinode))
flags &= ~O_NOATIME;
- realfile = backing_file_open(&file->f_path, flags, realpath,
- current_cred());
+ realfile = backing_file_open(file_user_path((struct file *) file),
+ flags, realpath, current_cred());
}
ovl_revert_creds(old_cred);
projects / users / dwmw2 / linux.git / commitdiff