From nobody Fri Dec 19 07:02:12 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D23E1422BE; Sun, 24 Mar 2024 22:49:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320545; cv=none; b=WeiAxAz/lfF35PEBgxWbN6jeT1fsmbmJcBnYlzCGF6v9e2a7zVwLLofWp9TGP+3w2UNcXtCHIEUgj7VjQO9KSfzHUJchwmkrb/cGOp8B02E4Xur2DluwvrIYKziMV2sqtLhST1aqSBIo8uo139dYWcwJd4lK9ylf0m/mASPWGM4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320545; c=relaxed/simple; bh=TqbdMatSwzqhA9SLehDS7UjFj034MU3eHyuNpAN4Ps8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eZjY8PYFsLmm+Kd/TwrwXe8CYBcSqUEwhbrr1z1aGRq0VRer7bI96zYI88jbbryMHsjpYg24xbkL0ZoUpD+9k14LA3Zr75yS4O0rC8pabXElZ8QVRKqYJGqc+s/FE6LTRLeEORO+JwSn0tNNihQquvOVRZG3ScCBFrZ0WILZJOE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RIqyzooz; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RIqyzooz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 531E9C433F1; Sun, 24 Mar 2024 22:49:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320544; bh=TqbdMatSwzqhA9SLehDS7UjFj034MU3eHyuNpAN4Ps8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RIqyzoozJ25rN2HeXZWkW9kxregwj9EFm2XxP2BrpmXA4/jG5P0LD370+mxgrtkqi VWbCgXZNZMFGSHa9urvHXGa/MWYjkp4SRCDo6zvxkOfll/1jGTWu6kP0QqgC/1gG3o BKzL7OPyzg1kXJEPNdHLofmKJJqlf4rgh+f+d05u2ebNeENUSFibwS42NKbmuh3jJ8 E/tWhhTEVocuh+n04X2t8WwZBJHRVLam7TGg6p5zIfmRRb511gykSk5Tj794RenFtC 6+eEtMCJZHNEb3/wDuoi+Ayht9elqakrgSiQT8NpccZXPKs2EWHUq18JXIaKpGHMi9 WI8AuRWmf6ZDg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gabriel Krisman Bertazi , Amir Goldstein , Eric Biggers , Sasha Levin Subject: [PATCH 6.7 105/713] ovl: Always reject mounting over case-insensitive directories Date: Sun, 24 Mar 2024 18:37:11 -0400 Message-ID: <20240324224720.1345309-106-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324224720.1345309-1-sashal@kernel.org> References: <20240324224720.1345309-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gabriel Krisman Bertazi [ Upstream commit 2824083db76cb9d4b7910607b367e93b02912865 ] overlayfs relies on the filesystem setting DCACHE_OP_HASH or DCACHE_OP_COMPARE to reject mounting over case-insensitive directories. Since commit bb9cd9106b22 ("fscrypt: Have filesystems handle their d_ops"), we set ->d_op through a hook in ->d_lookup, which means the root dentry won't have them, causing the mount to accidentally succeed. In v6.7-rc7, the following sequence will succeed to mount, but any dentry other than the root dentry will be a "weird" dentry to ovl and fail with EREMOTE. mkfs.ext4 -O casefold lower.img mount -O loop lower.img lower mount -t overlay -o lowerdir=3Dlower,upperdir=3Dupper,workdir=3Dwork ovl = /mnt Mounting on a subdirectory fails, as expected, because DCACHE_OP_HASH and DCACHE_OP_COMPARE are properly set by ->lookup. Fix by explicitly rejecting superblocks that allow case-insensitive dentries. Yes, this will be solved when we move d_op configuration back to ->s_d_op. Yet, we better have an explicit fix to avoid messing up again. While there, re-sort the entries to have more descriptive error messages first. Fixes: bb9cd9106b22 ("fscrypt: Have filesystems handle their d_ops") Acked-by: Amir Goldstein Reviewed-by: Eric Biggers Link: https://lore.kernel.org/r/20240221171412.10710-2-krisman@suse.de Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: Sasha Levin --- fs/overlayfs/params.c | 14 +++++++++++--- include/linux/fs.h | 9 +++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 3fe2dde1598f9..488f920f79d28 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -280,12 +280,20 @@ static int ovl_mount_dir_check(struct fs_context *fc,= const struct path *path, { struct ovl_fs_context *ctx =3D fc->fs_private; =20 - if (ovl_dentry_weird(path->dentry)) - return invalfc(fc, "filesystem on %s not supported", name); - if (!d_is_dir(path->dentry)) return invalfc(fc, "%s is not a directory", name); =20 + /* + * Root dentries of case-insensitive capable filesystems might + * not have the dentry operations set, but still be incompatible + * with overlayfs. Check explicitly to prevent post-mount + * failures. + */ + if (sb_has_encoding(path->mnt->mnt_sb)) + return invalfc(fc, "case-insensitive capable filesystem on %s not suppor= ted", name); + + if (ovl_dentry_weird(path->dentry)) + return invalfc(fc, "filesystem on %s not supported", name); =20 /* * Check whether upper path is read-only here to report failures diff --git a/include/linux/fs.h b/include/linux/fs.h index 7f659c26794b5..98c718b0fe532 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3205,6 +3205,15 @@ extern int generic_check_addressable(unsigned, u64); =20 extern void generic_set_encrypted_ci_d_ops(struct dentry *dentry); =20 +static inline bool sb_has_encoding(const struct super_block *sb) +{ +#if IS_ENABLED(CONFIG_UNICODE) + return !!sb->s_encoding; +#else + return false; +#endif +} + int may_setattr(struct mnt_idmap *idmap, struct inode *inode, unsigned int ia_valid); int setattr_prepare(struct mnt_idmap *, struct dentry *, struct iattr *); --=20 2.43.0