Miklos Szeredi 5e12758086 ovl: check whiteout in ovl_create_over_whiteout() ... Kaixuxia repors that it's possible to crash overlayfs by removing the whiteout on the upper layer before creating a directory over it. This is a reproducer: mkdir lower upper work merge touch lower/file mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge rm merge/file ls -al merge/file rm upper/file ls -al merge/ mkdir merge/file Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the lookup of "upper" is positive and is a whiteout, and return ESTALE otherwise. Reported by: kaixuxia <xiakaixu1987@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: e9be9d5e76 ("overlay filesystem") Cc: <stable@vger.kernel.org> # v3.18		2018-10-31 12:15:23 +01:00
..
copy_up.c	ovl: fold copy-up helpers into callers	2018-10-26 23:34:39 +02:00
dir.c	ovl: check whiteout in ovl_create_over_whiteout()	2018-10-31 12:15:23 +01:00
export.c	ovl: Modify ovl_lookup() and friends to lookup metacopy dentry	2018-07-20 09:56:09 +02:00
file.c	vfs: swap names of {do,vfs}_clone_file_range()	2018-09-24 10:54:01 +02:00
inode.c	ovl: relax permission checking on underlying layers	2018-10-26 23:34:39 +02:00
Kconfig	ovl: Provide a mount option metacopy=on/off for metadata copyup	2018-07-20 09:56:06 +02:00
Makefile	ovl: stack file ops	2018-07-18 15:44:41 +02:00
namei.c	ovl: fix error handling in ovl_verify_set_fh()	2018-10-26 23:34:39 +02:00
overlayfs.h	ovl: abstract ovl_inode lock with a helper	2018-10-26 23:34:40 +02:00
ovl_entry.h	ovl: Store lower data inode in ovl_inode	2018-07-20 09:56:11 +02:00
readdir.c	ovl: fix wrong use of impure dir cache in ovl_iterate()	2018-07-17 16:04:34 +02:00
super.c	ovl: relax requirement for non null uuid of lower fs	2018-10-26 23:34:40 +02:00
util.c	ovl: abstract ovl_inode lock with a helper	2018-10-26 23:34:40 +02:00