Miklos Szeredi cd09665ab6 ovl: check whiteout in ovl_create_over_whiteout() ... commit 5e12758086 upstream. Kaixuxia repors that it's possible to crash overlayfs by removing the whiteout on the upper layer before creating a directory over it. This is a reproducer: mkdir lower upper work merge touch lower/file mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge rm merge/file ls -al merge/file rm upper/file ls -al merge/ mkdir merge/file Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the lookup of "upper" is positive and is a whiteout, and return ESTALE otherwise. Reported by: kaixuxia <xiakaixu1987@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: e9be9d5e76 ("overlay filesystem") Cc: <stable@vger.kernel.org> # v3.18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-11-21 09:24:17 +01:00
..
copy_up.c	vfs: swap names of {do,vfs}_clone_file_range()	2018-11-10 07:48:33 -08:00
dir.c	ovl: check whiteout in ovl_create_over_whiteout()	2018-11-21 09:24:17 +01:00
inode.c	ovl: hash non-dir by lower inode for fsnotify	2018-10-03 17:00:56 -07:00
Kconfig	ovl: introduce the inodes index dir feature	2017-07-04 22:03:17 +02:00
Makefile	ovl: split super.c	2016-12-16 11:02:56 +01:00
namei.c	ovl: fix error handling in ovl_verify_set_fh()	2018-11-21 09:24:04 +01:00
overlayfs.h	ovl: fix format of setxattr debug	2018-10-10 08:54:27 +02:00
ovl_entry.h	locking/barriers: Convert users of lockless_dereference() to READ_ONCE()	2017-12-25 14:26:21 +01:00
readdir.c	ovl: fix wrong use of impure dir cache in ovl_iterate()	2018-09-09 19:55:58 +02:00
super.c	ovl: Sync upper dirty data when syncing overlayfs	2018-08-03 07:50:43 +02:00
util.c	ovl: fix memory leak on unlink of indexed file	2018-10-10 08:54:27 +02:00