• Miklos Szeredi's avatar
    ovl: don't allow writing ioctl on lower layer · 7c6893e3
    Miklos Szeredi authored
    Problem with ioctl() is that it's a file operation, yet often used as an
    inode operation (i.e. modify the inode despite the file being opened for
    read-only).
    
    mnt_want_write_file() is used by filesystems in such cases to get write
    access on an arbitrary open file.
    
    Since overlayfs lets filesystems do all file operations, including ioctl,
    this can lead to mnt_want_write_file() returning OK for a lower file and
    modification of that lower file.
    
    This patch prevents modification by checking if the file is from an
    overlayfs lower layer and returning EPERM in that case.
    
    Need to introduce a mnt_want_write_file_path() variant that still does the
    old thing for inode operations that can do the copy up + modification
    correctly in such cases (fchown, fsetxattr, fremovexattr).
    
    This does not address the correctness of such ioctls on overlayfs (the
    correct way would be to copy up and attempt to perform ioctl on upper
    file).
    
    In theory this could be a regression.  We very much hope that nobody is
    relying on such a hack in any sane setup.
    
    While this patch meddles in VFS code, it has no effect on non-overlayfs
    filesystems.
    Reported-by: default avatar"zhangyi (F)" <yi.zhang@huawei.com>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    7c6893e3
internal.h 4.68 KB