lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAOQ4uxg326bEDdfKCKnoV0MnBBgRbxPEgN_41kBJv9HUdb-5dg@mail.gmail.com>
Date: Sun, 10 Aug 2025 15:02:20 +0200
From: Amir Goldstein <amir73il@...il.com>
To: André Almeida <andrealmeid@...lia.com>
Cc: Miklos Szeredi <miklos@...redi.hu>, Theodore Tso <tytso@....edu>, 
	Gabriel Krisman Bertazi <krisman@...nel.org>, linux-unionfs@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
	Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, 
	kernel-dev@...lia.com
Subject: Re: [PATCH RFC v3 6/7] ovl: Add S_CASEFOLD as part of the inode flag
 to be copied

On Sat, Aug 9, 2025 at 11:51 AM Amir Goldstein <amir73il@...il.com> wrote:
>
> On Fri, Aug 8, 2025 at 10:59 PM André Almeida <andrealmeid@...lia.com> wrote:
> >
> > To keep ovl's inodes consistent with their real inodes, add the
> > S_CASEFOLD flag as part of the flags that need to be copied.
> >
> > Signed-off-by: André Almeida <andrealmeid@...lia.com>
> > ---
> > Changes from v2:
> > - Instead of manually setting the flag if the realpath dentry is
> >   casefolded, just add this flag as part of the flags that need to be
> >   copied.
> > ---
> >  fs/overlayfs/overlayfs.h | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
> > index bb0d7ded8e763a4a7a6fc506d966ed2f3bdb4f06..8a9a67d2933173c61b0fa0af5634d91e092e00b2 100644
> > --- a/fs/overlayfs/overlayfs.h
> > +++ b/fs/overlayfs/overlayfs.h
> > @@ -822,7 +822,7 @@ struct inode *ovl_get_inode(struct super_block *sb,
> >  void ovl_copyattr(struct inode *to);
> >
> >  /* vfs inode flags copied from real to ovl inode */
> > -#define OVL_COPY_I_FLAGS_MASK  (S_SYNC | S_NOATIME | S_APPEND | S_IMMUTABLE)
> > +#define OVL_COPY_I_FLAGS_MASK  (S_SYNC | S_NOATIME | S_APPEND | S_IMMUTABLE | S_CASEFOLD)
> >  /* vfs inode flags read from overlay.protattr xattr to ovl inode */
> >  #define OVL_PROT_I_FLAGS_MASK  (S_APPEND | S_IMMUTABLE)
> >
>
> Ok, this is simpler, but it's too simple.
> OVL_COPY_I_FLAGS_MASK is used in copy up with the assumption that
> all copied i_flags are related to fileattr flags, so you need something like:
>
> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> index 27396fe63f6d..66bd43a99d2e 100644
> --- a/fs/overlayfs/copy_up.c
> +++ b/fs/overlayfs/copy_up.c
> @@ -670,7 +670,7 @@ static int ovl_copy_up_metadata(struct
> ovl_copy_up_ctx *c, struct dentry *temp)
>         if (err)
>                 return err;
>
> -       if (inode->i_flags & OVL_COPY_I_FLAGS_MASK &&
> +       if (inode->i_flags & OVL_FATTR_I_FLAGS_MASK &&
>             (S_ISREG(c->stat.mode) || S_ISDIR(c->stat.mode))) {
>                 /*
>                  * Copy the fileattr inode flags that are the source of already

Which reminds me that you also need to verify that a copied up directory
conforms to the ofs->casefold expectation, because there is no code
to make the copied up directory casefolded.

We can assume that layers check has already verified that upperdir/workdir
are casefold correct, but we need to verify that $workdir/work/$tmpdir created
by ovl_create_temp() has inherited the expected casefolding.

Same goes for ovl_mkdir(), we must verify that the new created dentry/inode
conform to the expected ofs->casefold.

I think this check in ovl_create_real() should cover both cases:

diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 70b8687dc45e..be8c5d02302d 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -187,6 +187,11 @@ struct dentry *ovl_create_real(struct ovl_fs
*ofs, struct dentry *parent,
                        /* mkdir is special... */
                        newdentry =  ovl_do_mkdir(ofs, dir, newdentry,
attr->mode);
                        err = PTR_ERR_OR_ZERO(newdentry);
+                       /* expect to inherit casefolding from
workdir/upperdir */
+                       if (!err && ofs->casefold !=
ovl_dentry_casefolded(newdentry)) {
+                               dput(newdentry);
+                               err = -EINVAL;
+                       }
                        break;

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ