1 From d990b52f916662c551b56aa46ef86141ecc4e679 Mon Sep 17 00:00:00 2001
2 From: Miklos Szeredi <mszeredi@suse.cz>
3 Date: Thu, 30 Aug 2012 16:13:50 +0200
4 Subject: [PATCH 08/13] fs: limit filesystem stacking depth
5 Patch-mainline: not yet
7 Add a simple read-only counter to super_block that indicates deep this
8 is in the stack of filesystems. Previously ecryptfs was the only
9 stackable filesystem and it explicitly disallowed multiple layers of
12 Overlayfs, however, can be stacked recursively and also may be stacked
13 on top of ecryptfs or vice versa.
15 To limit the kernel stack usage we must limit the depth of the
16 filesystem stack. Initially the limit is set to 2.
18 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
20 fs/ecryptfs/main.c | 7 +++++++
21 fs/overlayfs/super.c | 10 ++++++++++
22 include/linux/fs.h | 11 +++++++++++
23 3 files changed, 28 insertions(+)
25 --- a/fs/ecryptfs/main.c
26 +++ b/fs/ecryptfs/main.c
27 @@ -567,6 +567,13 @@ static struct dentry *ecryptfs_mount(str
28 s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
29 s->s_blocksize = path.dentry->d_sb->s_blocksize;
30 s->s_magic = ECRYPTFS_SUPER_MAGIC;
31 + s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;
34 + if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
35 + pr_err("eCryptfs: maximum fs stacking depth exceeded\n");
39 inode = ecryptfs_get_inode(path.dentry->d_inode, s);
41 --- a/fs/overlayfs/super.c
42 +++ b/fs/overlayfs/super.c
43 @@ -571,6 +571,16 @@ static int ovl_fill_super(struct super_b
45 ufs->lower_namelen = statfs.f_namelen;
47 + sb->s_stack_depth = max(upperpath.mnt->mnt_sb->s_stack_depth,
48 + lowerpath.mnt->mnt_sb->s_stack_depth) + 1;
51 + if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
52 + pr_err("overlayfs: maximum fs stacking depth exceeded\n");
53 + goto out_put_lowerpath;
57 ufs->upper_mnt = clone_private_mount(&upperpath);
58 err = PTR_ERR(ufs->upper_mnt);
59 if (IS_ERR(ufs->upper_mnt)) {
60 --- a/include/linux/fs.h
61 +++ b/include/linux/fs.h
62 @@ -244,6 +244,12 @@ struct iattr {
64 #include <linux/quota.h>
67 + * Maximum number of layers of fs stack. Needs to be limited to
68 + * prevent kernel stack overflow
70 +#define FILESYSTEM_MAX_STACK_DEPTH 2
73 * enum positive_aop_returns - aop return codes with specific semantics
75 @@ -1322,6 +1328,11 @@ struct super_block {
77 /* Being remounted read-only */
78 int s_readonly_remount;
81 + * Indicates how deep in a filesystem stack this SB is
86 /* superblock cache pruning functions */