[packages/kernel.git] / ovl08-fs-limit-filesystem-stacking-depth.patch

From d990b52f916662c551b56aa46ef86141ecc4e679 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@suse.cz>
Date: Thu, 30 Aug 2012 16:13:50 +0200
Subject: [PATCH 08/13] fs: limit filesystem stacking depth
Patch-mainline: not yet

Add a simple read-only counter to super_block that indicates deep this
is in the stack of filesystems.  Previously ecryptfs was the only
stackable filesystem and it explicitly disallowed multiple layers of
itself.

Overlayfs, however, can be stacked recursively and also may be stacked
on top of ecryptfs or vice versa.

To limit the kernel stack usage we must limit the depth of the
filesystem stack.  Initially the limit is set to 2.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
 fs/ecryptfs/main.c   |    7 +++++++
 fs/overlayfs/super.c |   10 ++++++++++
 include/linux/fs.h   |   11 +++++++++++
 3 files changed, 28 insertions(+)

Index: linux-3.6-rc7-master/fs/ecryptfs/main.c
===================================================================
--- linux-3.6-rc7-master.orig/fs/ecryptfs/main.c	2012-09-24 03:10:57.000000000 +0200
+++ linux-3.6-rc7-master/fs/ecryptfs/main.c	2012-09-28 13:37:00.000000000 +0200
@@ -566,6 +566,13 @@ static struct dentry *ecryptfs_mount(str
 	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
 	s->s_blocksize = path.dentry->d_sb->s_blocksize;
 	s->s_magic = ECRYPTFS_SUPER_MAGIC;
+	s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;
+
+	rc = -EINVAL;
+	if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+		printk(KERN_ERR "eCryptfs: maximum fs stacking depth exceeded\n");
+		goto out_free;
+	}
 
 	inode = ecryptfs_get_inode(path.dentry->d_inode, s);
 	rc = PTR_ERR(inode);
Index: linux-3.6-rc7-master/fs/overlayfs/super.c
===================================================================
--- linux-3.6-rc7-master.orig/fs/overlayfs/super.c	2012-09-28 13:36:57.000000000 +0200
+++ linux-3.6-rc7-master/fs/overlayfs/super.c	2012-09-28 13:37:00.000000000 +0200
@@ -570,6 +570,16 @@ static int ovl_fill_super(struct super_b
 	}
 	ufs->lower_namelen = statfs.f_namelen;
 
+	sb->s_stack_depth = max(upperpath.mnt->mnt_sb->s_stack_depth,
+				lowerpath.mnt->mnt_sb->s_stack_depth) + 1;
+
+	err = -EINVAL;
+	if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+		printk(KERN_ERR "overlayfs: maximum fs stacking depth exceeded\n");
+		goto out_put_lowerpath;
+	}
+
+
 	ufs->upper_mnt = clone_private_mount(&upperpath);
 	err = PTR_ERR(ufs->upper_mnt);
 	if (IS_ERR(ufs->upper_mnt)) {
Index: linux-3.6-rc7-master/include/linux/fs.h
===================================================================
--- linux-3.6-rc7-master.orig/include/linux/fs.h	2012-09-28 13:36:47.000000000 +0200
+++ linux-3.6-rc7-master/include/linux/fs.h	2012-09-28 13:37:00.000000000 +0200
@@ -513,6 +513,12 @@ struct iattr {
  */
 #include <linux/quota.h>
 
+/*
+ * Maximum number of layers of fs stack.  Needs to be limited to
+ * prevent kernel stack overflow
+ */
+#define FILESYSTEM_MAX_STACK_DEPTH 2
+
 /** 
  * enum positive_aop_returns - aop return codes with specific semantics
  *
@@ -1586,6 +1592,11 @@ struct super_block {
 
 	/* Being remounted read-only */
 	int s_readonly_remount;
+
+	/*
+	 * Indicates how deep in a filesystem stack this SB is
+	 */
+	int s_stack_depth;
 };
 
 /* superblock cache pruning functions */
Commit	Line	Data
68184a5a JR	1	From d990b52f916662c551b56aa46ef86141ecc4e679 Mon Sep 17 00:00:00 2001
	2	From: Miklos Szeredi <mszeredi@suse.cz>
	3	Date: Thu, 30 Aug 2012 16:13:50 +0200
	4	Subject: [PATCH 08/13] fs: limit filesystem stacking depth
	5	Patch-mainline: not yet
	6
	7	Add a simple read-only counter to super_block that indicates deep this
	8	is in the stack of filesystems. Previously ecryptfs was the only
	9	stackable filesystem and it explicitly disallowed multiple layers of
	10	itself.
	11
	12	Overlayfs, however, can be stacked recursively and also may be stacked
	13	on top of ecryptfs or vice versa.
	14
	15	To limit the kernel stack usage we must limit the depth of the
	16	filesystem stack. Initially the limit is set to 2.
	17
	18	Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
	19	---
	20	fs/ecryptfs/main.c \| 7 +++++++
	21	fs/overlayfs/super.c \| 10 ++++++++++
	22	include/linux/fs.h \| 11 +++++++++++
	23	3 files changed, 28 insertions(+)
	24
	25	Index: linux-3.6-rc7-master/fs/ecryptfs/main.c
	26	===================================================================
	27	--- linux-3.6-rc7-master.orig/fs/ecryptfs/main.c 2012-09-24 03:10:57.000000000 +0200
	28	+++ linux-3.6-rc7-master/fs/ecryptfs/main.c 2012-09-28 13:37:00.000000000 +0200
	29	@@ -566,6 +566,13 @@ static struct dentry *ecryptfs_mount(str
	30	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
	31	s->s_blocksize = path.dentry->d_sb->s_blocksize;
	32	s->s_magic = ECRYPTFS_SUPER_MAGIC;
	33	+ s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;
	34	+
	35	+ rc = -EINVAL;
	36	+ if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
	37	+ printk(KERN_ERR "eCryptfs: maximum fs stacking depth exceeded\n");
	38	+ goto out_free;
	39	+ }
	40
	41	inode = ecryptfs_get_inode(path.dentry->d_inode, s);
	42	rc = PTR_ERR(inode);
	43	Index: linux-3.6-rc7-master/fs/overlayfs/super.c
	44	===================================================================
	45	--- linux-3.6-rc7-master.orig/fs/overlayfs/super.c 2012-09-28 13:36:57.000000000 +0200
	46	+++ linux-3.6-rc7-master/fs/overlayfs/super.c 2012-09-28 13:37:00.000000000 +0200
	47	@@ -570,6 +570,16 @@ static int ovl_fill_super(struct super_b
	48	}
	49	ufs->lower_namelen = statfs.f_namelen;
	50
	51	+ sb->s_stack_depth = max(upperpath.mnt->mnt_sb->s_stack_depth,
	52	+ lowerpath.mnt->mnt_sb->s_stack_depth) + 1;
	53	+
	54	+ err = -EINVAL;
	55	+ if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
	56	+ printk(KERN_ERR "overlayfs: maximum fs stacking depth exceeded\n");
	57	+ goto out_put_lowerpath;
	58	+ }
	59	+
	60	+
	61	ufs->upper_mnt = clone_private_mount(&upperpath);
	62	err = PTR_ERR(ufs->upper_mnt);
	63	if (IS_ERR(ufs->upper_mnt)) {
	64	Index: linux-3.6-rc7-master/include/linux/fs.h
65	===================================================================
66	--- linux-3.6-rc7-master.orig/include/linux/fs.h 2012-09-28 13:36:47.000000000 +0200
67	+++ linux-3.6-rc7-master/include/linux/fs.h 2012-09-28 13:37:00.000000000 +0200
68	@@ -513,6 +513,12 @@ struct iattr {
69	*/
70	#include <linux/quota.h>
71
72	+/*
73	+ * Maximum number of layers of fs stack. Needs to be limited to
74	+ * prevent kernel stack overflow
75	+ */
76	+#define FILESYSTEM_MAX_STACK_DEPTH 2
77	+
78	/**
79	* enum positive_aop_returns - aop return codes with specific semantics
80	*
81	@@ -1586,6 +1592,11 @@ struct super_block {
82
83	/* Being remounted read-only */
84	int s_readonly_remount;
85	+
86	+ /*
87	+ * Indicates how deep in a filesystem stack this SB is
88	+ */
89	+ int s_stack_depth;
90	};
91
92	/* superblock cache pruning functions */