]>
Commit | Line | Data |
---|---|---|
68184a5a JR |
1 | From d990b52f916662c551b56aa46ef86141ecc4e679 Mon Sep 17 00:00:00 2001 |
2 | From: Miklos Szeredi <mszeredi@suse.cz> | |
3 | Date: Thu, 30 Aug 2012 16:13:50 +0200 | |
4 | Subject: [PATCH 08/13] fs: limit filesystem stacking depth | |
5 | Patch-mainline: not yet | |
6 | ||
7 | Add a simple read-only counter to super_block that indicates deep this | |
8 | is in the stack of filesystems. Previously ecryptfs was the only | |
9 | stackable filesystem and it explicitly disallowed multiple layers of | |
10 | itself. | |
11 | ||
12 | Overlayfs, however, can be stacked recursively and also may be stacked | |
13 | on top of ecryptfs or vice versa. | |
14 | ||
15 | To limit the kernel stack usage we must limit the depth of the | |
16 | filesystem stack. Initially the limit is set to 2. | |
17 | ||
18 | Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> | |
19 | --- | |
20 | fs/ecryptfs/main.c | 7 +++++++ | |
21 | fs/overlayfs/super.c | 10 ++++++++++ | |
22 | include/linux/fs.h | 11 +++++++++++ | |
23 | 3 files changed, 28 insertions(+) | |
24 | ||
25 | Index: linux-3.6-rc7-master/fs/ecryptfs/main.c | |
26 | =================================================================== | |
27 | --- linux-3.6-rc7-master.orig/fs/ecryptfs/main.c 2012-09-24 03:10:57.000000000 +0200 | |
28 | +++ linux-3.6-rc7-master/fs/ecryptfs/main.c 2012-09-28 13:37:00.000000000 +0200 | |
29 | @@ -566,6 +566,13 @@ static struct dentry *ecryptfs_mount(str | |
30 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; | |
31 | s->s_blocksize = path.dentry->d_sb->s_blocksize; | |
32 | s->s_magic = ECRYPTFS_SUPER_MAGIC; | |
33 | + s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1; | |
34 | + | |
35 | + rc = -EINVAL; | |
36 | + if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { | |
37 | + printk(KERN_ERR "eCryptfs: maximum fs stacking depth exceeded\n"); | |
38 | + goto out_free; | |
39 | + } | |
40 | ||
41 | inode = ecryptfs_get_inode(path.dentry->d_inode, s); | |
42 | rc = PTR_ERR(inode); | |
43 | Index: linux-3.6-rc7-master/fs/overlayfs/super.c | |
44 | =================================================================== | |
45 | --- linux-3.6-rc7-master.orig/fs/overlayfs/super.c 2012-09-28 13:36:57.000000000 +0200 | |
46 | +++ linux-3.6-rc7-master/fs/overlayfs/super.c 2012-09-28 13:37:00.000000000 +0200 | |
47 | @@ -570,6 +570,16 @@ static int ovl_fill_super(struct super_b | |
48 | } | |
49 | ufs->lower_namelen = statfs.f_namelen; | |
50 | ||
51 | + sb->s_stack_depth = max(upperpath.mnt->mnt_sb->s_stack_depth, | |
52 | + lowerpath.mnt->mnt_sb->s_stack_depth) + 1; | |
53 | + | |
54 | + err = -EINVAL; | |
55 | + if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { | |
56 | + printk(KERN_ERR "overlayfs: maximum fs stacking depth exceeded\n"); | |
57 | + goto out_put_lowerpath; | |
58 | + } | |
59 | + | |
60 | + | |
61 | ufs->upper_mnt = clone_private_mount(&upperpath); | |
62 | err = PTR_ERR(ufs->upper_mnt); | |
63 | if (IS_ERR(ufs->upper_mnt)) { | |
64 | Index: linux-3.6-rc7-master/include/linux/fs.h | |
65 | =================================================================== | |
66 | --- linux-3.6-rc7-master.orig/include/linux/fs.h 2012-09-28 13:36:47.000000000 +0200 | |
67 | +++ linux-3.6-rc7-master/include/linux/fs.h 2012-09-28 13:37:00.000000000 +0200 | |
68 | @@ -513,6 +513,12 @@ struct iattr { | |
69 | */ | |
70 | #include <linux/quota.h> | |
71 | ||
72 | +/* | |
73 | + * Maximum number of layers of fs stack. Needs to be limited to | |
74 | + * prevent kernel stack overflow | |
75 | + */ | |
76 | +#define FILESYSTEM_MAX_STACK_DEPTH 2 | |
77 | + | |
78 | /** | |
79 | * enum positive_aop_returns - aop return codes with specific semantics | |
80 | * | |
81 | @@ -1586,6 +1592,11 @@ struct super_block { | |
82 | ||
83 | /* Being remounted read-only */ | |
84 | int s_readonly_remount; | |
85 | + | |
86 | + /* | |
87 | + * Indicates how deep in a filesystem stack this SB is | |
88 | + */ | |
89 | + int s_stack_depth; | |
90 | }; | |
91 | ||
92 | /* superblock cache pruning functions */ |