Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ovl: fail ovl_lock_rename_workdir() if either target is unhashed 

As well as checking that the parent hasn't changed after getting the
lock we need to check that the dentry hasn't been unhashed.
Otherwise we might try to rename something that has been removed.

Reported-by: syzbot+bfc9a0ccf0de47d04e8c@syzkaller.appspotmail.com
Fixes: d2c995581c ("ovl: Call ovl_create_temp() without lock held.")
Signed-off-by: NeilBrown <neil@brown.name>
Link: https://patch.msgid.link/176429295510.634289.1552337113663461690@noble.neil.brown.name
Tested-by: syzbot+bfc9a0ccf0de47d04e8c@syzkaller.appspotmail.com
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
NeilBrown 2025-11-28 12:22:35 +11:00 committed by Christian Brauner
parent 7b6dcd9bfd
commit e9c70084a6
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fs/overlayfs/util.c
View File

@ -1234,9 +1234,9 @@ int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *work,
goto err; goto err;
if (trap) if (trap)
goto err_unlock; goto err_unlock;
if (work && work->d_parent != workdir) if (work && (work->d_parent != workdir || d_unhashed(work)))
goto err_unlock; goto err_unlock;
if (upper && upper->d_parent != upperdir) if (upper && (upper->d_parent != upperdir || d_unhashed(upper)))
goto err_unlock; goto err_unlock;
return 0; return 0;