From: Miklos Szeredi <mszeredi@redhat.com> mainline inclusion from mainline-v6.15-rc3 commit eb3a04a8516ee9b5174379306f94279fc90424c4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IC4U5N CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops. Fix by disallowing datadir without lowerdir. Reported-by: Giuseppe Scrivano <gscrivan@redhat.com> Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one") Cc: <stable@vger.kernel.org> # v6.7 Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Alexander Larsson <alexl@redhat.com> Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> --- fs/overlayfs/super.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 2c056d737c27..93ee57bc82ad 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1178,10 +1178,15 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, if (!ofs->config.upperdir && ctx->nr == 1) { pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n"); return ERR_PTR(-EINVAL); } + if (ctx->nr == ctx->nr_data) { + pr_err("at least one non-data lowerdir is required\n"); + return ERR_PTR(-EINVAL); + } + err = -EINVAL; for (i = 0; i < ctx->nr; i++) { l = &ctx->lower[i]; err = ovl_lower_dir(l->name, &l->path, ofs, &sb->s_stack_depth); -- 2.34.3