ovl: Filter invalid inodes with missing lookup function

Miklos Szeredi · Miklos Szeredi · commit bf4447148888 · 2025-01-14T11:52:33.000+01:00
JIRA: https://issues.redhat.com/browse/RHEL-72307 CVE: CVE-2024-56570 Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. Reported-by: syzbot+a8c9d476508bd14a90e5@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=a8c9d476508bd14a90e5 Suggested-by: Miklos Szeredi <miklos@szeredi.hu> Link: https://lore.kernel.org/linux-unionfs/CAJfpegvx-oS9XGuwpJx=Xe28_jzWx5eRo1y900_ZzWY+=gGzUg@mail.gmail.com/ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> Cc: <stable@vger.kernel.org> Signed-off-by: Amir Goldstein <amir73il@gmail.com> (cherry picked from commit c8b359d) Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
@@ -171,6 +171,9 @@ void ovl_dentry_init_flags(struct dentry *dentry, struct dentry *upperdentry,
 
 bool ovl_dentry_weird(struct dentry *dentry)
 {
+	if (!d_can_lookup(dentry) && !d_is_file(dentry) && !d_is_symlink(dentry))
+		return true;
+
 	return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT |
 				  DCACHE_MANAGE_TRANSIT |
 				  DCACHE_OP_HASH |

Original file line number	Diff line number	Diff line change
`@@ -171,6 +171,9 @@ void ovl_dentry_init_flags(struct dentry dentry, struct dentry upperdentry,`
`171`	`171`
`172`	`172`	`bool ovl_dentry_weird(struct dentry *dentry)`
`173`	`173`	`{`
	`174`	`+ if (!d_can_lookup(dentry) && !d_is_file(dentry) && !d_is_symlink(dentry))`
	`175`	`+ return true;`
	`176`	`+`
`174`	`177`	`return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT \|`
`175`	`178`	`DCACHE_MANAGE_TRANSIT \|`
`176`	`179`	`DCACHE_OP_HASH \|`