--- /dev/null
+From 6cd078702f2f33cb6b19a682de3e9184112f1a46 Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Thu, 18 Oct 2018 09:45:49 +0300
+Subject: ovl: fix recursive oi->lock in ovl_link()
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream.
+
+linking a non-copied-up file into a non-copied-up parent results in a
+nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up
+target parent before ovl_nlink_start(), same as done in ovl_rename().
+
+~/unionmount-testsuite$ ./run --ov -s
+~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/
+
+ WARNING: possible recursive locking detected
+ --------------------------------------------
+ ln/1545 is trying to acquire lock:
+ 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at:
+ ovl_copy_up_start+0x28/0x7d
+ but task is already holding lock:
+ 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at:
+ ovl_nlink_start+0x3c/0xc1
+
+[SzM: this seems to be a false positive, but doing the copy-up first is
+harmless and removes the lockdep splat]
+
+Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com
+Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...")
+Cc: <stable@vger.kernel.org> # v4.13
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+[amir: backport to v4.18]
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/dir.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -595,6 +595,11 @@ static int ovl_link(struct dentry *old,
+ if (err)
+ goto out_drop_write;
+
++ err = ovl_copy_up(new->d_parent);
++ if (err)
++ goto out_drop_write;
++
++
+ err = ovl_nlink_start(old, &locked);
+ if (err)
+ goto out_drop_write;