]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.14-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 15 Nov 2018 05:16:59 +0000 (21:16 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 15 Nov 2018 05:16:59 +0000 (21:16 -0800)
added patches:
ovl-fix-recursive-oi-lock-in-ovl_link.patch

queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch [new file with mode: 0644]
queue-4.14/series

diff --git a/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch b/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch
new file mode 100644 (file)
index 0000000..3512c79
--- /dev/null
@@ -0,0 +1,55 @@
+From 6cd078702f2f33cb6b19a682de3e9184112f1a46 Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Thu, 18 Oct 2018 09:45:49 +0300
+Subject: ovl: fix recursive oi->lock in ovl_link()
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream.
+
+linking a non-copied-up file into a non-copied-up parent results in a
+nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up
+target parent before ovl_nlink_start(), same as done in ovl_rename().
+
+~/unionmount-testsuite$ ./run --ov -s
+~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/
+
+ WARNING: possible recursive locking detected
+ --------------------------------------------
+ ln/1545 is trying to acquire lock:
+ 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_copy_up_start+0x28/0x7d
+ but task is already holding lock:
+ 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_nlink_start+0x3c/0xc1
+
+[SzM: this seems to be a false positive, but doing the copy-up first is
+harmless and removes the lockdep splat]
+
+Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com
+Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...")
+Cc: <stable@vger.kernel.org> # v4.13
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+[amir: backport to v4.18]
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/dir.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -595,6 +595,11 @@ static int ovl_link(struct dentry *old,
+       if (err)
+               goto out_drop_write;
++      err = ovl_copy_up(new->d_parent);
++      if (err)
++              goto out_drop_write;
++
++
+       err = ovl_nlink_start(old, &locked);
+       if (err)
+               goto out_drop_write;
index 339a818cff4f1e362e4c92dfbbb5e2b621d3dce8..a44140f542a0f6bcef1d5cf8a9fb18b2705fce9d 100644 (file)
@@ -31,3 +31,4 @@ fuse-fix-use-after-free-in-fuse_dev_do_read.patch
 fuse-fix-use-after-free-in-fuse_dev_do_write.patch
 fuse-fix-blocked_waitq-wakeup.patch
 fuse-set-fr_sent-while-locked.patch
+ovl-fix-recursive-oi-lock-in-ovl_link.patch