--- /dev/null
+From c1892c37769cf89c7e7ba57528ae2ccb5d153c9b Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 3 Aug 2016 13:44:27 +0200
+Subject: vfs: fix deadlock in file_remove_privs() on overlayfs
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit c1892c37769cf89c7e7ba57528ae2ccb5d153c9b upstream.
+
+file_remove_privs() is called with inode lock on file_inode(), which
+proceeds to calling notify_change() on file->f_path.dentry. Which triggers
+the WARN_ON_ONCE(!inode_is_locked(inode)) in addition to deadlocking later
+when ovl_setattr tries to lock the underlying inode again.
+
+Fix this mess by not mixing the layers, but doing everything on underlying
+dentry/inode.
+
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: 07a2daab49c5 ("ovl: Copy up underlying inode's ->i_mode to overlay inode")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1733,8 +1733,8 @@ static int __remove_privs(struct dentry
+ */
+ int file_remove_privs(struct file *file)
+ {
+- struct dentry *dentry = file->f_path.dentry;
+- struct inode *inode = d_inode(dentry);
++ struct dentry *dentry = file_dentry(file);
++ struct inode *inode = file_inode(file);
+ int kill;
+ int error = 0;
+
+@@ -1742,7 +1742,7 @@ int file_remove_privs(struct file *file)
+ if (IS_NOSEC(inode))
+ return 0;
+
+- kill = file_needs_remove_privs(file);
++ kill = dentry_needs_remove_privs(dentry);
+ if (kill < 0)
+ return kill;
+ if (kill)
projects / thirdparty / kernel / stable-queue.git / commitdiff
