From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 15 Nov 2018 05:16:59 +0000 (-0800)
Subject: 4.14-stable patches
X-Git-Tag: v4.19.3~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4786aeb46f20b85d86b05e5aae52464a274ec035;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	ovl-fix-recursive-oi-lock-in-ovl_link.patch
---

diff --git a/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch b/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch
new file mode 100644
index 00000000000..3512c792300
--- /dev/null
+++ b/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch
@@ -0,0 +1,55 @@
+From 6cd078702f2f33cb6b19a682de3e9184112f1a46 Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Thu, 18 Oct 2018 09:45:49 +0300
+Subject: ovl: fix recursive oi->lock in ovl_link()
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream.
+
+linking a non-copied-up file into a non-copied-up parent results in a
+nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up
+target parent before ovl_nlink_start(), same as done in ovl_rename().
+
+~/unionmount-testsuite$ ./run --ov -s
+~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/
+
+ WARNING: possible recursive locking detected
+ --------------------------------------------
+ ln/1545 is trying to acquire lock:
+ 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_copy_up_start+0x28/0x7d
+ but task is already holding lock:
+ 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_nlink_start+0x3c/0xc1
+
+[SzM: this seems to be a false positive, but doing the copy-up first is
+harmless and removes the lockdep splat]
+
+Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com
+Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...")
+Cc: <stable@vger.kernel.org> # v4.13
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+[amir: backport to v4.18]
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/dir.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -595,6 +595,11 @@ static int ovl_link(struct dentry *old,
+ 	if (err)
+ 		goto out_drop_write;
+ 
++	err = ovl_copy_up(new->d_parent);
++	if (err)
++		goto out_drop_write;
++
++
+ 	err = ovl_nlink_start(old, &locked);
+ 	if (err)
+ 		goto out_drop_write;
diff --git a/queue-4.14/series b/queue-4.14/series
index 339a818cff4..a44140f542a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -31,3 +31,4 @@ fuse-fix-use-after-free-in-fuse_dev_do_read.patch
 fuse-fix-use-after-free-in-fuse_dev_do_write.patch
 fuse-fix-blocked_waitq-wakeup.patch
 fuse-set-fr_sent-while-locked.patch
+ovl-fix-recursive-oi-lock-in-ovl_link.patch