From: Greg Kroah-Hartman Date: Thu, 15 Nov 2018 05:16:59 +0000 (-0800) Subject: 4.14-stable patches X-Git-Tag: v4.19.3~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4786aeb46f20b85d86b05e5aae52464a274ec035;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: ovl-fix-recursive-oi-lock-in-ovl_link.patch --- diff --git a/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch b/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch new file mode 100644 index 00000000000..3512c792300 --- /dev/null +++ b/queue-4.14/ovl-fix-recursive-oi-lock-in-ovl_link.patch @@ -0,0 +1,55 @@ +From 6cd078702f2f33cb6b19a682de3e9184112f1a46 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Thu, 18 Oct 2018 09:45:49 +0300 +Subject: ovl: fix recursive oi->lock in ovl_link() + +From: Amir Goldstein + +commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream. + +linking a non-copied-up file into a non-copied-up parent results in a +nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up +target parent before ovl_nlink_start(), same as done in ovl_rename(). + +~/unionmount-testsuite$ ./run --ov -s +~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/ + + WARNING: possible recursive locking detected + -------------------------------------------- + ln/1545 is trying to acquire lock: + 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at: + ovl_copy_up_start+0x28/0x7d + but task is already holding lock: + 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at: + ovl_nlink_start+0x3c/0xc1 + +[SzM: this seems to be a false positive, but doing the copy-up first is +harmless and removes the lockdep splat] + +Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com +Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...") +Cc: # v4.13 +Signed-off-by: Amir Goldstein +Signed-off-by: Miklos Szeredi +[amir: backport to v4.18] +Signed-off-by: Amir Goldstein +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/dir.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/overlayfs/dir.c ++++ b/fs/overlayfs/dir.c +@@ -595,6 +595,11 @@ static int ovl_link(struct dentry *old, + if (err) + goto out_drop_write; + ++ err = ovl_copy_up(new->d_parent); ++ if (err) ++ goto out_drop_write; ++ ++ + err = ovl_nlink_start(old, &locked); + if (err) + goto out_drop_write; diff --git a/queue-4.14/series b/queue-4.14/series index 339a818cff4..a44140f542a 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -31,3 +31,4 @@ fuse-fix-use-after-free-in-fuse_dev_do_read.patch fuse-fix-use-after-free-in-fuse_dev_do_write.patch fuse-fix-blocked_waitq-wakeup.patch fuse-set-fr_sent-while-locked.patch +ovl-fix-recursive-oi-lock-in-ovl_link.patch