From 1b9d67b2c85f35cf2ac0e602c25d97ed7d40feac Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 14 Nov 2018 21:17:04 -0800
Subject: [PATCH] 4.18-stable patches

added patches:
	ovl-fix-recursive-oi-lock-in-ovl_link.patch
---
 ...vl-fix-recursive-oi-lock-in-ovl_link.patch | 55 +++++++++++++++++++
 queue-4.18/series                             |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 queue-4.18/ovl-fix-recursive-oi-lock-in-ovl_link.patch

diff --git a/queue-4.18/ovl-fix-recursive-oi-lock-in-ovl_link.patch b/queue-4.18/ovl-fix-recursive-oi-lock-in-ovl_link.patch
new file mode 100644
index 00000000000..8b23e712efa
--- /dev/null
+++ b/queue-4.18/ovl-fix-recursive-oi-lock-in-ovl_link.patch
@@ -0,0 +1,55 @@
+From 6cd078702f2f33cb6b19a682de3e9184112f1a46 Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Thu, 18 Oct 2018 09:45:49 +0300
+Subject: ovl: fix recursive oi->lock in ovl_link()
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream.
+
+linking a non-copied-up file into a non-copied-up parent results in a
+nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up
+target parent before ovl_nlink_start(), same as done in ovl_rename().
+
+~/unionmount-testsuite$ ./run --ov -s
+~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/
+
+ WARNING: possible recursive locking detected
+ --------------------------------------------
+ ln/1545 is trying to acquire lock:
+ 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_copy_up_start+0x28/0x7d
+ but task is already holding lock:
+ 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at:
+     ovl_nlink_start+0x3c/0xc1
+
+[SzM: this seems to be a false positive, but doing the copy-up first is
+harmless and removes the lockdep splat]
+
+Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com
+Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...")
+Cc: <stable@vger.kernel.org> # v4.13
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+[amir: backport to v4.18]
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/overlayfs/dir.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -665,6 +665,11 @@ static int ovl_link(struct dentry *old,
+ 	if (err)
+ 		goto out_drop_write;
+ 
++	err = ovl_copy_up(new->d_parent);
++	if (err)
++		goto out_drop_write;
++
++
+ 	err = ovl_nlink_start(old, &locked);
+ 	if (err)
+ 		goto out_drop_write;
diff --git a/queue-4.18/series b/queue-4.18/series
index dae60fa0c4b..fb1bbfaf3be 100644
--- a/queue-4.18/series
+++ b/queue-4.18/series
@@ -46,5 +46,6 @@ fuse-fix-use-after-free-in-fuse_dev_do_read.patch
 fuse-fix-use-after-free-in-fuse_dev_do_write.patch
 fuse-fix-blocked_waitq-wakeup.patch
 fuse-set-fr_sent-while-locked.patch
+ovl-fix-recursive-oi-lock-in-ovl_link.patch
 scsi-qla2xxx-fix-re-using-loopid-when-handle-is-in-use.patch
 scsi-qla2xxx-fix-nvme-session-hang-on-unload.patch
-- 
2.47.3