iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Amir Goldstein 20396365a1 ovl: fix oops in ovl_indexdir_cleanup() with nfs_export=on 
Mounting with nfs_export=on, xfstests overlay/031 triggers a kernel panic
since v5.8-rc1 overlayfs updates.

 overlayfs: orphan index entry (index/00fb1..., ftype=4000, nlink=2)
 BUG: kernel NULL pointer dereference, address: 0000000000000030
 RIP: 0010:ovl_cleanup_and_whiteout+0x28/0x220 [overlay]

Bisect point at commit c21c839b8448 ("ovl: whiteout inode sharing")

Minimal reproducer:
--------------------------------------------------
rm -rf l u w m
mkdir -p l u w m
mkdir -p l/testdir
touch l/testdir/testfile
mount -t overlay -o lowerdir=l,upperdir=u,workdir=w,nfs_export=on overlay m
echo 1 > m/testdir/testfile
umount m
rm -rf u/testdir
mount -t overlay -o lowerdir=l,upperdir=u,workdir=w,nfs_export=on overlay m
umount m
--------------------------------------------------

When mount with nfs_export=on, and fail to verify an orphan index, we're
cleaning this index from indexdir by calling ovl_cleanup_and_whiteout().
This dereferences ofs->workdir, that was earlier set to NULL.

The design was that ovl->workdir will point at ovl->indexdir, but we are
assigning ofs->indexdir to ofs->workdir only after ovl_indexdir_cleanup().
There is no reason not to do it sooner, because once we get success from
ofs->indexdir = ovl_workdir_create(... there is no turning back.

Reported-and-tested-by: Murphy Zhou <jencce.kernel@gmail.com>
Fixes: c21c839b8448 ("ovl: whiteout inode sharing")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2020-07-16 00:09:59 +02:00
..
9p
9p: read only once on O_NONBLOCK
2020-03-27 09:29:56 +00:00
adfs
docs: filesystems: fix renamed references
2020-04-20 15:45:22 -06:00
affs
docs: filesystems: fix renamed references
2020-04-20 15:45:22 -06:00
afs
afs: Fix afs_store_data() to set mtime in new operation descriptor
2020-06-11 16:04:30 -07:00
autofs
befs
bfs
docs: filesystems: fix renamed references
2020-04-20 15:45:22 -06:00
btrfs
for-5.8-part2-tag
2020-06-14 09:47:25 -07:00
cachefiles
A fair amount of stuff this time around, dominated by yet another massive
2020-06-01 15:45:27 -07:00
ceph
ceph: skip checking caps when session reconnecting and releasing reqs
2020-06-01 13:22:53 +02:00
cifs
smb3: Add debug message for new file creation with idsfromsid mount option
2020-06-12 16:31:06 -05:00
coda
docs: filesystems: convert coda.txt to ReST
2020-05-05 09:22:21 -06:00
configfs
A fair amount of stuff this time around, dominated by yet another massive
2020-06-01 15:45:27 -07:00
cramfs
docs: filesystems: fix renamed references
2020-04-20 15:45:22 -06:00
crypto
fscrypt updates for 5.8
2020-06-01 12:10:17 -07:00
debugfs
Merge 5.7-rc3 into driver-core-next
2020-04-27 09:34:55 +02:00
devpts
dlm
dlm for 5.8
2020-06-05 16:43:16 -07:00
ecryptfs
A fair amount of stuff this time around, dominated by yet another massive
2020-06-01 15:45:27 -07:00
efivarfs
efs
erofs
Changes since last update:
2020-06-02 20:16:55 -07:00
exfat
Description for this pull request:
2020-06-09 11:24:59 -07:00
exportfs
ext2
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
ext4
linux-kselftest-kunit-5.8-rc1
2020-06-09 10:04:47 -07:00
f2fs
f2fs-for-5.8-rc1
2020-06-09 11:28:59 -07:00
fat
fat: improve the readahead for FAT entries
2020-06-04 19:06:25 -07:00
freevxfs
fscache
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
fuse
fuse update for 5.8
2020-06-09 15:48:24 -07:00
gfs2
Changes in gfs2:
2020-06-08 12:47:09 -07:00
hfs
for-5.8/block-2020-06-01
2020-06-02 15:29:19 -07:00
hfsplus
block: remove the error_sector argument to blkdev_issue_flush
2020-05-22 08:45:46 -06:00
hostfs
hostfs: Use kasprintf() instead of fixed buffer formatting
2020-03-29 23:23:00 +02:00
hpfs
hpfs: fix warning due to superfluous semicolon
2020-06-06 10:08:17 -07:00
hugetlbfs
mmap locking API: convert mmap_sem API comments
2020-06-09 09:39:14 -07:00
iomap
New code for 5.8:
2020-06-13 12:44:30 -07:00
isofs
for-5.8/block-2020-06-01
2020-06-02 15:29:19 -07:00
jbd2
A lot of bug fixes and cleanups for ext4, including:
2020-06-05 16:19:28 -07:00
jffs2
jfs
Replace zero-length array in JFS
2020-06-02 20:11:35 -07:00
kernfs
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
lockd
minix
nfs
NFS Client Updates for Linux 5.8
2020-06-11 12:22:41 -07:00
nfs_common
nfsd
Highlights:
2020-06-11 10:33:13 -07:00
nilfs2
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
2020-06-10 19:14:17 -07:00
nls
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
notify
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
ntfs
Merge branch 'akpm' (patches from Andrew)
2020-06-02 12:21:36 -07:00
ocfs2
ocfs2: fix build failure when TCP/IP is disabled
2020-06-11 18:17:47 -07:00
omfs
fs: convert mpage_readpages to mpage_readahead
2020-06-02 10:59:07 -07:00
openpromfs
orangefs
orangefs: a conversion and a cleanup...
2020-06-05 16:44:36 -07:00
overlayfs
ovl: fix oops in ovl_indexdir_cleanup() with nfs_export=on
2020-07-16 00:09:59 +02:00
proc
Kbuild updates for v5.8 (2nd)
2020-06-13 13:29:16 -07:00
pstore
Merge branch 'uaccess.__copy_from_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-01 16:18:46 -07:00
qnx4
qnx6
fs: convert mpage_readpages to mpage_readahead
2020-06-02 10:59:07 -07:00
quota
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
ramfs
reiserfs
\n
2020-06-04 13:53:10 -07:00
romfs
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
squashfs
Merge branch 'akpm' (patches from Andrew)
2020-06-02 12:21:36 -07:00
sysfs
RDMA 5.8 merge window pull request
2020-06-05 14:05:57 -07:00
sysv
docs: filesystems: fix renamed references
2020-04-20 15:45:22 -06:00
tracefs
ubifs
mm: remove the pgprot argument to __vmalloc
2020-06-02 10:59:11 -07:00
udf
for-5.8/block-2020-06-01
2020-06-02 15:29:19 -07:00
ufs
unicode
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
vboxsf
vboxsf: don't use the source name in the bdi name
2020-05-07 08:45:47 -06:00
verity
fs-verity: remove unnecessary extern keywords
2020-05-12 16:44:00 -07:00
xfs
Fixes for 5.8:
2020-06-13 12:40:24 -07:00
zonefs
zonefs changes for 5.8
2020-06-04 13:50:13 -07:00
aio.c
kernel: move use_mm/unuse_mm to kthread.c
2020-06-10 19:14:18 -07:00
anon_inodes.c
attr.c
bad_inode.c
fs: move the fiemap definitions out of fs.h
2020-06-03 23:16:55 -04:00
binfmt_aout.c
exec: Rename flush_old_exec begin_new_exec
2020-05-07 16:55:47 -05:00
binfmt_elf_fdpic.c
Merge branch 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:02:54 -07:00
binfmt_elf.c
Merge branch 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:02:54 -07:00
binfmt_em86.c
Merge branch 'akpm' (patches from Andrew)
2020-06-04 19:18:29 -07:00
binfmt_flat.c
Merge branch 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:02:54 -07:00
binfmt_misc.c
Merge branch 'akpm' (patches from Andrew)
2020-06-04 19:18:29 -07:00
binfmt_script.c
Merge branch 'akpm' (patches from Andrew)
2020-06-04 19:18:29 -07:00
block_dev.c
for-5.8/drivers-2020-06-01
2020-06-02 15:37:03 -07:00
buffer.c
fs/buffer.c: use attach/detach_page_private
2020-06-02 10:59:07 -07:00
char_dev.c
vfs: allow unprivileged whiteout creation
2020-05-14 16:44:23 +02:00
compat_binfmt_elf.c
Split the old READ_IMPLIES_EXEC workaround from executable PT_GNU_STACK
2020-06-05 13:45:21 -07:00
compat.c
coredump.c
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
d_path.c
dax.c
dax,iomap: Add helper dax_iomap_zero() to zero a range
2020-04-02 19:15:03 -07:00
dcache.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
dcookies.c
direct-io.c
for-5.8-part2-tag
2020-06-14 09:47:25 -07:00
drop_caches.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
eventfd.c
eventfd: convert to f_op->read_iter()
2020-05-06 22:33:43 -04:00
eventpoll.c
epoll: call final ep_events_available() check under the lock
2020-05-14 10:00:35 -07:00
exec.c
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
fcntl.c
fhandle.c
file_table.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
file.c
fix multiplication overflow in copy_fdtable()
2020-05-19 18:29:36 -04:00
filesystems.c
fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
2020-04-10 15:36:22 -07:00
fs_context.c
vfs: don't parse "silent" option
2020-05-14 16:44:25 +02:00
fs_parser.c
fs_parse: remove pr_notice() about each validation
2020-04-02 09:35:26 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
A lot of bug fixes and cleanups for ext4, including:
2020-06-05 16:19:28 -07:00
fsopen.c
inode.c
AFS Changes
2020-06-05 16:26:36 -07:00
internal.h
A lot of bug fixes and cleanups for ext4, including:
2020-06-05 16:19:28 -07:00
io_uring.c
io_uring-5.8-2020-06-11
2020-06-11 16:10:08 -07:00
io-wq.c
io_uring-5.8-2020-06-11
2020-06-11 16:10:08 -07:00
io-wq.h
io_uring: avoid whole io_wq_work copy for requests completed inline
2020-06-10 17:58:46 -06:00
ioctl.c
fs: remove the access_ok() check in ioctl_fiemap
2020-06-03 23:16:55 -04:00
Kconfig
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
Kconfig.binfmt
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
libfs.c
block: remove the error_sector argument to blkdev_issue_flush
2020-05-22 08:45:46 -06:00
locks.c
Highlights:
2020-06-11 10:33:13 -07:00
Makefile
mbcache.c
mount.h
proc/mounts: add cursor
2020-05-14 16:44:24 +02:00
mpage.c
fs: convert mpage_readpages to mpage_readahead
2020-06-02 10:59:07 -07:00
namei.c
vfs: clean up posix_acl_permission() logic aroudn MAY_NOT_BLOCK
2020-06-08 11:04:19 -07:00
namespace.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:09:11 -07:00
no-block.c
nsfs.c
nsproxy: attach to namespaces via pidfds
2020-05-13 11:41:22 +02:00
open.c
Merge branch 'akpm' (patches from Andrew)
2020-06-02 12:21:36 -07:00
pipe.c
Notifications over pipes + Keyring notifications
2020-06-13 09:56:21 -07:00
pnode.c
propagate_one(): mnt_set_mountpoint() needs mount_lock
2020-04-27 10:37:14 -04:00
pnode.h
posix_acl.c
vfs: clean up posix_acl_permission() logic aroudn MAY_NOT_BLOCK
2020-06-08 11:04:19 -07:00
proc_namespace.c
Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-06-04 13:54:34 -07:00
read_write.c
powerpc: Add back __ARCH_WANT_SYS_LLSEEK macro
2020-04-03 00:09:59 +11:00
readdir.c
readdir.c: get rid of the last __put_user(), drop now-useless access_ok()
2020-05-01 20:29:54 -04:00
select.c
pselect6() and friends: take handling the combined 6th/7th args into helper
2020-05-29 19:10:42 -04:00
seq_file.c
fs/seq_file.c: seq_read: Update pr_info_ratelimited
2020-06-04 19:06:25 -07:00
signalfd.c
splice.c
Notifications over pipes + Keyring notifications
2020-06-13 09:56:21 -07:00
stack.c
stat.c
New code for 5.8:
2020-06-02 19:45:12 -07:00
statfs.c
super.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-06-10 16:09:11 -07:00
sync.c
overlayfs update for 5.8
2020-06-09 15:40:50 -07:00
timerfd.c
userfaultfd.c
mmap locking API: convert mmap_sem comments
2020-06-09 09:39:14 -07:00
utimes.c
utimensat: AT_EMPTY_PATH support
2020-05-14 16:44:24 +02:00
xattr.c
xattr: fix uninitialized out-param
2020-04-09 15:33:09 -04:00