From: Greg KH <gregkh@linuxfoundation.org>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>,
Vivek Goyal <vgoyal@redhat.com>, stable <stable@vger.kernel.org>
Subject: Re: Patch "ovl: fix missing upper fs freeze protection on copy up for ioctl" has been added to the 4.19-stable tree
Date: Thu, 23 May 2019 21:57:41 +0200 [thread overview]
Message-ID: <20190523195741.GA4436@kroah.com> (raw)
In-Reply-To: <CAOQ4uxip8H45S-UmWhNowv9sQUTYzcDMVCZxw=6AvFN-4c1Uvw@mail.gmail.com>
On Thu, May 23, 2019 at 10:51:58PM +0300, Amir Goldstein wrote:
> On Thu, May 23, 2019 at 12:30 PM <gregkh@linuxfoundation.org> wrote:
> >
> >
> > This is a note to let you know that I've just added the patch titled
> >
> > ovl: fix missing upper fs freeze protection on copy up for ioctl
> >
> > to the 4.19-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >
> > The filename of the patch is:
> > ovl-fix-missing-upper-fs-freeze-protection-on-copy-up-for-ioctl.patch
> > and it can be found in the queue-4.19 subdirectory.
> >
> > If you, or anyone else, feels it should not be added to the stable tree,
> > please let <stable@vger.kernel.org> know about it.
> >
> >
> > From 3428030da004a1128cbdcf93dc03e16f184d845b Mon Sep 17 00:00:00 2001
> > From: Amir Goldstein <amir73il@gmail.com>
> > Date: Tue, 22 Jan 2019 07:01:39 +0200
> > Subject: ovl: fix missing upper fs freeze protection on copy up for ioctl
> >
> > From: Amir Goldstein <amir73il@gmail.com>
> >
> > commit 3428030da004a1128cbdcf93dc03e16f184d845b upstream.
> >
> > Generalize the helper ovl_open_maybe_copy_up() and use it to copy up file
> > with data before FS_IOC_SETFLAGS ioctl.
> >
> > The FS_IOC_SETFLAGS ioctl is a bit of an odd ball in vfs, which probably
> > caused the confusion. File may be open O_RDONLY, but ioctl modifies the
> > file. VFS does not call mnt_want_write_file() nor lock inode mutex, but
> > fs-specific code for FS_IOC_SETFLAGS does. So ovl_ioctl() calls
> > mnt_want_write_file() for the overlay file, and fs-specific code calls
> > mnt_want_write_file() for upper fs file, but there was no call for
> > ovl_want_write() for copy up duration which prevents overlayfs from copying
> > up on a frozen upper fs.
> >
> > Fixes: dab5ca8fd9dd ("ovl: add lsattr/chattr support")
> > Cc: <stable@vger.kernel.org> # v4.19
> > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > Acked-by: Vivek Goyal <vgoyal@redhat.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> > fs/overlayfs/copy_up.c | 6 +++---
> > fs/overlayfs/file.c | 5 ++---
> > fs/overlayfs/overlayfs.h | 2 +-
> > 3 files changed, 6 insertions(+), 7 deletions(-)
> >
> > --- a/fs/overlayfs/copy_up.c
> > +++ b/fs/overlayfs/copy_up.c
> > @@ -878,14 +878,14 @@ static bool ovl_open_need_copy_up(struct
> > return true;
> > }
> >
> > -int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags)
> > +int ovl_maybe_copy_up(struct dentry *dentry, int flags)
> > {
> > int err = 0;
> >
> > - if (ovl_open_need_copy_up(dentry, file_flags)) {
> > + if (ovl_open_need_copy_up(dentry, flags)) {
> > err = ovl_want_write(dentry);
> > if (!err) {
> > - err = ovl_copy_up_flags(dentry, file_flags);
> > + err = ovl_copy_up_flags(dentry, flags);
> > ovl_drop_write(dentry);
> > }
> > }
> > --- a/fs/overlayfs/file.c
> > +++ b/fs/overlayfs/file.c
> > @@ -116,11 +116,10 @@ static int ovl_real_fdget(const struct f
> >
> > static int ovl_open(struct inode *inode, struct file *file)
> > {
> > - struct dentry *dentry = file_dentry(file);
> > struct file *realfile;
> > int err;
> >
> > - err = ovl_open_maybe_copy_up(dentry, file->f_flags);
> > + err = ovl_maybe_copy_up(file_dentry(file), file->f_flags);
> > if (err)
> > return err;
> >
> > @@ -390,7 +389,7 @@ static long ovl_ioctl(struct file *file,
> > if (ret)
> > return ret;
> >
> > - ret = ovl_copy_up_with_data(file_dentry(file));
> > + ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY);
> > if (!ret) {
> > ret = ovl_real_ioctl(file, cmd, arg);
> >
> > --- a/fs/overlayfs/overlayfs.h
> > +++ b/fs/overlayfs/overlayfs.h
> > @@ -411,7 +411,7 @@ extern const struct file_operations ovl_
> > int ovl_copy_up(struct dentry *dentry);
> > int ovl_copy_up_with_data(struct dentry *dentry);
> > int ovl_copy_up_flags(struct dentry *dentry, int flags);
> > -int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags);
> > +int ovl_maybe_copy_up(struct dentry *dentry, int flags);
> > int ovl_copy_xattr(struct dentry *old, struct dentry *new);
> > int ovl_set_attr(struct dentry *upper, struct kstat *stat);
> > struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper);
> >
> >
> > Patches currently in stable-queue which might be from amir73il@gmail.com are
> >
> > queue-4.19/ovl-fix-missing-upper-fs-freeze-protection-on-copy-up-for-ioctl.patch
>
> This patch is fine for stable, but I have a process question.
> All these patches from overlayfs 5.2-rc1 are also v4.9 stable candidates:
>
> 1. acf3062a7e1c - ovl: relax WARN_ON() for overlapping layers use case
> 2. 98487de318a6 - ovl: check the capability before cred overridden
> 3. d989903058a8 - ovl: do not generate duplicate fsnotify events for "fake" path
> 4. 9e46b840c705 - ovl: support stacked SEEK_HOLE/SEEK_DATA
>
> #2 wasn't properly marked for stable, but the other are marked with
> Fixes: and Reported-by:
>
> Are those marks not sufficient to get selected for stable trees these days?
Not by default, no. Sometimes they might get picked up if we get bored,
or the auto-bot notices them.
> I must admit that #1 in borderline stable. Not sure if eliminating an unjust
> WARN_ON qualified, but syzbot did report a bug..
syzbot things are good to fix in stable kernels, so that syzbot can
continue to find real things in stable kernels. So yes, that is fine to
backport.
> Just asking in order to improve the process, but in any case,
> please pick those patches for v4.9+ (unless anyone objects?)
> They all already have LTP/xfstests/syzkaller tests that cover them.
I'll queue them up for the next round after this, thanks.
greg k-h
next prev parent reply other threads:[~2019-05-23 19:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1558603746191117@kroah.com>
2019-05-23 19:51 ` Patch "ovl: fix missing upper fs freeze protection on copy up for ioctl" has been added to the 4.19-stable tree Amir Goldstein
2019-05-23 19:57 ` Greg KH [this message]
2019-06-10 20:28 ` Amir Goldstein
2019-06-13 7:48 ` Greg KH
2019-06-13 8:37 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190523195741.GA4436@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=amir73il@gmail.com \
--cc=mszeredi@redhat.com \
--cc=stable@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.