[PATCH] erofs: limit the level of fs stacking for file-backed mounts

[PATCH] erofs: limit the level of fs stacking for file-backed mounts

[Gao Xiang]

Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
mounting itself).

Fixes: fb176750266a ("erofs: add file-backed mount support")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---
 fs/erofs/super.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/fs/erofs/super.c b/fs/erofs/super.c
index f3f8d8c066e4..d408921d74d0 100644
--- a/fs/erofs/super.c
+++ b/fs/erofs/super.c
@@ -639,6 +639,22 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc)
 
 	sbi->blkszbits = PAGE_SHIFT;
 	if (!sb->s_bdev) {
+		/*
+		 * (File-backed mounts) EROFS claims it's safe to nest other
+		 * fs contexts (including its own) due to self-controlled RO
+		 * accesses/contexts and no side-effect changes that need to
+		 * context save & restore so it can reuse the current thread
+		 * context.  However, it still needs to bump `s_stack_depth` to
+		 * avoid kernel stack overflow from nested filesystems.
+		 */
+		if (erofs_is_fileio_mode(sbi)) {
+			sb->s_stack_depth =
+				file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
+			if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+				erofs_err(sb, "maximum fs stacking depth exceeded");
+				return -EINVAL;
+			}
+		}
 		sb->s_blocksize = PAGE_SIZE;
 		sb->s_blocksize_bits = PAGE_SHIFT;
 
-- 
2.43.5

Re: [PATCH] erofs: limit the level of fs stacking for file-backed mounts

[Sheng Yong]

On 11/21/25 21:46, Gao Xiang wrote:
> Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
> mounting itself).
> 
> Fixes: fb176750266a ("erofs: add file-backed mount support")
> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Reviewed-by: Sheng Yong <shengyong1@xiaomi.com>

thanks,
shengyong

[PATCH v2] erofs: limit the level of fs stacking for file-backed mounts

[Gao Xiang]

Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
mounting itself).

Reviewed-by: Sheng Yong <shengyong1@xiaomi.com>
Fixes: fb176750266a ("erofs: add file-backed mount support")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---
Change since v1:
 - Return -ENOTBLK instead of -EINVAL since userspace tools like
   util-linux will fall back to using loop to mount again.

   Don't use -ELOOP compared to other stacked fses, since -ENOTBLK is
   more suitable: it means the kernel can't handle it anymore.

 fs/erofs/super.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/fs/erofs/super.c b/fs/erofs/super.c
index f3f8d8c066e4..2db534f76464 100644
--- a/fs/erofs/super.c
+++ b/fs/erofs/super.c
@@ -639,6 +639,22 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc)
 
 	sbi->blkszbits = PAGE_SHIFT;
 	if (!sb->s_bdev) {
+		/*
+		 * (File-backed mounts) EROFS claims it's safe to nest other
+		 * fs contexts (including its own) due to self-controlled RO
+		 * accesses/contexts and no side-effect changes that need to
+		 * context save & restore so it can reuse the current thread
+		 * context.  However, it still needs to bump `s_stack_depth` to
+		 * avoid kernel stack overflow from nested filesystems.
+		 */
+		if (erofs_is_fileio_mode(sbi)) {
+			sb->s_stack_depth =
+				file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
+			if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+				erofs_err(sb, "maximum fs stacking depth exceeded");
+				return -ENOTBLK;
+			}
+		}
 		sb->s_blocksize = PAGE_SIZE;
 		sb->s_blocksize_bits = PAGE_SHIFT;
 
-- 
2.43.5

Re: [PATCH v2] erofs: limit the level of fs stacking for file-backed mounts

[Chao Yu]

On 11/22/2025 2:23 PM, Gao Xiang wrote:
> Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
> mounting itself).
> 
> Reviewed-by: Sheng Yong <shengyong1@xiaomi.com>
> Fixes: fb176750266a ("erofs: add file-backed mount support")
> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Reviewed-by: Chao Yu <chao@kernel.org>

Thanks,

Re: [PATCH v2] erofs: limit the level of fs stacking for file-backed mounts

[Hongbo Li]

Hi Xiang,

On 2025/11/22 14:23, Gao Xiang wrote:
> Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
> mounting itself).
> 
> Reviewed-by: Sheng Yong <shengyong1@xiaomi.com>
> Fixes: fb176750266a ("erofs: add file-backed mount support")
> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
> ---
> Change since v1:
>   - Return -ENOTBLK instead of -EINVAL since userspace tools like
>     util-linux will fall back to using loop to mount again.
> 
>     Don't use -ELOOP compared to other stacked fses, since -ENOTBLK is
>     more suitable: it means the kernel can't handle it anymore.
> 
>   fs/erofs/super.c | 16 ++++++++++++++++
>   1 file changed, 16 insertions(+)
> 
> diff --git a/fs/erofs/super.c b/fs/erofs/super.c
> index f3f8d8c066e4..2db534f76464 100644
> --- a/fs/erofs/super.c
> +++ b/fs/erofs/super.c
> @@ -639,6 +639,22 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc)
>   
>   	sbi->blkszbits = PAGE_SHIFT;
>   	if (!sb->s_bdev) {
> +		/*
> +		 * (File-backed mounts) EROFS claims it's safe to nest other
> +		 * fs contexts (including its own) due to self-controlled RO
> +		 * accesses/contexts and no side-effect changes that need to
> +		 * context save & restore so it can reuse the current thread
> +		 * context.  However, it still needs to bump `s_stack_depth` to
> +		 * avoid kernel stack overflow from nested filesystems.
> +		 */
> +		if (erofs_is_fileio_mode(sbi)) {
> +			sb->s_stack_depth =
> +				file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
> +			if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
> +				erofs_err(sb, "maximum fs stacking depth exceeded");

Since it will success once the max stack depth is exceeded, a warning 
would be better? Otherwise it looks good me.

Reviewed-by: Hongbo Li <lihongbo22@huawei.com>

Thanks,
Hongbo

> +				return -ENOTBLK;
> +			}
> +		}
>   		sb->s_blocksize = PAGE_SIZE;
>   		sb->s_blocksize_bits = PAGE_SHIFT;
>   

Re: [PATCH v2] erofs: limit the level of fs stacking for file-backed mounts

[Gao Xiang]

On 2025/11/24 10:03, Hongbo Li wrote:
> Hi Xiang,
> 
> On 2025/11/22 14:23, Gao Xiang wrote:
>> Otherwise, it could cause potential kernel stack overflow (e.g., EROFS
>> mounting itself).
>>
>> Reviewed-by: Sheng Yong <shengyong1@xiaomi.com>
>> Fixes: fb176750266a ("erofs: add file-backed mount support")
>> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
>> ---
>> Change since v1:
>>   - Return -ENOTBLK instead of -EINVAL since userspace tools like
>>     util-linux will fall back to using loop to mount again.
>>
>>     Don't use -ELOOP compared to other stacked fses, since -ENOTBLK is
>>     more suitable: it means the kernel can't handle it anymore.
>>
>>   fs/erofs/super.c | 16 ++++++++++++++++
>>   1 file changed, 16 insertions(+)
>>
>> diff --git a/fs/erofs/super.c b/fs/erofs/super.c
>> index f3f8d8c066e4..2db534f76464 100644
>> --- a/fs/erofs/super.c
>> +++ b/fs/erofs/super.c
>> @@ -639,6 +639,22 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc)
>>       sbi->blkszbits = PAGE_SHIFT;
>>       if (!sb->s_bdev) {
>> +        /*
>> +         * (File-backed mounts) EROFS claims it's safe to nest other
>> +         * fs contexts (including its own) due to self-controlled RO
>> +         * accesses/contexts and no side-effect changes that need to
>> +         * context save & restore so it can reuse the current thread
>> +         * context.  However, it still needs to bump `s_stack_depth` to
>> +         * avoid kernel stack overflow from nested filesystems.
>> +         */
>> +        if (erofs_is_fileio_mode(sbi)) {
>> +            sb->s_stack_depth =
>> +                file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
>> +            if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
>> +                erofs_err(sb, "maximum fs stacking depth exceeded");
> 
> Since it will success once the max stack depth is exceeded, a warning would be better? Otherwise it looks good me.

But that is not a kernel fallback, and the kernel mount already fails,
I think erroring out is more proper.

Thanks,
Gao Xiang

> 
> Reviewed-by: Hongbo Li <lihongbo22@huawei.com>
> 
> Thanks,
> Hongbo
> 
>> +                return -ENOTBLK;
>> +            }
>> +        }
>>           sb->s_blocksize = PAGE_SIZE;
>>           sb->s_blocksize_bits = PAGE_SHIFT;