Patch "ovl: fix dentry reference leak" has been added to the 4.1-stable tree

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Patch "ovl: fix dentry reference leak" has been added to the 4.1-stable tree
@ 2015-11-06  6:38 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2015-11-06  6:38 UTC (permalink / raw)
  To: dhowells, gregkh, miklos, uobergfe; +Cc: stable, stable-commits

This is a note to let you know that I've just added the patch titled

    ovl: fix dentry reference leak

to the 4.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ovl-fix-dentry-reference-leak.patch
and it can be found in the queue-4.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.

>From ab79efab0a0ba01a74df782eb7fa44b044dae8b5 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 18 Sep 2015 11:45:22 +0100
Subject: ovl: fix dentry reference leak

From: David Howells <dhowells@redhat.com>

commit ab79efab0a0ba01a74df782eb7fa44b044dae8b5 upstream.

In ovl_copy_up_locked(), newdentry is leaked if the function exits through
out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
actually release the ref on newdentry.

The out_cleanup segment should instead exit through out2 as certainly
newdentry leaks - and possibly upper does also, though this isn't caught
given the catch of newdentry.

Without this fix, something like the following is seen:

	BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
	BUG: Dentry ffff880023ece640{i=0,n=bigfile}  still in use (1) [unmount of tmpfs tmpfs]

when unmounting the upper layer after an error occurred in copyup.

An error can be induced by creating a big file in a lower layer with
something like:

	dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))

to create a large file (4.1G).  Overlay an upper layer that is too small
(on tmpfs might do) and then induce a copy up by opening it writably.

Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/overlayfs/copy_up.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -267,7 +267,7 @@ out:

 out_cleanup:
 	ovl_cleanup(wdir, newdentry);
-	goto out;
+	goto out2;
 }

 /*

Patches currently in stable-queue which might be from dhowells@redhat.com are

queue-4.1/ovl-fix-dentry-reference-leak.patch
queue-4.1/ovl-use-o_largefile-in-ovl_copy_up.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-11-06  6:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-06  6:38 Patch "ovl: fix dentry reference leak" has been added to the 4.1-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).