Greg,
Per your request, here is a manual backport of the overlayfs fixes that were applied in v6.6.72 and reverted in v6.6.73.
For the record, this overlayfs series from v6.7 [2] changes subtle internal semantics across overlayfs code, which are not detectable by build error and therefore are a backporting landmine.
This is exactly what happened with the automatic apply of dependecy patch in v6.6.72.
I will try to be extra diligent about review of auto backports below v6.7 from now on.
Luckily, the leaked mount reference was caught by a vfs assertion and promptly reported by Ignat from Cloudflare team.
Thanks! Amir.
[1] https://lore.kernel.org/stable/2025012123-cable-reburial-568e@gregkh/ [2] https://lore.kernel.org/linux-unionfs/20230816152334.924960-1-amir73il@gmail...
Amir Goldstein (3): ovl: pass realinode to ovl_encode_real_fh() instead of realdentry ovl: support encoding fid from inode with no alias fs: relax assertions on failure to encode file handles
fs/notify/fdinfo.c | 4 +--- fs/overlayfs/copy_up.c | 16 ++++++------- fs/overlayfs/export.c | 49 ++++++++++++++++++++++------------------ fs/overlayfs/namei.c | 4 ++-- fs/overlayfs/overlayfs.h | 2 +- 5 files changed, 39 insertions(+), 36 deletions(-)
[ Upstream commit 07aeefae7ff44d80524375253980b1bdee2396b0 ]
We want to be able to encode an fid from an inode with no alias.
Signed-off-by: Amir Goldstein amir73il@gmail.com Link: https://lore.kernel.org/r/20250105162404.357058-2-amir73il@gmail.com Signed-off-by: Christian Brauner brauner@kernel.org Stable-dep-of: c45beebfde34 ("ovl: support encoding fid from inode with no alias") Signed-off-by: Sasha Levin sashal@kernel.org [re-applied over v6.6.71 with conflict resolved] Signed-off-by: Amir Goldstein amir73il@gmail.com --- fs/overlayfs/copy_up.c | 11 ++++++----- fs/overlayfs/export.c | 5 +++-- fs/overlayfs/namei.c | 4 ++-- fs/overlayfs/overlayfs.h | 2 +- 4 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index ada3fcc9c6d50..e97bcf15c689c 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -371,13 +371,13 @@ int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upperdentry, return err; }
-struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, +struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, bool is_upper) { struct ovl_fh *fh; int fh_type, dwords; int buflen = MAX_HANDLE_SZ; - uuid_t *uuid = &real->d_sb->s_uuid; + uuid_t *uuid = &realinode->i_sb->s_uuid; int err;
/* Make sure the real fid stays 32bit aligned */ @@ -394,7 +394,8 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, * the price or reconnecting the dentry. */ dwords = buflen >> 2; - fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0); + fh_type = exportfs_encode_inode_fh(realinode, (void *)fh->fb.fid, + &dwords, NULL, 0); buflen = (dwords << 2);
err = -EIO; @@ -438,7 +439,7 @@ int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower, * up and a pure upper inode. */ if (ovl_can_decode_fh(lower->d_sb)) { - fh = ovl_encode_real_fh(ofs, lower, false); + fh = ovl_encode_real_fh(ofs, d_inode(lower), false); if (IS_ERR(fh)) return PTR_ERR(fh); } @@ -461,7 +462,7 @@ static int ovl_set_upper_fh(struct ovl_fs *ofs, struct dentry *upper, const struct ovl_fh *fh; int err;
- fh = ovl_encode_real_fh(ofs, upper, true); + fh = ovl_encode_real_fh(ofs, d_inode(upper), true); if (IS_ERR(fh)) return PTR_ERR(fh);
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index 611ff567a1aa6..c56e4e0b8054c 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -228,6 +228,7 @@ static int ovl_check_encode_origin(struct dentry *dentry) static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, u32 *fid, int buflen) { + struct inode *inode = d_inode(dentry); struct ovl_fh *fh = NULL; int err, enc_lower; int len; @@ -241,8 +242,8 @@ static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, goto fail;
/* Encode an upper or lower file handle */ - fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_dentry_lower(dentry) : - ovl_dentry_upper(dentry), !enc_lower); + fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_inode_lower(inode) : + ovl_inode_upper(inode), !enc_lower); if (IS_ERR(fh)) return PTR_ERR(fh);
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 80391c687c2ad..273a39d3e9513 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -523,7 +523,7 @@ int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry, struct ovl_fh *fh; int err;
- fh = ovl_encode_real_fh(ofs, real, is_upper); + fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper); err = PTR_ERR(fh); if (IS_ERR(fh)) { fh = NULL; @@ -720,7 +720,7 @@ int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin, struct ovl_fh *fh; int err;
- fh = ovl_encode_real_fh(ofs, origin, false); + fh = ovl_encode_real_fh(ofs, d_inode(origin), false); if (IS_ERR(fh)) return PTR_ERR(fh);
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 09ca82ed0f8ce..981967e507b3e 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -821,7 +821,7 @@ int ovl_copy_up_with_data(struct dentry *dentry); int ovl_maybe_copy_up(struct dentry *dentry, int flags); int ovl_copy_xattr(struct super_block *sb, const struct path *path, struct dentry *new); int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upper, struct kstat *stat); -struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, +struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, bool is_upper); int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower, struct dentry *upper);
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 07aeefae7ff44d80524375253980b1bdee2396b0
Status in newer kernel trees: 6.12.y | Present (different SHA1: 668d8dea2cee) 6.6.y | Present (different SHA1: a3f8a2b13a27)
Note: The patch differs from the upstream commit: --- 1: 07aeefae7ff44 ! 1: 8f1f4e6b34fc1 ovl: pass realinode to ovl_encode_real_fh() instead of realdentry @@ Metadata ## Commit message ## ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
+ [ Upstream commit 07aeefae7ff44d80524375253980b1bdee2396b0 ] + We want to be able to encode an fid from an inode with no alias.
Signed-off-by: Amir Goldstein amir73il@gmail.com Link: https://lore.kernel.org/r/20250105162404.357058-2-amir73il@gmail.com Signed-off-by: Christian Brauner brauner@kernel.org + Stable-dep-of: c45beebfde34 ("ovl: support encoding fid from inode with no alias") + Signed-off-by: Sasha Levin sashal@kernel.org + [re-applied over v6.6.71 with conflict resolved] + Signed-off-by: Amir Goldstein amir73il@gmail.com
## fs/overlayfs/copy_up.c ## @@ fs/overlayfs/copy_up.c: int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upperdentry, @@ fs/overlayfs/copy_up.c: struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, st buflen = (dwords << 2);
err = -EIO; -@@ fs/overlayfs/copy_up.c: struct ovl_fh *ovl_get_origin_fh(struct ovl_fs *ofs, struct dentry *origin) - if (!ovl_can_decode_fh(origin->d_sb)) - return NULL; - -- return ovl_encode_real_fh(ofs, origin, false); -+ return ovl_encode_real_fh(ofs, d_inode(origin), false); - } - - int ovl_set_origin_fh(struct ovl_fs *ofs, const struct ovl_fh *fh, +@@ fs/overlayfs/copy_up.c: int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower, + * up and a pure upper inode. + */ + if (ovl_can_decode_fh(lower->d_sb)) { +- fh = ovl_encode_real_fh(ofs, lower, false); ++ fh = ovl_encode_real_fh(ofs, d_inode(lower), false); + if (IS_ERR(fh)) + return PTR_ERR(fh); + } @@ fs/overlayfs/copy_up.c: static int ovl_set_upper_fh(struct ovl_fs *ofs, struct dentry *upper, const struct ovl_fh *fh; int err; @@ fs/overlayfs/export.c: static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct d
## fs/overlayfs/namei.c ## -@@ fs/overlayfs/namei.c: int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry, +@@ fs/overlayfs/namei.c: int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry, struct ovl_fh *fh; int err;
@@ fs/overlayfs/overlayfs.h: int ovl_copy_up_with_data(struct dentry *dentry); -struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, +struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, bool is_upper); - struct ovl_fh *ovl_get_origin_fh(struct ovl_fs *ofs, struct dentry *origin); - int ovl_set_origin_fh(struct ovl_fs *ofs, const struct ovl_fh *fh, + int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower, + struct dentry *upper); ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Failed |
Build Errors: Build error for stable/linux-6.1.y: fs/overlayfs/copy_up.c: In function 'ovl_encode_real_fh': fs/overlayfs/copy_up.c:360:19: error: too many arguments to function 'exportfs_encode_inode_fh' 360 | fh_type = exportfs_encode_inode_fh(realinode, (void *)fh->fb.fid, | ^~~~~~~~~~~~~~~~~~~~~~~~ In file included from fs/overlayfs/copy_up.c:21: ./include/linux/exportfs.h:228:12: note: declared here 228 | extern int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, | ^~~~~~~~~~~~~~~~~~~~~~~~ make[3]: *** [scripts/Makefile.build:250: fs/overlayfs/copy_up.o] Error 1 make[3]: Target 'fs/overlayfs/' not remade because of errors. make[2]: *** [scripts/Makefile.build:503: fs/overlayfs] Error 2 make[2]: Target 'fs/' not remade because of errors. make[1]: *** [scripts/Makefile.build:503: fs] Error 2 make[1]: Target './' not remade because of errors. make: *** [Makefile:2009: .] Error 2 make: Target '__all' not remade because of errors.
[ Upstream commit c45beebfde34aa71afbc48b2c54cdda623515037 ]
Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches.
The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion.
As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events.
As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle.
Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events.
Fixes: 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") Reported-by: Dmitry Safonov dima@arista.com Closes: https://lore.kernel.org/linux-fsdevel/CAOQ4uxiie81voLZZi2zXS1BziXZCM24nXqPAx... Signed-off-by: Amir Goldstein amir73il@gmail.com Link: https://lore.kernel.org/r/20250105162404.357058-3-amir73il@gmail.com Signed-off-by: Christian Brauner brauner@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org --- fs/overlayfs/export.c | 46 +++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 21 deletions(-)
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index c56e4e0b8054c..3a17e4366f28c 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -181,35 +181,37 @@ static int ovl_connect_layer(struct dentry *dentry) * * Return 0 for upper file handle, > 0 for lower file handle or < 0 on error. */ -static int ovl_check_encode_origin(struct dentry *dentry) +static int ovl_check_encode_origin(struct inode *inode) { - struct ovl_fs *ofs = OVL_FS(dentry->d_sb); + struct ovl_fs *ofs = OVL_FS(inode->i_sb); bool decodable = ofs->config.nfs_export; + struct dentry *dentry; + int err;
/* No upper layer? */ if (!ovl_upper_mnt(ofs)) return 1;
/* Lower file handle for non-upper non-decodable */ - if (!ovl_dentry_upper(dentry) && !decodable) + if (!ovl_inode_upper(inode) && !decodable) return 1;
/* Upper file handle for pure upper */ - if (!ovl_dentry_lower(dentry)) + if (!ovl_inode_lower(inode)) return 0;
/* * Root is never indexed, so if there's an upper layer, encode upper for * root. */ - if (dentry == dentry->d_sb->s_root) + if (inode == d_inode(inode->i_sb->s_root)) return 0;
/* * Upper decodable file handle for non-indexed upper. */ - if (ovl_dentry_upper(dentry) && decodable && - !ovl_test_flag(OVL_INDEX, d_inode(dentry))) + if (ovl_inode_upper(inode) && decodable && + !ovl_test_flag(OVL_INDEX, inode)) return 0;
/* @@ -218,17 +220,25 @@ static int ovl_check_encode_origin(struct dentry *dentry) * ovl_connect_layer() will try to make origin's layer "connected" by * copying up a "connectable" ancestor. */ - if (d_is_dir(dentry) && decodable) - return ovl_connect_layer(dentry); + if (!decodable || !S_ISDIR(inode->i_mode)) + return 1; + + dentry = d_find_any_alias(inode); + if (!dentry) + return -ENOENT; + + err = ovl_connect_layer(dentry); + dput(dentry); + if (err < 0) + return err;
/* Lower file handle for indexed and non-upper dir/non-dir */ return 1; }
-static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, +static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct inode *inode, u32 *fid, int buflen) { - struct inode *inode = d_inode(dentry); struct ovl_fh *fh = NULL; int err, enc_lower; int len; @@ -237,7 +247,7 @@ static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, * Check if we should encode a lower or upper file handle and maybe * copy up an ancestor to make lower file handle connectable. */ - err = enc_lower = ovl_check_encode_origin(dentry); + err = enc_lower = ovl_check_encode_origin(inode); if (enc_lower < 0) goto fail;
@@ -257,8 +267,8 @@ static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, return err;
fail: - pr_warn_ratelimited("failed to encode file handle (%pd2, err=%i)\n", - dentry, err); + pr_warn_ratelimited("failed to encode file handle (ino=%lu, err=%i)\n", + inode->i_ino, err); goto out; }
@@ -266,19 +276,13 @@ static int ovl_encode_fh(struct inode *inode, u32 *fid, int *max_len, struct inode *parent) { struct ovl_fs *ofs = OVL_FS(inode->i_sb); - struct dentry *dentry; int bytes, buflen = *max_len << 2;
/* TODO: encode connectable file handles */ if (parent) return FILEID_INVALID;
- dentry = d_find_any_alias(inode); - if (!dentry) - return FILEID_INVALID; - - bytes = ovl_dentry_to_fid(ofs, dentry, fid, buflen); - dput(dentry); + bytes = ovl_dentry_to_fid(ofs, inode, fid, buflen); if (bytes <= 0) return FILEID_INVALID;
commit 974e3fe0ac61de85015bbe5a4990cf4127b304b2 upstream.
Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons.
The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle.
There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong.
The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate.
The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches.
Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit.
Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.
Reported-by: syzbot+ec07f6f5ce62b858579f@syzkaller.appspotmail.com Tested-by: syzbot+ec07f6f5ce62b858579f@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-unionfs/671fd40c.050a0220.4735a.024f.GAE@googl... Reported-by: Dmitry Safonov dima@arista.com Closes: https://lore.kernel.org/linux-fsdevel/CAGrbwDTLt6drB9eaUagnQVgdPBmhLfqqxAf3F... Cc: stable@vger.kernel.org Signed-off-by: Amir Goldstein amir73il@gmail.com Link: https://lore.kernel.org/r/20241219115301.465396-1-amir73il@gmail.com Signed-off-by: Christian Brauner brauner@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Amir Goldstein amir73il@gmail.com --- fs/notify/fdinfo.c | 4 +--- fs/overlayfs/copy_up.c | 5 ++--- 2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/fs/notify/fdinfo.c b/fs/notify/fdinfo.c index 5c430736ec12c..26655572975d3 100644 --- a/fs/notify/fdinfo.c +++ b/fs/notify/fdinfo.c @@ -51,10 +51,8 @@ static void show_mark_fhandle(struct seq_file *m, struct inode *inode) size = f.handle.handle_bytes >> 2;
ret = exportfs_encode_fid(inode, (struct fid *)f.handle.f_handle, &size); - if ((ret == FILEID_INVALID) || (ret < 0)) { - WARN_ONCE(1, "Can't encode file handler for inotify: %d\n", ret); + if ((ret == FILEID_INVALID) || (ret < 0)) return; - }
f.handle.handle_type = ret; f.handle.handle_bytes = size * sizeof(u32); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index e97bcf15c689c..18e018cb18117 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -399,9 +399,8 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, buflen = (dwords << 2);
err = -EIO; - if (WARN_ON(fh_type < 0) || - WARN_ON(buflen > MAX_HANDLE_SZ) || - WARN_ON(fh_type == FILEID_INVALID)) + if (fh_type < 0 || fh_type == FILEID_INVALID || + WARN_ON(buflen > MAX_HANDLE_SZ)) goto out_err;
fh->fb.version = OVL_FH_VERSION;
On Tue, Jan 21, 2025 at 12:08 PM Amir Goldstein amir73il@gmail.com wrote:
Greg,
Per your request, here is a manual backport of the overlayfs fixes that were applied in v6.6.72 and reverted in v6.6.73.
Forgot to mention that I backported one extra patch from 6.12.y. It is not an overlayfs patch, but it fixes in a more generic way (removing an unneeded assertion) the same bug report that the overlayfs patches fix.
Both fixes are needed, because the assertion could have been hit without overlayfs and because the overlayfs fixes are needed to fix bugs other than the assertion.
Thanks, Amir.
For the record, this overlayfs series from v6.7 [2] changes subtle internal semantics across overlayfs code, which are not detectable by build error and therefore are a backporting landmine.
This is exactly what happened with the automatic apply of dependecy patch in v6.6.72.
I will try to be extra diligent about review of auto backports below v6.7 from now on.
Luckily, the leaked mount reference was caught by a vfs assertion and promptly reported by Ignat from Cloudflare team.
Thanks! Amir.
[1] https://lore.kernel.org/stable/2025012123-cable-reburial-568e@gregkh/ [2] https://lore.kernel.org/linux-unionfs/20230816152334.924960-1-amir73il@gmail...
Amir Goldstein (3): ovl: pass realinode to ovl_encode_real_fh() instead of realdentry ovl: support encoding fid from inode with no alias fs: relax assertions on failure to encode file handles
fs/notify/fdinfo.c | 4 +--- fs/overlayfs/copy_up.c | 16 ++++++------- fs/overlayfs/export.c | 49 ++++++++++++++++++++++------------------ fs/overlayfs/namei.c | 4 ++-- fs/overlayfs/overlayfs.h | 2 +- 5 files changed, 39 insertions(+), 36 deletions(-)
-- 2.34.1
On Tue, Jan 21, 2025 at 12:14:28PM +0100, Amir Goldstein wrote:
On Tue, Jan 21, 2025 at 12:08 PM Amir Goldstein amir73il@gmail.com wrote:
Greg,
Per your request, here is a manual backport of the overlayfs fixes that were applied in v6.6.72 and reverted in v6.6.73.
Forgot to mention that I backported one extra patch from 6.12.y. It is not an overlayfs patch, but it fixes in a more generic way (removing an unneeded assertion) the same bug report that the overlayfs patches fix.
Both fixes are needed, because the assertion could have been hit without overlayfs and because the overlayfs fixes are needed to fix bugs other than the assertion.
No worries, looks good, thanks for the backports, I'll go queue them up right now.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Amir Goldstein -
Greg Kroah-Hartman -
Sasha Levin