[Devel] [PATCH RH8] fs/overlayfs: Fix crash on overlayfs mount
Alexander Mikhalitsyn
alexander.mikhalitsyn at virtuozzo.com
Fri May 14 15:17:38 MSK 2021
[ 261.403900] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 261.412847] Call Trace:
[ 261.413463] seq_path+0x3c/0xa0
[ 261.414090] print_paths_option+0x8c/0xa0
[ 261.414736] ovl_show_options+0x41/0x320
[ 261.415378] show_mountinfo+0x1df/0x2b0
[ 261.416019] seq_read+0x26e/0x3d0
[ 261.416644] vfs_read+0x89/0x140
[ 261.417269] ksys_read+0x52/0xc0
[ 261.418918] do_syscall_64+0x5b/0x1e0
[ 261.419580] entry_SYSCALL_64_after_hwframe+0x65/0xca
[ 261.420256] RIP: 0033:0x7f20b59f28e4
The problem is that we take overlayfs lower layers info not
from root dentry. Non-root dentries can have less layers than
root dentry.
Crash reproducer:
mkdir {lower,upper,work,merged}
touch lower/lower
touch upper/upper
touch lowermnt
touch uppermnt
mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work merged
mount --bind merged/upper uppermnt
mount --bind merged/lower lowermnt
Fixes: 4267859a0 ("fs/ovelayfs: Fix crash on overlayfs mount")
https://jira.sw.ru/browse/PSBM-129333
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
fs/overlayfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index b00e73e886bc..27193800b77c 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -358,7 +358,7 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
{
struct super_block *sb = dentry->d_sb;
struct ovl_fs *ofs = sb->s_fs_info;
- struct ovl_entry *oe = OVL_E(dentry);
+ struct ovl_entry *oe = OVL_E(sb->s_root);
if (ovl_dyn_path_opts) {
print_paths_option(m, "lowerdir", oe->lowerpaths, oe->numlower);
--
2.28.0
More information about the Devel
mailing list