[Devel] [PATCH RHEL8 COMMIT] fs/overlayfs: Fix crash on overlayfs mount

Konstantin Khorenko khorenko at virtuozzo.com
Mon May 17 19:05:16 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.30
------>
commit 87603cbffe1d64013183694cae855612f63b59c1
Author: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
Date:   Mon May 17 19:05:16 2021 +0300

    fs/overlayfs: Fix crash on overlayfs mount
    
    [  261.403900] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
    [  261.412847] Call Trace:
    [  261.413463]  seq_path+0x3c/0xa0
    [  261.414090]  print_paths_option+0x8c/0xa0
    [  261.414736]  ovl_show_options+0x41/0x320
    [  261.415378]  show_mountinfo+0x1df/0x2b0
    [  261.416019]  seq_read+0x26e/0x3d0
    [  261.416644]  vfs_read+0x89/0x140
    [  261.417269]  ksys_read+0x52/0xc0
    [  261.418918]  do_syscall_64+0x5b/0x1e0
    [  261.419580]  entry_SYSCALL_64_after_hwframe+0x65/0xca
    [  261.420256] RIP: 0033:0x7f20b59f28e4
    
    The problem is that we take overlayfs lower layers info not
    from root dentry. Non-root dentries can have less layers than
    root dentry.
    
    Crash reproducer:
    mkdir {lower,upper,work,merged}
    touch lower/lower
    touch upper/upper
    touch lowermnt
    touch uppermnt
    mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work merged
    mount --bind merged/upper uppermnt
    mount --bind merged/lower lowermnt
    
    Fixes: 4267859a0 ("fs/ovelayfs: Fix crash on overlayfs mount")
    
    https://jira.sw.ru/browse/PSBM-129333
    
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 fs/overlayfs/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index b00e73e886bc..27193800b77c 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -358,7 +358,7 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
 {
 	struct super_block *sb = dentry->d_sb;
 	struct ovl_fs *ofs = sb->s_fs_info;
-	struct ovl_entry *oe = OVL_E(dentry);
+	struct ovl_entry *oe = OVL_E(sb->s_root);
 
 	if (ovl_dyn_path_opts) {
 		print_paths_option(m, "lowerdir", oe->lowerpaths, oe->numlower);

More information about the Devel mailing list