linux-unionfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miklos Szeredi <miklos@szeredi.hu>
To: "Christian König" <christian.koenig@amd.com>
Cc: Chengguang Xu <cgxu519@mykernel.net>,
	Jason Gunthorpe <jgg@nvidia.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH] ovl: restore vma->vm_file to old file
Date: Wed, 21 Apr 2021 13:14:36 +0200	[thread overview]
Message-ID: <CAJfpegvMcitbZ=APBE7Eu4te1LR+thwH=iYrWMvqn80mFFvmLQ@mail.gmail.com> (raw)
In-Reply-To: <481e8c92-3084-f0bc-56ec-86099abfdc55@amd.com>

On Wed, Apr 21, 2021 at 1:03 PM Christian König
<christian.koenig@amd.com> wrote:
>
> Am 21.04.21 um 11:47 schrieb Miklos Szeredi:
> > On Tue, Apr 20, 2021 at 4:08 AM Chengguang Xu <cgxu519@mykernel.net> wrote:
> >> In the error case of ->mmap() we should also restore vma->vm_file
> >> to old file in order to keep correct file reference in error path.
> >>
> >> Signed-off-by: Chengguang Xu <cgxu519@mykernel.net>
> >> ---
> >>   fs/overlayfs/file.c | 1 +
> >>   1 file changed, 1 insertion(+)
> >>
> >> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> >> index 6e454a294046..046a7adb02c5 100644
> >> --- a/fs/overlayfs/file.c
> >> +++ b/fs/overlayfs/file.c
> >> @@ -439,6 +439,7 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
> >>          if (ret) {
> >>                  /* Drop reference count from new vm_file value */
> >>                  fput(realfile);
> >> +               vma->vm_file = file;
> > That's interesting: commit 1527f926fd04 ("mm: mmap: fix fput in error
> > path v2") which went into 5.11-rc1 seems to have broke the refcounting
> > in overlayfs in the name of cleaning up a workaround.   Wondering if
> > there's any other damage done by this "fix"?
>
> Can you give wider context? In other words why did the patch broke the
> reference counting in overlayfs?

In the error case overlayfs would put the reference on realfile (which
is vma->vm_file at that point) and mmap_region() would put the
reference to the original file (which was vma->vm_file before being
overridden).

After your commit mmap_region() puts the ref on the override vm_file,
but not on the original file.

>
> > Changing refcounting rules in core kernel is no easy matter, a full
> > audit of ->mmap instances (>200) should have been done beforehand.
>
> Which is pretty much what was done, see the follow up commit:
>
> commit 295992fb815e791d14b18ef7cdbbaf1a76211a31 (able/vma_file)
> Author: Christian König <christian.koenig@amd.com>
> Date:   Mon Sep 14 15:09:33 2020 +0200
>
>      mm: introduce vma_set_file function v5
>
>      Add the new vma_set_file() function to allow changing
>      vma->vm_file with the necessary refcount dance.
>
> It just looks like I missed the case in overlayfs while doing this.

Yes.  And apparently a number of other cases where vm_file is assigned...

Thanks,
Miklos

  reply	other threads:[~2021-04-21 11:14 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-20  2:07 [PATCH] ovl: restore vma->vm_file to old file Chengguang Xu
2021-04-21  9:47 ` Miklos Szeredi
2021-04-21 11:03   ` Christian König
2021-04-21 11:14     ` Miklos Szeredi [this message]
2021-04-21 11:25       ` Christian König
2021-04-21 12:15         ` Miklos Szeredi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJfpegvMcitbZ=APBE7Eu4te1LR+thwH=iYrWMvqn80mFFvmLQ@mail.gmail.com' \
    --to=miklos@szeredi.hu \
    --cc=akpm@linux-foundation.org \
    --cc=cgxu519@mykernel.net \
    --cc=christian.koenig@amd.com \
    --cc=jgg@nvidia.com \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).