From: Miklos Szeredi <miklos@szeredi.hu>
To: "Chengguang Xu" <cgxu519@mykernel.net>,
"Christian König" <christian.koenig@amd.com>,
"Jason Gunthorpe" <jgg@nvidia.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Cc: overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH] ovl: restore vma->vm_file to old file
Date: Wed, 21 Apr 2021 11:47:42 +0200 [thread overview]
Message-ID: <CAJfpegvfGAynZ1kz287eJHVRc6+81FzUwSq_V9E36qXCB7WtYQ@mail.gmail.com> (raw)
In-Reply-To: <20210420020738.201670-1-cgxu519@mykernel.net>
On Tue, Apr 20, 2021 at 4:08 AM Chengguang Xu <cgxu519@mykernel.net> wrote:
>
> In the error case of ->mmap() we should also restore vma->vm_file
> to old file in order to keep correct file reference in error path.
>
> Signed-off-by: Chengguang Xu <cgxu519@mykernel.net>
> ---
> fs/overlayfs/file.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> index 6e454a294046..046a7adb02c5 100644
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -439,6 +439,7 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
> if (ret) {
> /* Drop reference count from new vm_file value */
> fput(realfile);
> + vma->vm_file = file;
That's interesting: commit 1527f926fd04 ("mm: mmap: fix fput in error
path v2") which went into 5.11-rc1 seems to have broke the refcounting
in overlayfs in the name of cleaning up a workaround. Wondering if
there's any other damage done by this "fix"?
Changing refcounting rules in core kernel is no easy matter, a full
audit of ->mmap instances (>200) should have been done beforehand.
I suggest reverting this commit as a first step.
Thanks,
Miklos
next prev parent reply other threads:[~2021-04-21 9:47 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 2:07 [PATCH] ovl: restore vma->vm_file to old file Chengguang Xu
2021-04-21 9:47 ` Miklos Szeredi [this message]
2021-04-21 11:03 ` Christian König
2021-04-21 11:14 ` Miklos Szeredi
2021-04-21 11:25 ` Christian König
2021-04-21 12:15 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJfpegvfGAynZ1kz287eJHVRc6+81FzUwSq_V9E36qXCB7WtYQ@mail.gmail.com \
--to=miklos@szeredi.hu \
--cc=akpm@linux-foundation.org \
--cc=cgxu519@mykernel.net \
--cc=christian.koenig@amd.com \
--cc=jgg@nvidia.com \
--cc=linux-unionfs@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).