* [PATCH] fix error: a bin file can truncate itself while running on overlayfs
@ 2016-06-22 10:13 zhangaihua1
2016-06-27 1:06 ` retry:[PATCH] " Zhang AiHua
0 siblings, 1 reply; 3+ messages in thread
From: zhangaihua1 @ 2016-06-22 10:13 UTC (permalink / raw)
To: linux-fsdevel, linux-kernel, linux-unionfs; +Cc: Aihua Zhang
From: Aihua Zhang <zhangaihua1@huawei.com>
I wrote a testcase to truncate a bin file while it is running on overlayfs.
the mount:
/dev/mapper/fedora-home on /home type ext4 (rw,relatime,data=ordered)
overlay on /tmp type overlay (rw,relatime,lowerdir=/home/zah/lower,
upperdir=/home/zah/upper,workdir=/home/zah/workdir)
the code cpp:
int main(int argc, char *argv[])
{
int status;
pthread_t thread;
int err;
char *ptr;
ptr = basename(argv[0]);
printf("%s\n",ptr);
errno = 0;
status = truncate(ptr, 4096);
printf("status:%d\n",status);
printf("errno:%d\n",errno);
printf("ETXTBSY:%d\n",ETXTBSY);
if ((-1 == status) && (ETXTBSY == errno))
{
printf("PASS\n");
return 0;
}
err = errno;
printf("err = %d\n", err);
printf("FAIL\n");
return 1;
}
I running the test on overlayfs, the result as below:
Bus error (core dumped)
and running the test on ext4, the result as below:
status:-1
errno:26
ETXTBSY:26
PASS
I add some log, and I find the inode is not correct on overlayfs,
and the inode->i_writecount is not correct also called by vfs_truncate->
get_write_access(), the log as below:
Jun 22 09:50:38 kernel: [131.872920] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873109] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873110] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873112] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873114] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873115] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873116] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873162] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873947] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.874039] vfs_truncate: inode ino:24061
before vfs_truncate, the inode is point to upper filesystem(ext4),
and in vfs_truncate the inode is point to overlayfs.
So, I fix it by geting the real inode via ovl_d_select_inode.
Signed-off-by: Aihua Zhang <zhangaihua1@huawei.com>
---
fs/open.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 93ae3cd..43b17d1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -67,10 +67,16 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
long vfs_truncate(const struct path *path, loff_t length)
{
+ struct dentry *dentry = path->dentry;
struct inode *inode;
long error;
- inode = path->dentry->d_inode;
+ if (dentry->d_flags & DCACHE_OP_SELECT_INODE) {
+ inode = dentry->d_op->d_select_inode(dentry, O_TRUNC);
+ if (IS_ERR(inode))
+ return PTR_ERR(inode);
+ } else
+ inode = dentry->d_inode;
/* For directories it's -EISDIR, for other non-regulars - -EINVAL */
if (S_ISDIR(inode->i_mode))
@@ -106,7 +112,7 @@ long vfs_truncate(const struct path *path, loff_t length)
if (!error)
error = security_path_truncate(path);
if (!error)
- error = do_truncate(path->dentry, length, 0, NULL);
+ error = do_truncate(dentry, length, 0, NULL);
put_write_and_out:
put_write_access(inode);
--
1.7.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* retry:[PATCH] fix error: a bin file can truncate itself while running on overlayfs
2016-06-22 10:13 [PATCH] fix error: a bin file can truncate itself while running on overlayfs zhangaihua1
@ 2016-06-27 1:06 ` Zhang AiHua
2016-06-29 14:03 ` Miklos Szeredi
0 siblings, 1 reply; 3+ messages in thread
From: Zhang AiHua @ 2016-06-27 1:06 UTC (permalink / raw)
To: linux-fsdevel, linux-kernel, linux-unionfs
-------- 转发的消息 --------
主题: [PATCH] fix error: a bin file can truncate itself while running on overlayfs
日期: Wed, 22 Jun 2016 18:13:08 +0800
发件人: zhangaihua1@huawei.com
收件人: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org
抄送: Aihua Zhang <zhangaihua1@huawei.com>
From: Aihua Zhang <zhangaihua1@huawei.com>
I wrote a testcase to truncate a bin file while it is running on overlayfs.
the mount:
/dev/mapper/fedora-home on /home type ext4 (rw,relatime,data=ordered)
overlay on /tmp type overlay (rw,relatime,lowerdir=/home/zah/lower,
upperdir=/home/zah/upper,workdir=/home/zah/workdir)
the code cpp:
int main(int argc, char *argv[])
{
int status;
pthread_t thread;
int err;
char *ptr;
ptr = basename(argv[0]);
printf("%s\n",ptr);
errno = 0;
status = truncate(ptr, 4096);
printf("status:%d\n",status);
printf("errno:%d\n",errno);
printf("ETXTBSY:%d\n",ETXTBSY);
if ((-1 == status) && (ETXTBSY == errno))
{
printf("PASS\n");
return 0;
}
err = errno;
printf("err = %d\n", err);
printf("FAIL\n");
return 1;
}
I running the test on overlayfs, the result as below:
Bus error (core dumped)
and running the test on ext4, the result as below:
status:-1
errno:26
ETXTBSY:26
PASS
I add some log, and I find the inode is not correct on overlayfs,
and the inode->i_writecount is not correct also called by vfs_truncate->
get_write_access(), the log as below:
Jun 22 09:50:38 kernel: [131.872920] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873109] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873110] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873112] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873114] deny_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873115] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873116] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873162] allow_write_access: inode ino 64104618
Jun 22 09:50:38 kernel: [131.873947] __vma_link_file: inode ino 64104618
Jun 22 09:50:38 kernel: [131.874039] vfs_truncate: inode ino:24061
before vfs_truncate, the inode is point to upper filesystem(ext4),
and in vfs_truncate the inode is point to overlayfs.
So, I fix it by geting the real inode via ovl_d_select_inode.
Signed-off-by: Aihua Zhang <zhangaihua1@huawei.com>
---
fs/open.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 93ae3cd..43b17d1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -67,10 +67,16 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
long vfs_truncate(const struct path *path, loff_t length)
{
+ struct dentry *dentry = path->dentry;
struct inode *inode;
long error;
- inode = path->dentry->d_inode;
+ if (dentry->d_flags & DCACHE_OP_SELECT_INODE) {
+ inode = dentry->d_op->d_select_inode(dentry, O_TRUNC);
+ if (IS_ERR(inode))
+ return PTR_ERR(inode);
+ } else
+ inode = dentry->d_inode;
/* For directories it's -EISDIR, for other non-regulars - -EINVAL */
if (S_ISDIR(inode->i_mode))
@@ -106,7 +112,7 @@ long vfs_truncate(const struct path *path, loff_t length)
if (!error)
error = security_path_truncate(path);
if (!error)
- error = do_truncate(path->dentry, length, 0, NULL);
+ error = do_truncate(dentry, length, 0, NULL);
put_write_and_out:
put_write_access(inode);
--
1.7.1
.
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: retry:[PATCH] fix error: a bin file can truncate itself while running on overlayfs
2016-06-27 1:06 ` retry:[PATCH] " Zhang AiHua
@ 2016-06-29 14:03 ` Miklos Szeredi
0 siblings, 0 replies; 3+ messages in thread
From: Miklos Szeredi @ 2016-06-29 14:03 UTC (permalink / raw)
To: Zhang AiHua; +Cc: linux-fsdevel, linux-kernel, linux-unionfs
Hi,
Thanks for the report and the testcase.
Here's a patch using a different approach (overlayfs philosophy is to minimize
VFS footprint).
Thanks,
Miklos
---
From: Miklos Szeredi <mszeredi@redhat.com>
Subject: ovl: get_write_access() in truncate
When truncating a file we should check write access on the underlying
inode. And we should do so on the lower file as well (before copy-up) for
consistency.
Original patch and test case by Aihua Zhang.
- - >o >o - - test.c - - >o >o - -
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int ret;
ret = truncate(argv[0], 4096);
if (ret != -1) {
fprintf(stderr, "truncate(argv[0]) should have failed\n");
return 1;
}
if (errno != ETXTBSY) {
perror("truncate(argv[0])");
return 1;
}
return 0;
}
- - >o >o - - >o >o - - >o >o - -
Reported-by: Aihua Zhang <zhangaihua1@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
---
fs/overlayfs/inode.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -59,16 +59,37 @@ int ovl_setattr(struct dentry *dentry, s
if (err)
goto out;
+ if (attr->ia_valid & ATTR_SIZE) {
+ struct inode *realinode = d_inode(ovl_dentry_real(dentry));
+
+ err = -ETXTBSY;
+ if (atomic_read(&realinode->i_writecount) < 0)
+ goto out_drop_write;
+ }
+
err = ovl_copy_up(dentry);
if (!err) {
+ struct inode *winode = NULL;
+
upperdentry = ovl_dentry_upper(dentry);
+ if (attr->ia_valid & ATTR_SIZE) {
+ winode = d_inode(upperdentry);
+ err = get_write_access(winode);
+ if (err)
+ goto out_drop_write;
+ }
+
inode_lock(upperdentry->d_inode);
err = notify_change(upperdentry, attr, NULL);
if (!err)
ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
inode_unlock(upperdentry->d_inode);
+
+ if (winode)
+ put_write_access(winode);
}
+out_drop_write:
ovl_drop_write(dentry);
out:
return err;
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-29 14:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-22 10:13 [PATCH] fix error: a bin file can truncate itself while running on overlayfs zhangaihua1
2016-06-27 1:06 ` retry:[PATCH] " Zhang AiHua
2016-06-29 14:03 ` Miklos Szeredi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).