ovl: fix lock in ovl_llseek() (531d3040) · Commits · 戴 / test

ovl_inode_lock() is interruptible. When inode_lock() in ovl_llseek() was replaced with ovl_inode_lock(), we did not add a check for error. Fix this by making ovl_inode_lock() uninterruptible and change the existing call sites to use an _interruptible variant. Reported-by:

<syzbot+66a9752fa927f745385e@syzkaller.appspotmail.com> Fixes: ("ovl: use ovl_inode_lock in ovl_llseek()") Signed-off-by:

Amir Goldstein <amir73il@gmail.com> Signed-off-by:

Miklos Szeredi <mszeredi@redhat.com>

fs/overlayfs/overlayfs.h

+6 −1

Original line number	Diff line number	Diff line
		@@ -318,7 +318,12 @@ static inline unsigned int ovl_xino_bits(struct super_block *sb)
		return ovl_same_dev(sb) ? OVL_FS(sb)->xino_mode : 0;
		}

		static inline int ovl_inode_lock(struct inode *inode)
		static inline void ovl_inode_lock(struct inode *inode)
		{
		mutex_lock(&OVL_I(inode)->lock);
		}

		static inline int ovl_inode_lock_interruptible(struct inode *inode)
		{
		return mutex_lock_interruptible(&OVL_I(inode)->lock);
		}

fs/overlayfs/util.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -509,7 +509,7 @@ int ovl_copy_up_start(struct dentry *dentry, int flags)
		struct inode *inode = d_inode(dentry);
		int err;

		err = ovl_inode_lock(inode);
		err = ovl_inode_lock_interruptible(inode);
		if (!err && ovl_already_copied_up_locked(dentry, flags)) {
		err = 1; /* Already copied up */
		ovl_inode_unlock(inode);
		@@ -764,7 +764,7 @@ int ovl_nlink_start(struct dentry *dentry)
		return err;
		}

		err = ovl_inode_lock(inode);
		err = ovl_inode_lock_interruptible(inode);
		if (err)
		return err;

Admin message