ACK: [SRU][F][PATCH v2 1/1] UBUNTU: SAUCE: overlayfs: fix reference count mismatch

Stefan Bader stefan.bader at canonical.com
Thu Jul 13 07:29:31 UTC 2023 

On 30.06.23 10:01, Andrea Righi wrote:
> BugLink: https://bugs.launchpad.net/bugs/2016398
> 
> Opened files reported in /proc/pid/map_files can be shows with the wrong
> mount point using overlayfs with filesystem namspaces.
> 
> This incorrect behavior is fixed:
> 
>    UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
> 
> However, the fix introduced a new regression, the reference to the
> original file stored in vma->vm_prfile is not properly released when
> vma->vm_prfile is replaced with a new file.
> 
> This can cause a reference counter unbalance, leading errors such as
> "target is busy" when trying to unmount overlayfs, even if the
> filesystem has not active reference.
> 
> Fix by properly releasing the original file stored in vm_prfile.
> 
> Fixes: 508fdae3f62dd ("UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files")
> Signed-off-by: Andrea Righi <andrea.righi at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
>   fs/overlayfs/file.c | 56 +++++++++++++++++++++++++++++----------------
>   1 file changed, 36 insertions(+), 20 deletions(-)
> 
> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> index 366a4267d5f8..baed54914ec4 100644
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -373,17 +373,48 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync)
>   	return ret;
>   }
>   
> -/* handle vma->vm_prfile */
> +/*
> + * In map_files_get_link() (fs/proc/base.c)
> + * we need to determine correct path from overlayfs.
> + * But real_mount(realfile->f_path.mnt) may be not
> + * equal to real_mount(file->f_path.mnt). In such case
> + * fdinfo of the same file which was opened from
> + * /proc/<pid>/map_files/... and "usual" path
> + * will show different mnt_id.
> + *
> + * We solve issue like in aufs by using additional
> + * field on struct vm_area_struct called "vm_prfile"
> + * which is used only for fdinfo/"printing" needs.
> + *
> + * See also mm/prfile.c
> + */
> +#ifdef CONFIG_MMU
>   static void ovl_vm_prfile_set(struct vm_area_struct *vma,
>   			      struct file *file)
>   {
>   	get_file(file);
> -	vma->vm_prfile = file;
> -#ifndef CONFIG_MMU
> +	swap(vma->vm_prfile, file);
> +	/* Drop reference count from previous file value */
> +	if (file)
> +		fput(file);
> +}
> +#else
> +static void ovl_vm_prfile_set(struct vm_area_struct *vma,
> +			      struct file *file)
> +{
> +	struct file *vm_region_file = file;
> +
>   	get_file(file);
> -	vma->vm_region->vm_prfile = file;
> -#endif
> +	get_file(vm_region_file);
> +	swap(vma->vm_prfile, file);
> +	swap(vma->vm_region->vm_prfile, vm_region_file);
> +	/* Drop reference count from previous file values */
> +	if (file)
> +		fput(file);
> +	if (vm_region_file)
> +		fput(vm_region_file);
>   }
> +#endif
>   
>   static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
>   {
> @@ -411,21 +442,6 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
>   		vma->vm_file = file;
>   		fput(realfile);
>   	} else {
> -		/*
> -		 * In map_files_get_link() (fs/proc/base.c)
> -		 * we need to determine correct path from overlayfs.
> -		 * But real_mount(realfile->f_path.mnt) may be not
> -		 * equal to real_mount(file->f_path.mnt). In such case
> -		 * fdinfo of the same file which was opened from
> -		 * /proc/<pid>/map_files/... and "usual" path
> -		 * will show different mnt_id.
> -		 *
> -		 * We solve issue like in aufs by using additional
> -		 * field on struct vm_area_struct called "vm_prfile"
> -		 * which is used only for fdinfo/"printing" needs.
> -		 *
> -		 * See also mm/prfile.c
> -		 */
>   		ovl_vm_prfile_set(vma, file);
>   
>   		/* Drop reference count from previous vm_file value */

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230713/4f459f51/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230713/4f459f51/attachment-0001.sig>

More information about the kernel-team mailing list