Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1644686imm; Wed, 26 Sep 2018 23:38:20 -0700 (PDT) X-Google-Smtp-Source: ACcGV62LISQ1vP+jnppDZRj72mLaDzucNGBFENYp8qDaaieBtIC3sLXI75mKHsbUU2/Op0uI841Y X-Received: by 2002:a63:380d:: with SMTP id f13-v6mr8704765pga.124.1538030300886; Wed, 26 Sep 2018 23:38:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538030300; cv=none; d=google.com; s=arc-20160816; b=hTE/XCVOtyMhSVojJ/a+rq3IIxZPLg/OAk/bUqilIydYob84hpyFUsqjQN1p7JLsjH Tinl3xAguyzOkUw89MAlD2ryFR5FUg0Toj3mQovW0C5BNokRjxutUmPRBcJ4VicqbiV5 FBtG0ORkXbcMKpTOiADrtURX1cC3lYBEtcQHXoM/O7vHKZ3f5PjVLQmH+1ROT2O+NPe0 ivcboOFmYgWPc+dNCfFYW/2nv659+WR8SZhm2DiRpQ0j1V5iHt9XFyPCawmJZNP//nwL Zz2mu54B62dQxoMjkTJt8h2eynSfaomQURBh4w0ZGqRo+UGIi7eGPW3dHQ2vbry06QX+ Axpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=yDtD6A1Q8KkHpgoeKwaSXpdD7sIReE8qOIjGmkgI4no=; b=PlBBLQI9MbnvTZ28aSMP7GJ5dcx+QksP6RGicPzXJTT5jVvgsj5oBvL/swQENKt/5/ YN47IOwFgvkDjq7DTnGwyGJ57aH81KH+L5DXZNtDoeS9bL025x3TrOgxPhCaiwBld5+X I/vHrko/aOUQp4o2plR/oLyE7jvDJfZHQMm+9vsjMJt9yjTGn2NngyAaXFHQHMRTQLWO Xmb3wPG7c0LdWZdV7GX/KBJJceEdwyADV0T6kv/Qhv0kP/ajp84p5SmCY407+NduhpRo D6WfVBn3R26MSDg/e0uLApx8e+sNXWeleN5MOMF9mkvxT7jNXtEGV7f2koXnW7iTuFCh eDIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=EMapyDXn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d16-v6si1198664pfe.267.2018.09.26.23.38.05; Wed, 26 Sep 2018 23:38:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=EMapyDXn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727206AbeI0MxD (ORCPT + 99 others); Thu, 27 Sep 2018 08:53:03 -0400 Received: from mail-it1-f177.google.com ([209.85.166.177]:53950 "EHLO mail-it1-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726659AbeI0MxD (ORCPT ); Thu, 27 Sep 2018 08:53:03 -0400 Received: by mail-it1-f177.google.com with SMTP id q70-v6so6479985itb.3 for ; Wed, 26 Sep 2018 23:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yDtD6A1Q8KkHpgoeKwaSXpdD7sIReE8qOIjGmkgI4no=; b=EMapyDXnbhb2rPwxp8mNzBUWtnuWf/vM/3PhLLqJ2Z5FITJZN41V5rZHLDURaS1vq1 CK3LLQxF0j+cqH1t9AS5FNKDhBAXLApRT/l2O5gRwuWrazmHgLi6fhMT3rAnVsIYhc8e RJ977sqATt3xpsZFhkJwxZ6jd9hPdvZzq9o2o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yDtD6A1Q8KkHpgoeKwaSXpdD7sIReE8qOIjGmkgI4no=; b=dt7xDV0KvGxcH4f/X5xVlEtlytB8Z2reEy36NJ9VYL+tp+mFa7M1sXxobECmhUSZ1Z 5AmdChbKqgUlfmCKwsKG/3pIcCCduHNq2mSCc+pGVgmCzsBo2rvLaqwmpc+JBdT4AzJh RagCOxlMh3n4feIeB4DPUEfbwU8GcH/uYv66KfJNaynwsrSGPUdU/03k4olopzqzuXJu KlGeGo8nJXtHoLCY+8Y+0sS232NtXKMVnWV13npyofXXX0c8nJRVkKQIeUHyViM1vI/0 IIE0/29ycUov1qx6S7bBwfXoMucyhc6bpKBkVQakvZn/rrtT0s+CntwlazmyhPRy9L4N v9CA== X-Gm-Message-State: ABuFfogLObdCW2D30/dBBhTh87Or1QUqH3kAp6rKyrapb0ZyoU2nhAPI PMk0ma9Cw8zA5pm1Q4o3FN3an8NAeZvxXrongxbJTw== X-Received: by 2002:a24:27d5:: with SMTP id g204-v6mr8391444ita.47.1538030184228; Wed, 26 Sep 2018 23:36:24 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:bf41:0:0:0:0:0 with HTTP; Wed, 26 Sep 2018 23:36:23 -0700 (PDT) X-Originating-IP: [212.96.48.140] In-Reply-To: References: <00000000000044cbf80576baaecd@google.com> From: Miklos Szeredi Date: Thu, 27 Sep 2018 08:36:23 +0200 Message-ID: Subject: Re: possible deadlock in path_openat To: Amir Goldstein Cc: syzbot , linux-fsdevel , linux-kernel , syzkaller-bugs , Al Viro , overlayfs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 27, 2018 at 8:05 AM, Amir Goldstein wrote: > So this is interesting... if there is a file in overlayfs lower layer with > the f_op read = seq_read then &p->lock in the chain above could be > takes after ovl locks and that is in reveres order to the order of locks > in execve on an overlayfs file. > > On the one hand, it is possible (not sure if desirable) to use filesystems > with seq_file like debugfs as overlay lower fs, but on the other hand, > it is not possible to copy up a debugfs file with its original content > because (at least for most files I looked) the inode size is reported as 0. > > Also, from v4.19-rc1, with stacked f_op, ovl_read_iter() calls vfs_iter_read(), > so overlayfs is no longer tolerant to underlying files that implement f_op read > (and not read_iter), thus, it is no longer possible to read lower debugfs files. > > That said, if there are files in lower layer that user seq_read f_op and have > non zero inode size, the deadlock reported above might be possible. > > Miklos, > > What do you recon we should do? > Blacklist debugfs just like procfs was blacklisted from fs stacking? > Improve the heuristics of ovl_dentry_weird() to cover debugfs and friends? I think that's the best plan. There doesn't seem to be any sense in supporting debugfs and similar weirdness as lower layer, so the best course of action would be to deny at the earilest possible point in time. Thanks, Miklos