Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp279593pxf;
        Thu, 8 Apr 2021 02:59:52 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwDk+U4HXqw3yK/Syl0haKoqx/sSM8FGnpCibgqirxpZ71xEqQILUO8YNx1Dnf65h3DI0Km
X-Received: by 2002:a05:6402:48c:: with SMTP id k12mr10158777edv.237.1617875991913;
        Thu, 08 Apr 2021 02:59:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617875991; cv=none;
        d=google.com; s=arc-20160816;
        b=X0mkOInj1jdc0HyKvZwx6d1Szhakwugc2vrs+EsEkB+Jk4bk3wUlAtOFzPrPogm6eR
         +8Zfy953gffANPhJWXOT2iC6UeQTCJejWNu45f/2asybCmNF5LLKjvN9I2j/KJ+z/+Fn
         oNVconTjtFm2nyzT6/KOEemaxEMK4xW3L6vGg5+xnUHKzNy+PbI8KJvet1g5O88EIhXq
         Qpc4JYPDy5IA7R80ZKxewrIHEt9UddzDVytWa3djF2YyVvQ+OrPIE6TcEOnWyyvzx6hQ
         Y6wbCMTxU7Hchzi8XV1YN6OdU1q4OPhKPp/tNr+3zfVimUxni0sUMOjN31M3WnrtOWwn
         sSvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=vqkcfcLmWPSwGQ7DXIyIlAdTx4eIhz1g0fE/uj8Jq5Q=;
        b=hFXbixRsBWk1iJf+oMdjhj5ZfhZPYD7Vd0+OY+dP8iGQHWFDUTuJUmt7TlQKWfKAOy
         av5jsUqCc9PjM4Hzdy9kdXNAyBl3nwMQx1K28kA2/1tw3ySeKAqkvBPM6JKfwlUjacNG
         rTykSTblwSfuYUir9bavPpBX+3v/Dxs9vatMzOMRJqSkcRtM7jA9WZIpQh+CWgHC8f5S
         fYkbW/Ton2oUlV3p4yYDAYxijH02gfQ2Jsc7Xoe6feGAmta7dNfG8v/yoKLd6MIJcwoV
         NfevHkMfQW8KDzt59EcA0knDxe0klyS6GzwEunQlMHY36Z+DW5mFra18ty8JQKrvYVlO
         OGwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=ak4tVPm2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m13si9962476ejc.676.2021.04.08.02.59.29;
        Thu, 08 Apr 2021 02:59:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=ak4tVPm2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231423AbhDHJ6e (ORCPT <rfc822;linux.s.jambekar@gmail.com>
        + 99 others); Thu, 8 Apr 2021 05:58:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48796 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231205AbhDHJ6d (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Apr 2021 05:58:33 -0400
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 135B0C061763
        for <linux-kernel@vger.kernel.org>; Thu,  8 Apr 2021 02:58:22 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id 2so817865vsh.4
        for <linux-kernel@vger.kernel.org>; Thu, 08 Apr 2021 02:58:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=vqkcfcLmWPSwGQ7DXIyIlAdTx4eIhz1g0fE/uj8Jq5Q=;
        b=ak4tVPm2ajctg+hnsjp8GHDd5d8rnO+htwb7t/lo2NiatS+hRAXSYXtJ2BFjM6x48U
         pnA3KNNoIxXJdN3FUU5ajyCgsw02XIyHzdNzHBN+7meSGNIFDBPp1Wn0sT3/G/RLW0Wd
         MKbnV+cT/6M5eRpLsuP/tywNIa+EUWls2KYUk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=vqkcfcLmWPSwGQ7DXIyIlAdTx4eIhz1g0fE/uj8Jq5Q=;
        b=pU/KhseWgrT0zMsZ8u5baj+mjndSZwLr0MCoykWK4gj+tU/Xi2lI9z60IoSaw6p0oN
         Qx8IpbfYuf1Z+Qii8xkAbAbmSPS+BZW43D81pOqLy3OGtNDWKr5jUGGgECH0A0gaUJsn
         /IUYkLRCtQ/6A2PY0zxg9j/qkx9LxOtKnKuMi6hrO3kAUWK18FA0uHjGezCt0BhZx94d
         VG2dj8BvtDduwAYXzMPyEdpae1+tJBXHm2UwKOVB1l0sbIvTULEog2rBOm1U4+PrUWiK
         w53mzdny3x9DeWDzDfCx+abIq+12qVOh1iQFb3AsSzEVDN3YYUmVM5IXCff/f0qDR2ak
         I96g==
X-Gm-Message-State: AOAM533dP36aAoRzuKWbJB7bb6AypeGg9OGaiW3LVL1SFZv8dolAe7tY
        7v72QLndf0FgH2FgB6mLeUxsWL0e21M7ZRmAkeavoQ==
X-Received: by 2002:a67:b005:: with SMTP id z5mr4869666vse.47.1617875901207;
 Thu, 08 Apr 2021 02:58:21 -0700 (PDT)
MIME-Version: 1.0
References: <20210329164907.2133175-1-mic@digikod.net>
In-Reply-To: <20210329164907.2133175-1-mic@digikod.net>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Thu, 8 Apr 2021 11:58:10 +0200
Message-ID: <CAJfpegu=8L7Fd_qYK0cJRQ18NqyVeSvTp-vcC4KmqZEcw28naw@mail.gmail.com>
Subject: Re: [PATCH v1] ovl: Fix leaked dentry
To:     =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@digikod.net>
Cc:     linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        overlayfs <linux-unionfs@vger.kernel.org>,
        Amir Goldstein <amir73il@gmail.com>,
        Vivek Goyal <vgoyal@redhat.com>,
        stable <stable@vger.kernel.org>,
        syzbot <syzkaller@googlegroups.com>,
        =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@linux.microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 29, 2021 at 6:48 PM Micka=C3=ABl Sala=C3=BCn <mic@digikod.net> =
wrote:
>
> From: Micka=C3=ABl Sala=C3=BCn <mic@linux.microsoft.com>
>
> Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in
> ovl_lookup()"), overlayfs doesn't put temporary dentry when there is a
> metacopy error, which leads to dentry leaks when shutting down the
> related superblock:
>
>   overlayfs: refusing to follow metacopy origin for (/file0)
>   ...
>   BUG: Dentry (____ptrval____){i=3D3f33,n=3Dfile3}  still in use (1) [unm=
ount of overlay overlay]
>   ...
>   WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d
>   CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1
>   ...
>   RIP: 0010:umount_check.cold+0x107/0x14d
>   ...
>   Call Trace:
>    d_walk+0x28c/0x950
>    ? dentry_lru_isolate+0x2b0/0x2b0
>    ? __kasan_slab_free+0x12/0x20
>    do_one_tree+0x33/0x60
>    shrink_dcache_for_umount+0x78/0x1d0
>    generic_shutdown_super+0x70/0x440
>    kill_anon_super+0x3e/0x70
>    deactivate_locked_super+0xc4/0x160
>    deactivate_super+0xfa/0x140
>    cleanup_mnt+0x22e/0x370
>    __cleanup_mnt+0x1a/0x30
>    task_work_run+0x139/0x210
>    do_exit+0xb0c/0x2820
>    ? __kasan_check_read+0x1d/0x30
>    ? find_held_lock+0x35/0x160
>    ? lock_release+0x1b6/0x660
>    ? mm_update_next_owner+0xa20/0xa20
>    ? reacquire_held_locks+0x3f0/0x3f0
>    ? __sanitizer_cov_trace_const_cmp4+0x22/0x30
>    do_group_exit+0x135/0x380
>    __do_sys_exit_group.isra.0+0x20/0x20
>    __x64_sys_exit_group+0x3c/0x50
>    do_syscall_64+0x45/0x70
>    entry_SYSCALL_64_after_hwframe+0x44/0xae
>   ...
>   VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. =
 Have a nice day...
>
> This fix has been tested with a syzkaller reproducer.
>
> Cc: Amir Goldstein <amir73il@gmail.com>
> Cc: Miklos Szeredi <miklos@szeredi.hu>
> Cc: Vivek Goyal <vgoyal@redhat.com>
> Cc: <stable@vger.kernel.org> # v5.7+
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Fixes: 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()")
> Signed-off-by: Micka=C3=ABl Sala=C3=BCn <mic@linux.microsoft.com>
> Link: https://lore.kernel.org/r/20210329164907.2133175-1-mic@digikod.net

Thanks, applied.

Miklos