From patchwork Thu Jun 22 09:37:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrea Righi <andrea.righi@canonical.com>
X-Patchwork-Id: 1798315
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=bPvzDJ0C;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QmwJv5DMQz20Zv
	for <incoming@patchwork.ozlabs.org>; Thu, 22 Jun 2023 19:37:51 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1qCGl7-0000k0-Qj; Thu, 22 Jun 2023 09:37:45 +0000
Received: from smtp-relay-internal-1.internal ([10.131.114.114]
 helo=smtp-relay-internal-1.canonical.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <andrea.righi@canonical.com>) id 1qCGl5-0000jP-Oc
 for kernel-team@lists.ubuntu.com; Thu, 22 Jun 2023 09:37:43 +0000
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 522F13F04C
 for <kernel-team@lists.ubuntu.com>; Thu, 22 Jun 2023 09:37:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1687426662;
 bh=mFg6M8liFI2skyZkEienzkQ7n9fh6apLgyRpOyV25s4=;
 h=From:To:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=bPvzDJ0CAkkTxF4yIMqY5mnRLUqq3Hjsjn4fT6AGIBQolWq4iI8ZSFFxow0qW0iKJ
 zt7D9XJTgFcXKc9hIFmTQScMZ1nH/Ofb084W8qF7ipbSmkjox54gumQjrhdrblZQkn
 hFW2851m/9fFBHZ8mTo3eOFnVzzGfNGE2r1P24wg6vSwB0VL38zI/lSnaVsBnDhYvv
 sjFqO9hgUBtmVPuKnv83x5JzJB4hZmUyHO/Uh0P6q6sh+qERxCiw/7hpr4BvGfBh/s
 +0/X1kU/ro4Lo2LxL7TdEzG7zS0x312DzXTaRnpFikHim8h1z0OyjLLI1IaiwR9Cqj
 iTKBUJwKmOBqw==
Received: by mail-ej1-f71.google.com with SMTP id
 a640c23a62f3a-978a991c3f5so522397366b.0
 for <kernel-team@lists.ubuntu.com>; Thu, 22 Jun 2023 02:37:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1687426661; x=1690018661;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=mFg6M8liFI2skyZkEienzkQ7n9fh6apLgyRpOyV25s4=;
 b=M+8ocZCqL+V8pplCPq8odluUmOpx1S6ahDD6ftLyBqh4rCZZgdb4PvpQPScchJ300K
 gqibziScIEDcGAiQcZ612eQQa82WI4a8jTPcTwIRWOSBgmPx56NfwO8+aqZG9xKAvCuT
 YGJLoJXkctCsk00s5wFgch2QimDwSoy6v4LGT6k5LANaoZOhjgN5i1wu0jiEr5/DRBR/
 1QXBUf9Ju+AUnTqEPQ3JgYmonMSgcw9N/01LMRwsMJXEp9/ot1Svi7ud3lGyUcAi5XqL
 FjFMbS5k1lREBolk9oSd0pgwXosfpsUBACu/yMMsY0YL6TBq00N1f8vYWtkfUrlvq5Vq
 iNTw==
X-Gm-Message-State: AC+VfDz8UJRVjWXlWR5ToSRuzFR+i62E+8pwOMnR9+nqdOq6YINjCoCP
 EZ8iD1O/vrVWRD6fd3CNr7Y1t7GG1ic/wP2yrJz+OGbCzxVHO/4AxskVaCatJfpxj04Ck/U9D/o
 EjEZO9tR2kW99XItjr/iXQykekZuM13u9hLbvH+nnoMid3BWIaA==
X-Received: by 2002:a17:907:9415:b0:979:dad9:4e9 with SMTP id
 dk21-20020a170907941500b00979dad904e9mr18358704ejc.50.1687426661076;
 Thu, 22 Jun 2023 02:37:41 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ7iphvJZMtxWn4mgVUv45YUOQYk/zsoVrun4ptxMOwxRvsfBI4t+rBasi+rKa+wckB9KR8azQ==
X-Received: by 2002:a17:907:9415:b0:979:dad9:4e9 with SMTP id
 dk21-20020a170907941500b00979dad904e9mr18358697ejc.50.1687426660898;
 Thu, 22 Jun 2023 02:37:40 -0700 (PDT)
Received: from localhost.localdomain
 (host-82-51-67-121.retail.telecomitalia.it. [82.51.67.121])
 by smtp.gmail.com with ESMTPSA id
 y9-20020a17090668c900b009891f667b7bsm4210131ejr.214.2023.06.22.02.37.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 22 Jun 2023 02:37:40 -0700 (PDT)
From: Andrea Righi <andrea.righi@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][L/K/J][PATCH 1/1] UBUNTU: SAUCE: overlayfs: fix reference count
 mismatch
Date: Thu, 22 Jun 2023 11:37:30 +0200
Message-Id: <20230622093731.632666-2-andrea.righi@canonical.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20230622093731.632666-1-andrea.righi@canonical.com>
References: <20230622093731.632666-1-andrea.righi@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/2016398

Opened files reported in /proc/pid/map_files can be shows with the wrong
mount point using overlayfs with filesystem namspaces.

This incorrect behavior is fixed:

  UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files

However, the fix introduced a new regression, the reference to the
original file stored in vma->vm_prfile is not properly released when
vma->vm_prfile is replaced with a new file.

This can cause a reference counter unbalance, leading errors such as
"target is busy" when trying to unmount overlayfs, even if the
filesystem has not active reference.

Fix by properly releasing the original file stored in vm_prfile.

Fixes: 508fdae3f62dd ("UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files")
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
---
 fs/overlayfs/file.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index e3c6834d8d0f1..6230364ae4b41 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -504,16 +504,33 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync)
  *
  * See also mm/prfile.c
  */
+#ifdef CONFIG_MMU
 static void ovl_vm_prfile_set(struct vm_area_struct *vma,
 			      struct file *file)
 {
 	get_file(file);
-	vma->vm_prfile = file;
-#ifndef CONFIG_MMU
+	swap(vma->vm_prfile, file);
+	/* Drop reference count from previous file value */
+	if (file)
+		fput(file);
+}
+#else
+static void ovl_vm_prfile_set(struct vm_area_struct *vma,
+			      struct file *file)
+{
+	struct file *vm_region_file = file;
+
 	get_file(file);
-	vma->vm_region->vm_prfile = file;
-#endif
+	get_file(vm_region_file);
+	swap(vma->vm_prfile, file);
+	swap(vma->vm_region->vm_prfile, vm_region_file);
+	/* Drop reference count from previous file values */
+	if (file)
+		fput(file);
+	if (vm_region_file)
+		fput(vm_region_file);
 }
+#endif
 
 static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
 {