• Amir Goldstein's avatar
    ovl: fix GPF in swapfile_activate of file from overlayfs over xfs · 5b910bd6
    Amir Goldstein authored
    Since overlayfs implements stacked file operations, the underlying
    filesystems are not supposed to be exposed to the overlayfs file,
    whose f_inode is an overlayfs inode.
    
    Assigning an overlayfs file to swap_file results in an attempt of xfs
    code to dereference an xfs_inode struct from an ovl_inode pointer:
    
     CPU: 0 PID: 2462 Comm: swapon Not tainted
     4.18.0-xfstests-12721-g33e17876 #3402
     RIP: 0010:xfs_find_bdev_for_inode+0x23/0x2f
     Call Trace:
      xfs_iomap_swapfile_activate+0x1f/0x43
      __se_sys_swapon+0xb1a/0xee9
    
    Fix this by not assigning the real inode mapping to f_mapping, which
    will cause swapon() to return an error (-EINVAL). Although it makes
    sense not to allow setting swpafile on an overlayfs file, some users
    may depend on it, so we may need to fix this up in the future.
    
    Keeping f_mapping pointing to overlay inode mapping will cause O_DIRECT
    open to fail. Fix this by installing ovl_aops with noop_direct_IO in
    overlay inode mapping.
    
    Keeping f_mapping pointing to overlay inode mapping will cause other
    a_ops related operations to fail (e.g. readahead()). Those will be
    fixed by follow up patches.
    Suggested-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    Fixes: f7c72396 ("ovl: add O_DIRECT support")
    Signed-off-by: default avatarAmir Goldstein <amir73il@gmail.com>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    5b910bd6
file.c 10.9 KB