• David Howells's avatar
    ovl: fix dentry reference leak · 7fd58acc
    David Howells authored
    commit ab79efab upstream.
    
    In ovl_copy_up_locked(), newdentry is leaked if the function exits through
    out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
    actually release the ref on newdentry.
    
    The out_cleanup segment should instead exit through out2 as certainly
    newdentry leaks - and possibly upper does also, though this isn't caught
    given the catch of newdentry.
    
    Without this fix, something like the following is seen:
    
    	BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
    	BUG: Dentry ffff880023ece640{i=0,n=bigfile}  still in use (1) [unmount of tmpfs tmpfs]
    
    when unmounting the upper layer after an error occurred in copyup.
    
    An error can be induced by creating a big file in a lower layer with
    something like:
    
    	dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))
    
    to create a large file (4.1G).  Overlay an upper layer that is too small
    (on tmpfs might do) and then induce a copy up by opening it writably.
    Reported-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    7fd58acc
copy_up.c 9.21 KB