ovl: check dentry positiveness in ovl_cleanup_whiteouts()
authorKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
Mon, 16 Nov 2015 15:44:11 +0000 (18:44 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Feb 2016 20:01:24 +0000 (12:01 -0800)
commit 84889d49335627bc770b32787c1ef9ebad1da232 upstream.

This patch fixes kernel crash at removing directory which contains
whiteouts from lower layers.

Cache of directory content passed as "list" contains entries from all
layers, including whiteouts from lower layers. So, lookup in upper dir
(moved into work at this stage) will return negative entry. Plus this
cache is filled long before and we can race with external removal.

Example:
 mkdir -p lower0/dir lower1/dir upper work overlay
 touch lower0/dir/a lower0/dir/b
 mknod lower1/dir/a c 0 0
 mount -t overlay none overlay -o lowerdir=lower1:lower0,upperdir=upper,workdir=work
 rm -fr overlay/dir

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/overlayfs/readdir.c

index 70e9af5516004d20188ca0757110fe5bf203d19f..adcb1398c48128682875b2ff4a6b42d95c1e116e 100644 (file)
@@ -571,7 +571,8 @@ void ovl_cleanup_whiteouts(struct dentry *upper, struct list_head *list)
                               (int) PTR_ERR(dentry));
                        continue;
                }
-               ovl_cleanup(upper->d_inode, dentry);
+               if (dentry->d_inode)
+                       ovl_cleanup(upper->d_inode, dentry);
                dput(dentry);
        }
        mutex_unlock(&upper->d_inode->i_mutex);