bisecting fixing commit since 037904a22bf8b2c999a6e2a8ba971b549c1e9600 building syzkaller on b617407b25b37a7a8efa47127005d1f20dd0abe1 testing commit 037904a22bf8b2c999a6e2a8ba971b549c1e9600 with gcc (GCC) 8.1.0 kernel signature: 6f64238b668a345c79e55052c11a6226921f22f2 all runs: crashed: WARNING in ovl_rename testing current HEAD 2f13437b8917627119d163d62f73e7a78a92303a testing commit 2f13437b8917627119d163d62f73e7a78a92303a with gcc (GCC) 8.1.0 kernel signature: 940a62321053fd2353a3a71f70bbd91b35308cb2 all runs: OK # git bisect start 2f13437b8917627119d163d62f73e7a78a92303a 037904a22bf8b2c999a6e2a8ba971b549c1e9600 Bisecting: 29290 revisions left to test after this (roughly 15 steps) [4e3f12d866092444758953c197344d30ff99f904] drm/i915: Move gmbus definitions out of i915_reg.h testing commit 4e3f12d866092444758953c197344d30ff99f904 with gcc (GCC) 8.1.0 kernel signature: 48539782626e82e584cd10070e991dfcde8783dc all runs: boot failed: general protection fault in dma_direct_max_mapping_size # git bisect skip 4e3f12d866092444758953c197344d30ff99f904 Bisecting: 29290 revisions left to test after this (roughly 15 steps) [fd14f4436fd47d5418023c90e933e66d3645552e] ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs testing commit fd14f4436fd47d5418023c90e933e66d3645552e with gcc (GCC) 8.1.0 kernel signature: affbd5265e531a8ce484c9e55cc4f79a26ccf453 all runs: crashed: WARNING in ovl_rename # git bisect good fd14f4436fd47d5418023c90e933e66d3645552e Bisecting: 22527 revisions left to test after this (roughly 15 steps) [6cfae0c26b21dce323fe8799b66cf4bc996e3565] Merge tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 6cfae0c26b21dce323fe8799b66cf4bc996e3565 with gcc (GCC) 8.1.0 kernel signature: 44e34b45e2470890c2a2ac4228d2da8d6628f8b3 all runs: OK # git bisect bad 6cfae0c26b21dce323fe8799b66cf4bc996e3565 Bisecting: 10436 revisions left to test after this (roughly 14 steps) [be8454afc50f43016ca8b6130d9673bdd0bd56ec] Merge tag 'drm-next-2019-07-16' of git://anongit.freedesktop.org/drm/drm testing commit be8454afc50f43016ca8b6130d9673bdd0bd56ec with gcc (GCC) 8.1.0 kernel signature: 5b295f81ca7d12dee25370e23ea429276d83951b all runs: OK # git bisect bad be8454afc50f43016ca8b6130d9673bdd0bd56ec Bisecting: 6975 revisions left to test after this (roughly 13 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 kernel signature: be3b2ca5932a1da71cdfeba4890663f3621c5584 all runs: OK # git bisect bad 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 2591 revisions left to test after this (roughly 11 steps) [13324c42c1401ad838208ee1e98f3821fce1cd86] Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 13324c42c1401ad838208ee1e98f3821fce1cd86 with gcc (GCC) 8.1.0 kernel signature: ad5159bf371440daf6a80e3d4ba513a1d98668cd all runs: OK # git bisect bad 13324c42c1401ad838208ee1e98f3821fce1cd86 Bisecting: 1302 revisions left to test after this (roughly 10 steps) [0d53827d7c172f1345140f7638fe658bda1bb25d] thunderbolt: Implement CIO reset correctly for Titan Ridge testing commit 0d53827d7c172f1345140f7638fe658bda1bb25d with gcc (GCC) 8.1.0 kernel signature: b73671d855c1ddf700fa2b265bcf5d4c485b5d92 all runs: OK # git bisect bad 0d53827d7c172f1345140f7638fe658bda1bb25d Bisecting: 667 revisions left to test after this (roughly 9 steps) [2209a3055d6f366eeb070c217491afe855d3f389] Merge tag 'staging-5.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 2209a3055d6f366eeb070c217491afe855d3f389 with gcc (GCC) 8.1.0 kernel signature: e9eea5d73f3a59bb250ba69f09e215372f80e6d5 all runs: crashed: WARNING in ovl_rename # git bisect good 2209a3055d6f366eeb070c217491afe855d3f389 Bisecting: 333 revisions left to test after this (roughly 8 steps) [d2d19cfa8988a3f5b7c92d137382520ca65ed34f] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 395 testing commit d2d19cfa8988a3f5b7c92d137382520ca65ed34f with gcc (GCC) 8.1.0 kernel signature: 4f92daae6dfade1555e22c44ec5214298be0acd0 all runs: crashed: WARNING in ovl_rename # git bisect good d2d19cfa8988a3f5b7c92d137382520ca65ed34f Bisecting: 174 revisions left to test after this (roughly 7 steps) [d4425649c63018e96e5402807c9e7bc5272f7b3b] Merge tag 'hwmon-for-v5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging testing commit d4425649c63018e96e5402807c9e7bc5272f7b3b with gcc (GCC) 8.1.0 kernel signature: 87567ba331c236ed473c5907ca8047a9c29c76c5 all runs: OK # git bisect bad d4425649c63018e96e5402807c9e7bc5272f7b3b Bisecting: 81 revisions left to test after this (roughly 6 steps) [16d72dd4891fecc1e1bf7ca193bb7d5b9804c038] Merge branch 'parisc-5.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 16d72dd4891fecc1e1bf7ca193bb7d5b9804c038 with gcc (GCC) 8.1.0 kernel signature: b40be1b134af13d1e5f9278e3f1aabd2a0311dab all runs: OK # git bisect bad 16d72dd4891fecc1e1bf7ca193bb7d5b9804c038 Bisecting: 39 revisions left to test after this (roughly 5 steps) [156c05917e0920ef5643eb54c0ea71aae5d60c3d] Merge tag 'linux-kselftest-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit 156c05917e0920ef5643eb54c0ea71aae5d60c3d with gcc (GCC) 8.1.0 kernel signature: 8a5641a37b9da1937cbce2789d2710be795f8196 all runs: crashed: WARNING in ovl_rename # git bisect good 156c05917e0920ef5643eb54c0ea71aae5d60c3d Bisecting: 20 revisions left to test after this (roughly 4 steps) [211758573b01f4cd27308464573d112ef85e0e1a] Merge tag 'fuse-fixes-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 211758573b01f4cd27308464573d112ef85e0e1a with gcc (GCC) 8.1.0 kernel signature: f34709c6a2b7a10453d8424a6bda26e924372d68 all runs: crashed: WARNING in ovl_rename # git bisect good 211758573b01f4cd27308464573d112ef85e0e1a Bisecting: 11 revisions left to test after this (roughly 3 steps) [01047631df813f6247185547c3778c80af088a20] Merge tag 'xfs-5.2-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 01047631df813f6247185547c3778c80af088a20 with gcc (GCC) 8.1.0 kernel signature: e75ed251eafe966ab639fb823c22a90d2c3e7c8b all runs: OK # git bisect bad 01047631df813f6247185547c3778c80af088a20 Bisecting: 4 revisions left to test after this (roughly 2 steps) [5d6b501fe5421c5df662e2935f55f5e3d2b5e012] Merge tag 'ovl-fixes-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 5d6b501fe5421c5df662e2935f55f5e3d2b5e012 with gcc (GCC) 8.1.0 kernel signature: 419e3aca2a274ee09ae97d5785273f926e279fda all runs: OK # git bisect bad 5d6b501fe5421c5df662e2935f55f5e3d2b5e012 Bisecting: 1 revision left to test after this (roughly 1 step) [146d62e5a5867fbf84490d82455718bfb10fe824] ovl: detect overlapping layers testing commit 146d62e5a5867fbf84490d82455718bfb10fe824 with gcc (GCC) 8.1.0 kernel signature: ae239528d7ad259b96da126b9718a02ae1a77684 all runs: OK # git bisect bad 146d62e5a5867fbf84490d82455718bfb10fe824 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b21d9c435f935014d3e3fa6914f2e4fbabb0e94d] ovl: support the FS_IOC_FS[SG]ETXATTR ioctls testing commit b21d9c435f935014d3e3fa6914f2e4fbabb0e94d with gcc (GCC) 8.1.0 kernel signature: 284745ec6e82cb36fbc5889d88e10cb1c79fcd9a all runs: crashed: WARNING in ovl_rename # git bisect good b21d9c435f935014d3e3fa6914f2e4fbabb0e94d 146d62e5a5867fbf84490d82455718bfb10fe824 is the first bad commit commit 146d62e5a5867fbf84490d82455718bfb10fe824 Author: Amir Goldstein Date: Thu Apr 18 17:42:08 2019 +0300 ovl: detect overlapping layers Overlapping overlay layers are not supported and can cause unexpected behavior, but overlayfs does not currently check or warn about these configurations. User is not supposed to specify the same directory for upper and lower dirs or for different lower layers and user is not supposed to specify directories that are descendants of each other for overlay layers, but that is exactly what this zysbot repro did: https://syzkaller.appspot.com/x/repro.syz?x=12c7a94f400000 Moving layer root directories into other layers while overlayfs is mounted could also result in unexpected behavior. This commit places "traps" in the overlay inode hash table. Those traps are dummy overlay inodes that are hashed by the layers root inodes. On mount, the hash table trap entries are used to verify that overlay layers are not overlapping. While at it, we also verify that overlay layers are not overlapping with directories "in-use" by other overlay instances as upperdir/workdir. On lookup, the trap entries are used to verify that overlay layers root inodes have not been moved into other layers after mount. Some examples: $ ./run --ov --samefs -s ... ( mkdir -p base/upper/0/u base/upper/0/w base/lower lower upper mnt mount -o bind base/lower lower mount -o bind base/upper upper mount -t overlay none mnt ... -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w) $ umount mnt $ mount -t overlay none mnt ... -o lowerdir=base,upperdir=upper/0/u,workdir=upper/0/w [ 94.434900] overlayfs: overlapping upperdir path mount: mount overlay on mnt failed: Too many levels of symbolic links $ mount -t overlay none mnt ... -o lowerdir=upper/0/u,upperdir=upper/0/u,workdir=upper/0/w [ 151.350132] overlayfs: conflicting lowerdir path mount: none is already mounted or mnt busy $ mount -t overlay none mnt ... -o lowerdir=lower:lower/a,upperdir=upper/0/u,workdir=upper/0/w [ 201.205045] overlayfs: overlapping lowerdir path mount: mount overlay on mnt failed: Too many levels of symbolic links $ mount -t overlay none mnt ... -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w $ mv base/upper/0/ base/lower/ $ find mnt/0 mnt/0 mnt/0/w find: 'mnt/0/w/work': Too many levels of symbolic links find: 'mnt/0/u': Too many levels of symbolic links Reported-by: syzbot+9c69c282adc4edd2b540@syzkaller.appspotmail.com Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/inode.c | 48 ++++++++++++++ fs/overlayfs/namei.c | 8 +++ fs/overlayfs/overlayfs.h | 3 + fs/overlayfs/ovl_entry.h | 6 ++ fs/overlayfs/super.c | 169 ++++++++++++++++++++++++++++++++++++++++++----- fs/overlayfs/util.c | 12 ++++ 6 files changed, 229 insertions(+), 17 deletions(-) kernel signature: ae239528d7ad259b96da126b9718a02ae1a77684 previous signature: 284745ec6e82cb36fbc5889d88e10cb1c79fcd9a revisions tested: 19, total time: 5h18m34.737351035s (build: 1h49m30.757115005s, test: 3h26m32.384099851s) first good commit: 146d62e5a5867fbf84490d82455718bfb10fe824 ovl: detect overlapping layers cc: ["amir73il@gmail.com" "linux-kernel@vger.kernel.org" "linux-unionfs@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"]