Re: crash inside ovl_encode_real_fh() due to NULL dentry pointer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 13 Jun 2024 at 03:32, Youzhong Yang <youzhong@xxxxxxxxx> wrote:
> I analyzed the crash dump, here is what I figured out:
> - The overlay fs is mounted with only 2 lowerdirs, and nfs_export=on
> - When ovl_dentry_to_fid() is called on the root dentry:
>    - ovl_check_encode_origin(dentry) returns 0 as euc_lower (I believe
> it should return 1 in this case)
>    - "enc_lower ? ovl_dentry_lower(dentry) : ovl_dentry_upper(dentry)"
> evaluates to NULL
>    - NULL is passed as the second argument to ovl_encode_real_fh(), so
> it crashes

Thank you for the excellent report.

The attached patch (untested) should fix it.

Thanks,
Miklos
---
 fs/overlayfs/export.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -181,6 +181,10 @@ static int ovl_check_encode_origin(struc
 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
 	bool decodable = ofs->config.nfs_export;
 
+	/* No upper layer? */
+	if (!ovl_upper_mnt(ofs))
+		return 1;
+
 	/* Lower file handle for non-upper non-decodable */
 	if (!ovl_dentry_upper(dentry) && !decodable)
 		return 1;
@@ -209,7 +213,7 @@ static int ovl_check_encode_origin(struc
 	 * ovl_connect_layer() will try to make origin's layer "connected" by
 	 * copying up a "connectable" ancestor.
 	 */
-	if (d_is_dir(dentry) && ovl_upper_mnt(ofs) && decodable)
+	if (d_is_dir(dentry) && decodable)
 		return ovl_connect_layer(dentry);
 
 	/* Lower file handle for indexed and non-upper dir/non-dir */

[Index of Archives]     [Linux Filesystems Devel]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux