On Wed, Oct 30, 2024 at 11:32 AM Edward Adam Davis <eadavis@xxxxxx> wrote:
>
> When the memory is insufficient, the allocation of fh fails, which causes
> the failure to obtain the dentry fid, and finally causes the dentry encoding
> to fail.
> Retry is used to avoid the failure of fh allocation caused by temporary
> insufficient memory.
>
> #syz test
>
> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> index 2ed6ad641a20..1e027a3cf084 100644
> --- a/fs/overlayfs/copy_up.c
> +++ b/fs/overlayfs/copy_up.c
> @@ -423,15 +423,22 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
> int fh_type, dwords;
> int buflen = MAX_HANDLE_SZ;
> uuid_t *uuid = &real->d_sb->s_uuid;
> - int err;
> + int err, rtt = 0;
>
> /* Make sure the real fid stays 32bit aligned */
> BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
> BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
>
> +retry:
> fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
> - if (!fh)
> + if (!fh) {
> + if (!rtt) {
> + cond_resched();
> + rtt++;
> + goto retry;
> + }
> return ERR_PTR(-ENOMEM);
> + }
>
> /*
> * We encode a non-connectable file handle for non-dir, because we
>
This endless loop is out of the question and anyway, syzbot reported
a WARN_ON in line 448:
WARN_ON(fh_type == FILEID_INVALID))
How does that have to do with memory allocation failure?
What am I missing?
Probably this WARN_ON as well as the one in line 446 should be
relaxed because it is perfectly possible for fs to return negative or
FILEID_INVALID for encoding a file handle even if fs supports encoding
file handles.
Thanks,
Amir.
