From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> This reverts commit a3f8a2b13a277d942c810d2ccc654d5bc824a430 which is commit 07aeefae7ff44d80524375253980b1bdee2396b0 upstream. It is reported to part of a series that causes problems in the 6.6.y tree, so revert it at this point in time and it can come back later if still needed. Reported-by: Ignat Korchagin <ignat@xxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/ACD4D6CC-C4D5-4657-A805-03C34559046E@xxxxxxxxxxxxxx Cc: Dmitry Safonov <dima@xxxxxxxxxx> Cc: Amir Goldstein <amir73il@xxxxxxxxx> Cc: Christian Brauner <brauner@xxxxxxxxxx> Cc: Sasha Levin <sashal@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/overlayfs/copy_up.c | 11 +++++------ fs/overlayfs/export.c | 5 ++--- fs/overlayfs/namei.c | 4 ++-- fs/overlayfs/overlayfs.h | 2 +- 4 files changed, 10 insertions(+), 12 deletions(-) --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -371,13 +371,13 @@ int ovl_set_attr(struct ovl_fs *ofs, str return err; } -struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, +struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, bool is_upper) { struct ovl_fh *fh; int fh_type, dwords; int buflen = MAX_HANDLE_SZ; - uuid_t *uuid = &realinode->i_sb->s_uuid; + uuid_t *uuid = &real->d_sb->s_uuid; int err; /* Make sure the real fid stays 32bit aligned */ @@ -394,8 +394,7 @@ struct ovl_fh *ovl_encode_real_fh(struct * the price or reconnecting the dentry. */ dwords = buflen >> 2; - fh_type = exportfs_encode_inode_fh(realinode, (void *)fh->fb.fid, - &dwords, NULL, 0); + fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0); buflen = (dwords << 2); err = -EIO; @@ -437,7 +436,7 @@ struct ovl_fh *ovl_get_origin_fh(struct if (!ovl_can_decode_fh(origin->d_sb)) return NULL; - return ovl_encode_real_fh(ofs, d_inode(origin), false); + return ovl_encode_real_fh(ofs, origin, false); } int ovl_set_origin_fh(struct ovl_fs *ofs, const struct ovl_fh *fh, @@ -462,7 +461,7 @@ static int ovl_set_upper_fh(struct ovl_f const struct ovl_fh *fh; int err; - fh = ovl_encode_real_fh(ofs, d_inode(upper), true); + fh = ovl_encode_real_fh(ofs, upper, true); if (IS_ERR(fh)) return PTR_ERR(fh); --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -228,7 +228,6 @@ static int ovl_check_encode_origin(struc static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry, u32 *fid, int buflen) { - struct inode *inode = d_inode(dentry); struct ovl_fh *fh = NULL; int err, enc_lower; int len; @@ -242,8 +241,8 @@ static int ovl_dentry_to_fid(struct ovl_ goto fail; /* Encode an upper or lower file handle */ - fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_inode_lower(inode) : - ovl_inode_upper(inode), !enc_lower); + fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_dentry_lower(dentry) : + ovl_dentry_upper(dentry), !enc_lower); if (IS_ERR(fh)) return PTR_ERR(fh); --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -536,7 +536,7 @@ int ovl_verify_origin_xattr(struct ovl_f struct ovl_fh *fh; int err; - fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper); + fh = ovl_encode_real_fh(ofs, real, is_upper); err = PTR_ERR(fh); if (IS_ERR(fh)) { fh = NULL; @@ -732,7 +732,7 @@ int ovl_get_index_name(struct ovl_fs *of struct ovl_fh *fh; int err; - fh = ovl_encode_real_fh(ofs, d_inode(origin), false); + fh = ovl_encode_real_fh(ofs, origin, false); if (IS_ERR(fh)) return PTR_ERR(fh); --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -832,7 +832,7 @@ int ovl_copy_up_with_data(struct dentry int ovl_maybe_copy_up(struct dentry *dentry, int flags); int ovl_copy_xattr(struct super_block *sb, const struct path *path, struct dentry *new); int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upper, struct kstat *stat); -struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct inode *realinode, +struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, bool is_upper); struct ovl_fh *ovl_get_origin_fh(struct ovl_fs *ofs, struct dentry *origin); int ovl_set_origin_fh(struct ovl_fs *ofs, const struct ovl_fh *fh, Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are queue-6.6/vsock-virtio-cancel-close-work-in-the-destructor.patch queue-6.6/mptcp-fix-spurious-wake-up-on-under-memory-pressure.patch queue-6.6/zram-fix-potential-uaf-of-zram-table.patch queue-6.6/pmdomain-imx8mp-blk-ctrl-add-missing-loop-break-condition.patch queue-6.6/revert-pci-use-preserve_config-in-place-of-pci_flags.patch queue-6.6/mptcp-be-sure-to-send-ack-when-mptcp-level-window-re-opens.patch queue-6.6/revert-ovl-support-encoding-fid-from-inode-with-no-alias.patch queue-6.6/drm-amd-display-fix-out-of-bounds-access-in-dcn21_link_encoder_create.patch queue-6.6/irqchip-plug-a-of-node-reference-leak-in-platform_irqchip_probe.patch queue-6.6/vsock-prevent-null-ptr-deref-in-vsock_.patch queue-6.6/drm-i915-fb-relax-clear-color-alignment-to-64-bytes.patch queue-6.6/alsa-hda-realtek-add-support-for-ayaneo-system-using-cs35l41-hda.patch queue-6.6/net-ethernet-xgbe-re-add-aneg-to-supported-features-in-phy-quirks.patch queue-6.6/irqchip-gic-v3-its-don-t-enable-interrupts-in-its_irq_set_vcpu_affinity.patch queue-6.6/filemap-avoid-truncating-64-bit-offset-to-32-bits.patch queue-6.6/irqchip-gic-v3-handle-cpu_pm_enter_failed-correctly.patch queue-6.6/iio-imu-inv_icm42600-fix-spi-burst-write-not-supported.patch queue-6.6/block-fix-uaf-for-flush-rq-while-iterating-tags.patch queue-6.6/hrtimers-handle-cpu-state-correctly-on-hotplug.patch queue-6.6/vsock-reset-socket-state-when-de-assigning-the-transport.patch queue-6.6/revert-ovl-pass-realinode-to-ovl_encode_real_fh-instead-of-realdentry.patch queue-6.6/vsock-virtio-discard-packets-if-the-transport-changes.patch queue-6.6/nouveau-fence-handle-cross-device-fences-properly.patch queue-6.6/i2c-atr-fix-client-detach.patch queue-6.6/revert-ovl-do-not-encode-lower-fh-with-upper-sb_writers-held.patch queue-6.6/gpio-xilinx-convert-gpio_lock-to-raw-spinlock.patch queue-6.6/fs-proc-fix-softlockup-in-__read_vmcore-part-2.patch queue-6.6/selftests-mptcp-avoid-spurious-errors-on-disconnect.patch queue-6.6/drm-amdgpu-always-sync-the-gfx-pipe-on-ctx-switch.patch queue-6.6/ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch queue-6.6/vsock-bpf-return-early-if-transport-is-not-assigned.patch
