From 8406ba7d843c448d22bdc097f8272b71e318819b Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 3 Aug 2016 16:55:05 -0700 Subject: [PATCH] sys-kernel/coreos-sources: add overlayfs deadlock patch --- ...1.ebuild => coreos-kernel-4.7.0-r2.ebuild} | 2 +- ....ebuild => coreos-modules-4.7.0-r2.ebuild} | 2 +- ....ebuild => coreos-sources-4.7.0-r1.ebuild} | 1 + ...ck-in-file_remove_privs-on-overlayfs.patch | 47 +++++++++++++++++++ 4 files changed, 50 insertions(+), 2 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.7.0-r1.ebuild => coreos-kernel-4.7.0-r2.ebuild} (98%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-4.7.0-r1.ebuild => coreos-modules-4.7.0-r2.ebuild} (98%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.7.0.ebuild => coreos-sources-4.7.0-r1.ebuild} (96%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.7/z0021-vfs-fix-deadlock-in-file_remove_privs-on-overlayfs.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r2.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r2.ebuild index 2fe3d5d496..1a6a9c3550 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.7.0-r2.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel DESCRIPTION="CoreOS Linux kernel" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r2.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r2.ebuild index 7f29f4a5e0..eb90255377 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.7.0-r2.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="" +COREOS_SOURCE_REVISION="-r1" inherit coreos-kernel savedconfig DESCRIPTION="CoreOS Linux kernel modules" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0-r1.ebuild similarity index 96% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0-r1.ebuild index acb91de445..2669aba566 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.7.0-r1.ebuild @@ -42,4 +42,5 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0018-SELinux-Check-against-union-label-for-file-operation.patch \ ${PATCH_DIR}/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \ ${PATCH_DIR}/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \ + ${PATCH_DIR}/z0021-vfs-fix-deadlock-in-file_remove_privs-on-overlayfs.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.7/z0021-vfs-fix-deadlock-in-file_remove_privs-on-overlayfs.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.7/z0021-vfs-fix-deadlock-in-file_remove_privs-on-overlayfs.patch new file mode 100644 index 0000000000..5859c2bf45 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.7/z0021-vfs-fix-deadlock-in-file_remove_privs-on-overlayfs.patch @@ -0,0 +1,47 @@ +From bfae341a7c75db3a82912217236924d4cbb87448 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Wed, 3 Aug 2016 13:44:27 +0200 +Subject: [PATCH 21/21] vfs: fix deadlock in file_remove_privs() on overlayfs + +file_remove_privs() is called with inode lock on file_inode(), which +proceeds to calling notify_change() on file->f_path.dentry. Which triggers +the WARN_ON_ONCE(!inode_is_locked(inode)) in addition to deadlocking later +when ovl_setattr tries to lock the underlying inode again. + +Fix this mess by not mixing the layers, but doing everything on underlying +dentry/inode. + +Signed-off-by: Miklos Szeredi +Fixes: 07a2daab49c5 ("ovl: Copy up underlying inode's ->i_mode to overlay inode") +Cc: +--- + fs/inode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/fs/inode.c b/fs/inode.c +index 4ccbc21..68db390 100644 +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -1740,8 +1740,8 @@ static int __remove_privs(struct dentry *dentry, int kill) + */ + int file_remove_privs(struct file *file) + { +- struct dentry *dentry = file->f_path.dentry; +- struct inode *inode = d_inode(dentry); ++ struct dentry *dentry = file_dentry(file); ++ struct inode *inode = file_inode(file); + int kill; + int error = 0; + +@@ -1749,7 +1749,7 @@ int file_remove_privs(struct file *file) + if (IS_NOSEC(inode)) + return 0; + +- kill = file_needs_remove_privs(file); ++ kill = dentry_needs_remove_privs(dentry); + if (kill < 0) + return kill; + if (kill) +-- +2.4.10 +