OverlayFS Bug?

From: Christopher Covington
Date: Thu Sep 10 2015 - 13:02:13 EST

Next message: Will Deacon: "Re: [GIT PULL] arm64: updates for 4.3"
Previous message: Kevin Hilman: "Re: [PATCH v3 02/15] mmc: host: omap_hsmmc: return on fatal errors from omap_hsmmc_reg_get"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,

The commit below causes this error message when chrooting into an overlayfs
filesystem with a 9p underlay. We're still investigating to see if this
patch is actually at fault, or just triggering something in the 9p code
that was working before when it shouldn't have been:

[ 15.072028] Unable to handle kernel paging request at virtual address 40021006c
[ 15.072869] pgd = fffffe00602a0000
[ 15.073194] [40021006c] *pgd=0000000000000000, *pud=0000000000000000, *pmd=0000000000000000
[ 15.073912] Internal error: Oops: 94000006 [#1] SMP
[ 15.074412] Modules linked in:
[ 15.075283] CPU: 0 PID: 246 Comm: chroot Not tainted 4.1.0-rc3+ #62
[ 15.075849] Hardware name: linux,dummy-virt (DT)
[ 15.076402] task: fffffe00ffe92a00 ti: fffffe00601f8000 task.ti: fffffe00601f8000
[ 15.077145] PC is at v9fs_fid_find+0x40/0x8c
[ 15.077424] LR is at v9fs_fid_find+0x2c/0x8c
[ 15.077682] pc : [<fffffe0000296aa4>] lr : [<fffffe0000296a90>] pstate: 20000145
[ 15.078048] sp : fffffe00601fbac0
[ 15.078288] x29: fffffe00601fbac0 x28: fffffe00601fbd00
[ 15.078678] x27: 0000000000000000 x26: fffffe00d002b940
[ 15.079011] x25: 0000000000000000 x24: fffffe00ff2e7338
[ 15.079343] x23: 00000000000000a0 x22: 00000000ffffffff
[ 15.079662] x21: fffffe00d002a740 x20: 00000000ffffffff
[ 15.079991] x19: 0000000000000000 x18: 000003fffffff730
[ 15.080318] x17: 00000000005798c0 x16: fffffe0000189898
[ 15.080638] x15: ffffffffffffffff x14: fffffe00008d1000
[ 15.081047] x13: 0000020000000000 x12: 0000000000000038
[ 15.081483] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
[ 15.081845] x9 : fffffdfee04fcb80 x8 : 0000000000000000
[ 15.082170] x7 : 0000000000000000 x6 : 000000000000bc56
[ 15.082498] x5 : fffffe00d002a440 x4 : fffffe0060054000
[ 15.082817] x3 : 0000000400210088 x2 : 0000000000000000
[ 15.083144] x1 : 00000000000a000a x0 : 0000000400210048
[ 15.083476]
[ 15.083637] Process chroot (pid: 246, stack limit = 0xfffffe00601f8020)
[ 15.084047] Stack: (0xfffffe00601fbac0 to 0xfffffe00601fc000)
[ 15.084721] bac0: 601fbaf0 fffffe00 00296c48 fffffe00 00000000 00000000 d002a440 fffffe00
[ 15.085247] bae0: ff2e7080 fffffe00 00296c34 fffffe00 601fbb40 fffffe00 00296e10 fffffe00
[ 15.085863] bb00: 00000000 00000000 e0066700 fffffe00 40000c00 fffffe00 ff2fb000 fffffe00
[ 15.086420] bb20: 00000000 00000000 00000000 00000000 00000041 00000000 d002b940 fffffe00
[ 15.086955] bb40: 601fbb50 fffffe00 00296e74 fffffe00 601fbb60 fffffe00 00295488 fffffe00
[ 15.087731] bb60: 601fbba0 fffffe00 00181134 fffffe00 e0066700 fffffe00 40000c00 fffffe00
[ 15.088178] bb80: e0066700 fffffe00 e0066710 fffffe00 002953e8 fffffe00 0018c03c fffffe00
[ 15.088619] bba0: 601fbbe0 fffffe00 00181fec fffffe00 e0066700 fffffe00 00020020 00000000
[ 15.089070] bbc0: e0066700 fffffe00 d002b940 fffffe00 e0043020 fffffe00 d0027080 fffffe00
[ 15.089502] bbe0: 601fbc00 fffffe00 0018f34c fffffe00 601fbe08 fffffe00 00020020 00020020
[ 15.089947] bc00: 601fbcc0 fffffe00 00191060 fffffe00 601fbd00 fffffe00 601fbe08 fffffe00
[ 15.090395] bc20: 00000001 00000000 fffffc08 000003ff fffffc30 000003ff e0067900 fffffe00
[ 15.090831] bc40: 0000011a 00000000 00000000 00000000 00612000 fffffe00 601f8000 fffffe00
[ 15.091260] bc60: 00000054 00000000 602d0290 fffffe00 00000000 00000000 00000001 00000000
[ 15.091710] bc80: 601f8000 fffffe00 00000000 00000021 00520000 00000000 601123c0 01fffe00
[ 15.092156] bca0: 00000000 00000000 d00135a0 fffffe00 e0043020 fffffe00 d002a440 fffffe00
[ 15.092610] bcc0: 601fbdd0 fffffe00 00187620 fffffe00 ffe92a00 fffffe00 60045000 fffffe00
[ 15.093077] bce0: 60045000 fffffe00 0018ef14 fffffe00 601fbdc0 fffffe00 fffffffe ffffffff
[ 15.093526] bd00: e0043020 fffffe00 d002a440 fffffe00 6c5e8994 00000007 ff2e6b80 fffffe00
[ 15.093981] bd20: e0043020 fffffe00 d002a740 fffffe00 d00135a0 fffffe00 00000101 00000000
[ 15.094442] bd40: 00000084 00000000 00000000 00000001 601fbd58 fffffe00 e0043020 fffffe00
[ 15.094900] bd60: d002ba00 fffffe00 ff2e7b40 fffffe00 00000000 00000000 d0013390 fffffe00
[ 15.095358] bd80: 00000000 fffffe00 00101148 fffffe00 e0067900 fffffe00 60045000 fffffe00
[ 15.095807] bda0: 601fbdd0 fffffe00 000d65a4 fffffe00 ffe92a00 fffffe00 60045000 fffffe00
[ 15.096250] bdc0: 00000000 00000000 00000002 ffffff9c 601fbe20 fffffe00 0018928c fffffe00
[ 15.096711] bde0: ffe92a00 fffffe00 60045000 fffffe00 ffffff9c 00000000 fffffc08 000003ff
[ 15.097164] be00: 601fbe20 fffffe00 00020020 00000000 00000021 00000100 00000001 fffffe00
[ 15.097613] be20: 601fbea0 fffffe00 00189690 fffffe00 00000000 00000000 00000000 00000000
[ 15.098057] be40: ffffffff ffffffff b7e5db98 000003ff 00000000 00000000 00000015 00000000
[ 15.098503] be60: 0000011a 00000000 000000dd 00000000 00612000 fffffe00 601f8000 fffffe00
[ 15.098933] be80: 00000000 00000000 00000000 00000000 00000000 00000000 ffe92dc0 fffffe00
[ 15.099379] bea0: 601fbeb0 fffffe00 001898b8 fffffe00 fffff960 000003ff 00093970 fffffe00
[ 15.099836] bec0: fffffc08 000003ff fffffc30 000003ff fffff937 000003ff fffffc08 000003ff
[ 15.100291] bee0: fffffc30 000003ff 00000010 00000000 ffffff48 000003ff 6e2e3974 e02e736f
[ 15.100750] bf00: fffff94d 000003ff 68637261 6c2d3436 000000dd 00000000 90d0c58a 9ed08b8f
[ 15.101201] bf20: 7f7f7f7f 7f7f7f7f 01010101 01010101 00000010 00000000 ffffffff ffffffff
[ 15.101649] bf40: 00000000 ffffffff ffffffff ffffffff b7e5e178 000003ff 005798c0 00000000
[ 15.102101] bf60: fffff730 000003ff ffffff2b 000003ff 00000000 00000000 fffffc08 000003ff
[ 15.102548] bf80: ffffff41 000003ff fffffc30 000003ff 00000061 00000000 fffff94e 000003ff
[ 15.103004] bfa0: 00000020 00000000 b7db06f0 000003ff fffff937 000003ff fffff960 000003ff
[ 15.103457] bfc0: b7e5e5f4 000003ff fffff8f0 000003ff b7e5db98 000003ff 00000000 00000000
[ 15.103912] bfe0: fffff937 000003ff 000000dd 00000000 00000000 00000000 00000000 00000000
[ 15.104406] Call trace:
[ 15.104710] [<fffffe0000296aa4>] v9fs_fid_find+0x40/0x8c
[ 15.105039] [<fffffe0000296c44>] v9fs_fid_lookup_with_uid+0xf8/0x294
[ 15.105376] [<fffffe0000296e0c>] v9fs_fid_lookup+0x2c/0x88
[ 15.105671] [<fffffe0000296e70>] v9fs_fid_clone+0x8/0x2c
[ 15.105983] [<fffffe0000295484>] v9fs_file_open+0x9c/0x140
[ 15.106313] [<fffffe0000181130>] do_dentry_open.isra.16+0x1c4/0x2ec
[ 15.106674] [<fffffe0000181fe8>] vfs_open+0x50/0x60
[ 15.106957] [<fffffe000018f348>] path_openat+0x344/0xe50
[ 15.107258] [<fffffe000019105c>] do_filp_open+0x60/0xdc
[ 15.107604] [<fffffe000018761c>] do_open_execat+0x64/0x178
[ 15.107950] [<fffffe0000189288>] do_execveat_common+0x1b0/0x598
[ 15.108310] [<fffffe000018968c>] do_execve+0x1c/0x28
[ 15.108686] [<fffffe00001898b4>] SyS_execve+0x1c/0x2c
[ 15.109147] Code: b4000263 d1010060 b4000120 35000113 (b9402403)
[ 15.110138] ---[ end trace 906aabc092a718a3 ]---

4bacc9c9234c7c8eec44f5ed4e960d9f96fa0f01 is the first bad commit
commit 4bacc9c9234c7c8eec44f5ed4e960d9f96fa0f01
Author: David Howells <dhowells@xxxxxxxxxx>
Date: Thu Jun 18 14:32:31 2015 +0100

overlayfs: Make f_path always point to the overlay and f_inode to the underlay

Make file->f_path always point to the overlay dentry so that the path in
/proc/pid/fd is correct and to ensure that label-based LSMs have access to the
overlay as well as the underlay (path-based LSMs probably don't need it).

Using my union testsuite to set things up, before the patch I see:

[root@andromeda union-testsuite]# bash 5</mnt/a/foo107
[root@andromeda union-testsuite]# ls -l /proc/$$/fd/
...
lr-x------. 1 root root 64 Jun 5 14:38 5 -> /a/foo107
[root@andromeda union-testsuite]# stat /mnt/a/foo107
...
Device: 23h/35d Inode: 13381 Links: 1
...
[root@andromeda union-testsuite]# stat -L /proc/$$/fd/5
...
Device: 23h/35d Inode: 13381 Links: 1
...

After the patch:

[root@andromeda union-testsuite]# bash 5</mnt/a/foo107
[root@andromeda union-testsuite]# ls -l /proc/$$/fd/
...
lr-x------. 1 root root 64 Jun 5 14:22 5 -> /mnt/a/foo107
[root@andromeda union-testsuite]# stat /mnt/a/foo107
...
Device: 23h/35d Inode: 40346 Links: 1
...
[root@andromeda union-testsuite]# stat -L /proc/$$/fd/5
...
Device: 23h/35d Inode: 40346 Links: 1
...

Note the change in where /proc/$$/fd/5 points to in the ls command. It was
pointing to /a/foo107 (which doesn't exist) and now points to /mnt/a/foo107
(which is correct).

The inode accessed, however, is the lower layer. The union layer is on device
25h/37d and the upper layer on 24h/36d.

Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

Thanks,
Christopher Covington

--
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Will Deacon: "Re: [GIT PULL] arm64: updates for 4.3"
Previous message: Kevin Hilman: "Re: [PATCH v3 02/15] mmc: host: omap_hsmmc: return on fatal errors from omap_hsmmc_reg_get"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]