[PATCH] ovl: provide real_file() for use by hugetlb and mmap
From: Mike Kravetz
Date: Mon May 18 2020 - 18:29:12 EST
If a file is on a union/overlay, then the 'struct file *' will have
overlayfs file operations. The routine is_file_hugepages() compares
f->f_op to hugetlbfs_file_operations to determine if it is a hugetlbfs
file. If a hugetlbfs file is on a union/overlay, this comparison is
false and is_file_hugepages() incorrectly indicates the underlying
file is not hugetlbfs. One result of this is a BUG as shown in [1].
mmap uses is_file_hugepages() because hugetlbfs files have different
alignment restrictions. In addition, mmap code would like to use the
filesystem specific get_unmapped_area() routine if one is defined.
To address this issue, add a new routine real_file() which will return
the underlying file. Update is_file_hugepages and mmap code to get the
real file.
[1] https://lore.kernel.org/linux-mm/000000000000b4684e05a2968ca6@xxxxxxxxxx/
Reported-by: syzbot+d6ec23007e951dadf3de@xxxxxxxxxxxxxxxxxxxxxxxxx
Suggested-by: Miklos Szeredi <miklos@xxxxxxxxxx>
Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
---
include/linux/hugetlb.h | 3 +++
include/linux/overlayfs.h | 27 +++++++++++++++++++++++++++
mm/mmap.c | 2 ++
3 files changed, 32 insertions(+)
create mode 100644 include/linux/overlayfs.h
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index 43a1cef8f0f1..fb22c0a7474a 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -9,6 +9,7 @@
#include <linux/cgroup.h>
#include <linux/list.h>
#include <linux/kref.h>
+#include <linux/overlayfs.h>
#include <asm/pgtable.h>
struct ctl_table;
@@ -437,6 +438,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size, vm_flags_t acct,
static inline bool is_file_hugepages(struct file *file)
{
+ file = real_file(file);
+
if (file->f_op == &hugetlbfs_file_operations)
return true;
diff --git a/include/linux/overlayfs.h b/include/linux/overlayfs.h
new file mode 100644
index 000000000000..eecdfda0286f
--- /dev/null
+++ b/include/linux/overlayfs.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_OVERLAYFS_H
+#define _LINUX_OVERLAYFS_H
+
+#include <linux/fs.h>
+
+extern const struct file_operations ovl_file_operations;
+
+#ifdef CONFIG_OVERLAY_FS
+/*
+ * If file is on a union/overlay, then return the underlying real file.
+ * Otherwise return the file itself.
+ */
+static inline struct file *real_file(struct file *file)
+{
+ while (unlikely(file->f_op == &ovl_file_operations))
+ file = file->private_data;
+ return file;
+}
+#else
+static inline struct file *real_file(struct file *file)
+{
+ return file;
+}
+#endif
+
+#endif /* _LINUX_OVERLAYFS_H */
diff --git a/mm/mmap.c b/mm/mmap.c
index f609e9ec4a25..7f45a4057a15 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -47,6 +47,7 @@
#include <linux/pkeys.h>
#include <linux/oom.h>
#include <linux/sched/mm.h>
+#include <linux/overlayfs.h>
#include <linux/uaccess.h>
#include <asm/cacheflush.h>
@@ -2203,6 +2204,7 @@ get_unmapped_area(struct file *file, unsigned long addr, unsigned long len,
get_area = current->mm->get_unmapped_area;
if (file) {
+ file = real_file(file);
if (file->f_op->get_unmapped_area)
get_area = file->f_op->get_unmapped_area;
} else if (flags & MAP_SHARED) {
--
2.25.4