From: Amir Goldstein <amir73il@gmail.com> mainline inclusion from mainline-v6.7-rc1 commit f7621b11e8acc8efa208c9420ff3ecb198b20e29 category: feature bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBHLU4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- ovl_copyattr() may be called concurrently from aio completion context without any lock and that could lead to overlay inode attributes getting permanently out of sync with real inode attributes. Use ovl inode spinlock to protect ovl_copyattr(). Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com> --- fs/overlayfs/util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 0bf3ffcd072f..3bc4a6bc582e 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -1406,6 +1406,7 @@ void ovl_copyattr(struct inode *inode) realinode = ovl_i_path_real(inode, &realpath); real_idmap = mnt_idmap(realpath.mnt); + spin_lock(&inode->i_lock); vfsuid = i_uid_into_vfsuid(real_idmap, realinode); vfsgid = i_gid_into_vfsgid(real_idmap, realinode); @@ -1416,4 +1417,5 @@ void ovl_copyattr(struct inode *inode) inode->i_mtime = realinode->i_mtime; inode_set_ctime_to_ts(inode, inode_get_ctime(realinode)); i_size_write(inode, i_size_read(realinode)); + spin_unlock(&inode->i_lock); } -- 2.39.2