ovl: inode reference leak in ovl_is_inuse true case.

When "ovl_is_inuse" true case, trap inode reference not put.  plus adding
the comment explaining sequence of ovl_is_inuse after ovl_setup_trap.

Fixes: 0be0bfd2de9d ("ovl: fix regression caused by overlapping layers detection")
Cc: <stable@vger.kernel.org> # v4.19+
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: youngjun <her0gyugyu@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 91476bc..498d49d 100644 (file)
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1493,14 +1493,23 @@ static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
                if (err < 0)
                        goto out;
 
+               /*
+                * Check if lower root conflicts with this overlay layers before
+                * checking if it is in-use as upperdir/workdir of "another"
+                * mount, because we do not bother to check in ovl_is_inuse() if
+                * the upperdir/workdir is in fact in-use by our
+                * upperdir/workdir.
+                */
                err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir");
                if (err)
                        goto out;
 
                if (ovl_is_inuse(stack[i].dentry)) {
                        err = ovl_report_in_use(ofs, "lowerdir");
-                       if (err)
+                       if (err) {
+                               iput(trap);
                                goto out;
+                       }
                }
 
                mnt = clone_private_mount(&stack[i]);