| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <243f57b8-246f-47e7-9fb1-27a771e8e9e8@gmail.com>
Date: Thu, 8 Jan 2026 17:14:40 +0800
From: Sheng Yong <shengyong2021@...il.com>
To: Gao Xiang <hsiangkao@...ux.alibaba.com>, linux-erofs@...ts.ozlabs.org
Cc: shengyong2021@...il.com, shengyong1@...omi.com,
LKML <linux-kernel@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Dusty Mabe <dusty@...tymabe.com>, Timothée Ravier
<tim@...sm.fr>, Alekséi Naidénov <an@...italtide.io>,
Amir Goldstein <amir73il@...il.com>, Alexander Larsson <alexl@...hat.com>,
Christian Brauner <brauner@...nel.org>, Miklos Szeredi
<mszeredi@...hat.com>, Zhiguo Niu <niuzhiguo84@...il.com>
Subject: Re: [PATCH v3 RESEND] erofs: don't bother with s_stack_depth
increasing for now
On 1/8/26 11:07, Gao Xiang wrote:
> Previously, commit d53cd891f0e4 ("erofs: limit the level of fs stacking
> for file-backed mounts") bumped `s_stack_depth` by one to avoid kernel
> stack overflow when stacking an unlimited number of EROFS on top of
> each other.
>
> This fix breaks composefs mounts, which need EROFS+ovl^2 sometimes
> (and such setups are already used in production for quite a long time).
>
> One way to fix this regression is to bump FILESYSTEM_MAX_STACK_DEPTH
> from 2 to 3, but proving that this is safe in general is a high bar.
>
> After a long discussion on GitHub issues [1] about possible solutions,
> one conclusion is that there is no need to support nesting file-backed
> EROFS mounts on stacked filesystems, because there is always the option
> to use loopback devices as a fallback.
>
> As a quick fix for the composefs regression for this cycle, instead of
> bumping `s_stack_depth` for file backed EROFS mounts, we disallow
> nesting file-backed EROFS over EROFS and over filesystems with
> `s_stack_depth` > 0.
>
> This works for all known file-backed mount use cases (composefs,
> containerd, and Android APEX for some Android vendors), and the fix is
> self-contained.
>
> Essentially, we are allowing one extra unaccounted fs stacking level of
> EROFS below stacking filesystems, but EROFS can only be used in the read
> path (i.e. overlayfs lower layers), which typically has much lower stack
> usage than the write path.
>
> We can consider increasing FILESYSTEM_MAX_STACK_DEPTH later, after more
> stack usage analysis or using alternative approaches, such as splitting
> the `s_stack_depth` limitation according to different combinations of
> stacking.
>
> Fixes: d53cd891f0e4 ("erofs: limit the level of fs stacking for file-backed mounts")
> Reported-and-tested-by: Dusty Mabe <dusty@...tymabe.com>
> Reported-by: Timothée Ravier <tim@...sm.fr>
> Closes: https://github.com/coreos/fedora-coreos-tracker/issues/2087 [1]
> Reported-by: "Alekséi Naidénov" <an@...italtide.io>
> Closes: https://lore.kernel.org/r/CAFHtUiYv4+=+JP_-JjARWjo6OwcvBj1wtYN=z0QXwCpec9sXtg@mail.gmail.com
> Acked-by: Amir Goldstein <amir73il@...il.com>
> Acked-by: Alexander Larsson <alexl@...hat.com>
> Cc: Christian Brauner <brauner@...nel.org>
> Cc: Miklos Szeredi <mszeredi@...hat.com>
> Cc: Sheng Yong <shengyong1@...omi.com>
> Cc: Zhiguo Niu <niuzhiguo84@...il.com>
> Signed-off-by: Gao Xiang <hsiangkao@...ux.alibaba.com>
Reviewed-and-tested-by: Sheng Yong <shengyong1@...omi.com>
I tested the APEX scenario on an Android phone. APEX images are
filebacked-mounted correctly. And for a stacked APEX testcase,
it reports error as expected.
thanks,
shengyong
> ---
> v2->v3 RESEND:
> - Exclude bdev-backed EROFS mounts since it will be a real terminal fs
> as pointed out by Sheng Yong (APEX will rely on this);
>
> - Preserve previous "Acked-by:" and "Tested-by:" since it's trivial.
>
> fs/erofs/super.c | 19 +++++++++++++------
> 1 file changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/fs/erofs/super.c b/fs/erofs/super.c
> index 937a215f626c..5136cda5972a 100644
> --- a/fs/erofs/super.c
> +++ b/fs/erofs/super.c
> @@ -644,14 +644,21 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc)
> * fs contexts (including its own) due to self-controlled RO
> * accesses/contexts and no side-effect changes that need to
> * context save & restore so it can reuse the current thread
> - * context. However, it still needs to bump `s_stack_depth` to
> - * avoid kernel stack overflow from nested filesystems.
> + * context.
> + * However, we still need to prevent kernel stack overflow due
> + * to filesystem nesting: just ensure that s_stack_depth is 0
> + * to disallow mounting EROFS on stacked filesystems.
> + * Note: s_stack_depth is not incremented here for now, since
> + * EROFS is the only fs supporting file-backed mounts for now.
> + * It MUST change if another fs plans to support them, which
> + * may also require adjusting FILESYSTEM_MAX_STACK_DEPTH.
> */
> if (erofs_is_fileio_mode(sbi)) {
> - sb->s_stack_depth =
> - file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
> - if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
> - erofs_err(sb, "maximum fs stacking depth exceeded");
> + inode = file_inode(sbi->dif0.file);
> + if ((inode->i_sb->s_op == &erofs_sops &&
> + !inode->i_sb->s_bdev) ||
> + inode->i_sb->s_stack_depth) {
> + erofs_err(sb, "file-backed mounts cannot be applied to stacked fses");
> return -ENOTBLK;
> }
> }
Powered by blists - more mailing lists