vfs: fix freeze protection in mnt_want_write_file() for overlayfs

[ Upstream commit a6795a585929d94ca3e931bc8518f8deb8bbe627 ]

The underlying real file used by overlayfs still contains the overlay path.
This results in mnt_want_write_file() calls by the filesystem getting
freeze protection on the wrong inode (the overlayfs one instead of the real
one).

Fix by using file_inode(file)->i_sb instead of file->f_path.mnt->mnt_sb.

Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index 9dc146e7b5e0add4af485c6880bdd563154d6474..3ee3ee5819bc110b8c70198fd3f5b5fec225695c 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -446,10 +446,10 @@ int mnt_want_write_file_path(struct file *file)
 {
        int ret;
 
-       sb_start_write(file->f_path.mnt->mnt_sb);
+       sb_start_write(file_inode(file)->i_sb);
        ret = __mnt_want_write_file(file);
        if (ret)
-               sb_end_write(file->f_path.mnt->mnt_sb);
+               sb_end_write(file_inode(file)->i_sb);
        return ret;
 }
 
@@ -540,7 +540,8 @@ void __mnt_drop_write_file(struct file *file)
 
 void mnt_drop_write_file_path(struct file *file)
 {
-       mnt_drop_write(file->f_path.mnt);
+       __mnt_drop_write_file(file);
+       sb_end_write(file_inode(file)->i_sb);
 }
 
 void mnt_drop_write_file(struct file *file)