From: Al Viro viro@zeniv.linux.org.uk
commit 82382acec0c97b91830fff7130d0acce4ac4f3f3 upstream.
make sure that info->node is initialized early, so that kernfs_kill_sb() can list_del() it safely.
Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Guilherme G. Piccoli gpiccoli@canonical.com ---
Hey Al, is there any reason for the absence of this patch in the stable kernels? We had a report of a crash (NULL-ptr dereference) that seems to be fixed by this patch - if there isn't a reason, I'd like to propose this one to be merged on 4.14.y . I've build-tested in x86-64 with defconfig.
Thanks in advance,
Guilherme
fs/kernfs/mount.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c index 5019058e0f6a..610267585f8f 100644 --- a/fs/kernfs/mount.c +++ b/fs/kernfs/mount.c @@ -320,6 +320,7 @@ struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
info->root = root; info->ns = ns; + INIT_LIST_HEAD(&info->node);
sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags, &init_user_ns, info);
From: Al Viro viro@zeniv.linux.org.uk
commit 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 upstream.
new_sb is left uninitialized in case of early failures in kernfs_mount_ns(), and while IS_ERR(root) is true in all such cases, using IS_ERR(root) || !new_sb is not a solution - IS_ERR(root) is true in some cases when new_sb is true.
Make sure new_sb is initialized (and matches the reality) in all cases and fix the condition for dropping kobj reference - we want it done precisely in those situations where the reference has not been transferred into a new super_block instance.
Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Guilherme G. Piccoli gpiccoli@canonical.com ---
I'd like to protest this patch title heheh But I think it's better to keep consistency with upstream. It's the same case as patch 1 of the series, no clear reason for its absence in stable. Build-tested on x86-64 with defconfig.
Thanks,
Guilherme
fs/sysfs/mount.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c index 20b8f82e115b..2bbe84d9c0a8 100644 --- a/fs/sysfs/mount.c +++ b/fs/sysfs/mount.c @@ -28,7 +28,7 @@ static struct dentry *sysfs_mount(struct file_system_type *fs_type, { struct dentry *root; void *ns; - bool new_sb; + bool new_sb = false;
if (!(flags & MS_KERNMOUNT)) { if (!kobj_ns_current_may_mount(KOBJ_NS_TYPE_NET)) @@ -38,9 +38,9 @@ static struct dentry *sysfs_mount(struct file_system_type *fs_type, ns = kobj_ns_grab_current(KOBJ_NS_TYPE_NET); root = kernfs_mount_ns(fs_type, flags, sysfs_root, SYSFS_MAGIC, &new_sb, ns); - if (IS_ERR(root) || !new_sb) + if (!new_sb) kobj_ns_drop(KOBJ_NS_TYPE_NET, ns); - else if (new_sb) + else if (!IS_ERR(root)) root->d_sb->s_iflags |= SB_I_USERNS_VISIBLE;
return root;
On Tue, Jun 22, 2021 at 06:06:22PM -0300, Guilherme G. Piccoli wrote:
From: Al Viro viro@zeniv.linux.org.uk
commit 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 upstream.
new_sb is left uninitialized in case of early failures in kernfs_mount_ns(), and while IS_ERR(root) is true in all such cases, using IS_ERR(root) || !new_sb is not a solution - IS_ERR(root) is true in some cases when new_sb is true.
Make sure new_sb is initialized (and matches the reality) in all cases and fix the condition for dropping kobj reference - we want it done precisely in those situations where the reference has not been transferred into a new super_block instance.
Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Guilherme G. Piccoli gpiccoli@canonical.com
I'd like to protest this patch title heheh But I think it's better to keep consistency with upstream. It's the same case as patch 1 of the series, no clear reason for its absence in stable. Build-tested on x86-64 with defconfig.
Both now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Guilherme G. Piccoli -
Guilherme Piccoli