From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Mike Christie <mchristi@redhat.com>,
Christoph Hellwig <hch@lst.de>, Joel Becker <jlbec@evilplan.org>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.14 14/57] configfs: fix registered group removal
Date: Sat, 15 Sep 2018 01:32:37 +0000 [thread overview]
Message-ID: <20180915013223.179909-14-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180915013223.179909-1-alexander.levin@microsoft.com>
From: Mike Christie <mchristi@redhat.com>
[ Upstream commit cc57c07343bd071cdf1915a91a24ab7d40c9b590 ]
This patch fixes a bug where configfs_register_group had added
a group in a tree, and userspace has done a rmdir on a dir somewhere
above that group and we hit a kernel crash. The problem is configfs_rmdir
will detach everything under it and unlink groups on the default_groups
list. It will not unlink groups added with configfs_register_group so when
configfs_unregister_group is called to drop its references to the group/items
we crash when we try to access the freed dentrys.
The patch just adds a check for if a rmdir has been done above
us and if so just does the unlink part of unregistration.
Sorry if you are getting this multiple times. I thouhgt I sent
this to some of you and lkml, but I do not see it.
Signed-off-by: Mike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
fs/configfs/dir.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 56fb26127fef..d2a1a79fa324 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1777,6 +1777,16 @@ void configfs_unregister_group(struct config_group *group)
struct dentry *dentry = group->cg_item.ci_dentry;
struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
+ mutex_lock(&subsys->su_mutex);
+ if (!group->cg_item.ci_parent->ci_group) {
+ /*
+ * The parent has already been unlinked and detached
+ * due to a rmdir.
+ */
+ goto unlink_group;
+ }
+ mutex_unlock(&subsys->su_mutex);
+
inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
spin_lock(&configfs_dirent_lock);
configfs_detach_prep(dentry, NULL);
@@ -1791,6 +1801,7 @@ void configfs_unregister_group(struct config_group *group)
dput(dentry);
mutex_lock(&subsys->su_mutex);
+unlink_group:
unlink_group(group);
mutex_unlock(&subsys->su_mutex);
}
--
2.17.1
next prev parent reply other threads:[~2018-09-15 1:44 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-15 1:32 [PATCH AUTOSEL 4.14 01/57] binfmt_elf: Respect error return from `regset->active' Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 02/57] net/mlx5: Add missing SET_DRIVER_VERSION command translation Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 03/57] arm64: dts: uniphier: Add missing cooling device properties for CPUs Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 04/57] audit: fix use-after-free in audit_add_watch Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 05/57] mtdchar: fix overflows in adjustment of `count` Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 07/57] Bluetooth: Use lock_sock_nested in bt_accept_enqueue Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 06/57] vfs: fix freeze protection in mnt_want_write_file() for overlayfs Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 08/57] mtd: rawnand: sunxi: Add an U suffix to NFC_PAGE_OP definition Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 09/57] evm: Don't deadlock if a crypto algorithm is unavailable Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 10/57] KVM: PPC: Book3S HV: Add of_node_put() in success path Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 12/57] PM / devfreq: use put_device() instead of kfree() Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 11/57] security: check for kstrdup() failure in lsm_append() Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 13/57] MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Sasha Levin
2018-09-15 1:32 ` Sasha Levin [this message]
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 15/57] pinctrl: rza1: Fix selector use for groups and functions Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 16/57] pinctrl: pinmux: Return selector to the pinctrl driver Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 17/57] sched/core: Use smp_mb() in wake_woken_function() Sasha Levin
2018-09-15 1:32 ` Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 19/57] ARM: hisi: handle of_iomap and fix missing of_node_put Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 18/57] efi/esrt: Only call efi_mem_reserve() for boot services memory Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 21/57] ARM: hisi: check of_iomap and fix missing of_node_put Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 20/57] ARM: hisi: fix error handling and " Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 22/57] liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 23/57] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 24/57] tty: fix termios input-speed encoding when using BOTHER Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 25/57] tty: fix termios input-speed encoding Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 27/57] mmc: tegra: prevent HS200 on Tegra 3 Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 26/57] mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 29/57] drm/nouveau: Fix runtime PM leak in drm_open() Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 28/57] mmc: sdhci: do not try to use 3.3V signaling if not supported Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 31/57] drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 30/57] drm/nouveau/debugfs: Wake up GPU before doing any reclocking Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 32/57] parport: sunbpp: fix error return code Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 33/57] sched/fair: Fix util_avg of new tasks for asymmetric systems Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 34/57] coresight: Handle errors in finding input/output ports Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 36/57] coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 35/57] coresight: tpiu: Fix disabling timeouts Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 38/57] gpio: pxa: Fix potential NULL dereference Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 37/57] staging: bcm2835-audio: Don't leak workqueue if open fails Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 39/57] gpiolib: Mark gpio_suffixes array with __maybe_unused Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 40/57] mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 42/57] rcu: Fix grace-period hangs due to race with CPU offline Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 41/57] input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 43/57] drm/amdkfd: Fix error codes in kfd_get_process Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 45/57] ALSA: pcm: Fix snd_interval_refine first/last with open min/max Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 44/57] rtc: bq4802: add error handling for devm_ioremap Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 47/57] selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Sasha Levin
2018-09-15 1:32 ` Sasha Levin
2018-09-15 1:32 ` Alexander.Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 46/57] scsi: libfc: fixup 'sleeping function called from invalid context' Sasha Levin
2018-09-15 1:32 ` [PATCH AUTOSEL 4.14 48/57] drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 49/57] dmaengine: hsu: Support dmaengine_terminate_sync() Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 50/57] dmaengine: idma64: " Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 51/57] IB/nes: Fix a compiler warning Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 52/57] blk-mq: only attempt to merge bio if there is rq in sw queue Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 54/57] gpiolib: Respect error code of ->get_direction() Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 53/57] blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 55/57] pinctrl: msm: Fix msm_config_group_get() to be compliant Sasha Levin
2018-09-15 1:33 ` Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 56/57] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() " Sasha Levin
2018-09-15 1:33 ` Sasha Levin
2018-09-15 1:33 ` [PATCH AUTOSEL 4.14 57/57] clk: tegra: bpmp: Don't crash when a clock fails to register Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180915013223.179909-14-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=hch@lst.de \
--cc=jlbec@evilplan.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchristi@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.