From: Greg KH <gregkh@linuxfoundation.org>
To: Samuel Mendoza-Jonas <samjonas@amazon.com>
Cc: stable@vger.kernel.org, Miklos Szeredi <mszeredi@redhat.com>,
Amir Goldstein <amir73il@gmail.com>
Subject: Re: [PATCH 4.14 1/2] fuse: fix bad inode
Date: Wed, 19 Jan 2022 12:37:54 +0100 [thread overview]
Message-ID: <Yef4Ejks7hTSgl6C@kroah.com> (raw)
In-Reply-To: <20220119005201.130738-1-samjonas@amazon.com>
On Tue, Jan 18, 2022 at 04:52:00PM -0800, Samuel Mendoza-Jonas wrote:
> From: Miklos Szeredi <mszeredi@redhat.com>
>
> commit 5d069dbe8aaf2a197142558b6fb2978189ba3454 upstream.
>
> Jan Kara's analysis of the syzbot report (edited):
>
> The reproducer opens a directory on FUSE filesystem, it then attaches
> dnotify mark to the open directory. After that a fuse_do_getattr() call
> finds that attributes returned by the server are inconsistent, and calls
> make_bad_inode() which, among other things does:
>
> inode->i_mode = S_IFREG;
>
> This then confuses dnotify which doesn't tear down its structures
> properly and eventually crashes.
>
> Avoid calling make_bad_inode() on a live inode: switch to a private flag on
> the fuse inode. Also add the test to ops which the bad_inode_ops would
> have caught.
>
> This bug goes back to the initial merge of fuse in 2.6.14...
>
> Reported-by: syzbot+f427adf9324b92652ccc@syzkaller.appspotmail.com
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> Tested-by: Jan Kara <jack@suse.cz>
> Cc: <stable@vger.kernel.org>
> [adjusted for missing fs/fuse/readdir.c and changes in fuse_evict_inode() in 4.14]
> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
What about 4.19.y, will this work there as well? We need it for that
kernel before we can take it into 4.14.y.
Also what about 4.4.y and 4.9.y?
thanks,
greg k-h
next prev parent reply other threads:[~2022-01-19 11:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-19 0:52 [PATCH 4.14 1/2] fuse: fix bad inode Samuel Mendoza-Jonas
2022-01-19 0:52 ` [PATCH 4.14 2/2] fuse: fix live lock in fuse_iget() Samuel Mendoza-Jonas
2022-01-19 11:37 ` Greg KH [this message]
2022-01-19 17:04 ` [PATCH 4.14 1/2] fuse: fix bad inode Samuel Mendoza-Jonas
2022-01-24 9:46 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yef4Ejks7hTSgl6C@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=amir73il@gmail.com \
--cc=mszeredi@redhat.com \
--cc=samjonas@amazon.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.