diff mbox series

[4.14.y,1/2] kernfs: deal with kernfs_fill_super() failures

Message ID 20210622210622.9925-1-gpiccoli@canonical.com
State New
Headers show
Series [4.14.y,1/2] kernfs: deal with kernfs_fill_super() failures | expand

Commit Message

Guilherme G. Piccoli June 22, 2021, 9:06 p.m. UTC
From: Al Viro <viro@zeniv.linux.org.uk>

commit 82382acec0c97b91830fff7130d0acce4ac4f3f3 upstream.

make sure that info->node is initialized early, so that kernfs_kill_sb()
can list_del() it safely.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
---

Hey Al, is there any reason for the absence of this patch in the stable
kernels? We had a report of a crash (NULL-ptr dereference) that seems to be
fixed by this patch - if there isn't a reason, I'd like to propose this one
to be merged on 4.14.y . I've build-tested in x86-64 with defconfig.

Thanks in advance,


Guilherme


 fs/kernfs/mount.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Greg Kroah-Hartman June 23, 2021, 2:57 p.m. UTC | #1
On Tue, Jun 22, 2021 at 06:06:22PM -0300, Guilherme G. Piccoli wrote:
> From: Al Viro <viro@zeniv.linux.org.uk>

> 

> commit 7b745a4e4051e1bbce40e0b1c2cf636c70583aa4 upstream.

> 

> new_sb is left uninitialized in case of early failures in kernfs_mount_ns(),

> and while IS_ERR(root) is true in all such cases, using IS_ERR(root) || !new_sb

> is not a solution - IS_ERR(root) is true in some cases when new_sb is true.

> 

> Make sure new_sb is initialized (and matches the reality) in all cases and

> fix the condition for dropping kobj reference - we want it done precisely

> in those situations where the reference has not been transferred into a new

> super_block instance.

> 

> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

> Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>

> ---

> 

> I'd like to protest this patch title heheh

> But I think it's better to keep consistency with upstream. It's the same

> case as patch 1 of the series, no clear reason for its absence in stable.

> Build-tested on x86-64 with defconfig.


Both now queued up, thanks.

greg k-h
Guilherme G. Piccoli June 23, 2021, 3:11 p.m. UTC | #2
Thanks a lot Greg!
diff mbox series

Patch

diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 5019058e0f6a..610267585f8f 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -320,6 +320,7 @@  struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
 
 	info->root = root;
 	info->ns = ns;
+	INIT_LIST_HEAD(&info->node);
 
 	sb = sget_userns(fs_type, kernfs_test_super, kernfs_set_super, flags,
 			 &init_user_ns, info);