mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 03:46:17 +00:00
tracing fixes for v6.7-rc8:
- Fix a NULL kernel dereference in set_gid() on tracefs mounting. When tracefs is mounted with "gid=1000", it will update the existing dentries to have the new gid. The tracefs_inode which is retrieved by a container_of(dentry->d_inode) has flags to see if the inode belongs to the eventfs system. The issue that was fixed was if getdents() was called on tracefs that was previously mounted, and was not closed. It will leave a "cursor dentry" in the subdirs list of the current dentries that set_gid() walks. On a remount of tracefs, the container_of(dentry->d_inode) will dereference a NULL pointer and cause a crash when referenced. Simply have a check for dentry->d_inode to see if it is NULL and if so, skip that entry. - Fix the bits of the eventfs_inode structure. The "is_events" bit was taken from the nr_entries field, but the nr_entries field wasn't updated to be 30 bits and was still 31. Including the "is_freed" bit this would use 33 bits which would make the structure use another integer for just one bit. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZZTAdxQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6quC9APwO307eRre10oAscdis90nh8jN9lg2T bcaN5QKwcQgHDAEA3r/93A5UvczCp1NhSDEdBoL1NmRyYD034sYtaa8SpgI= =WTpg -----END PGP SIGNATURE----- Merge tag 'trace-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing fixes from Steven Rostedt: - Fix a NULL kernel dereference in set_gid() on tracefs mounting. When tracefs is mounted with "gid=1000", it will update the existing dentries to have the new gid. The tracefs_inode which is retrieved by a container_of(dentry->d_inode) has flags to see if the inode belongs to the eventfs system. The issue that was fixed was if getdents() was called on tracefs that was previously mounted, and was not closed. It will leave a "cursor dentry" in the subdirs list of the current dentries that set_gid() walks. On a remount of tracefs, the container_of(dentry->d_inode) will dereference a NULL pointer and cause a crash when referenced. Simply have a check for dentry->d_inode to see if it is NULL and if so, skip that entry. - Fix the bits of the eventfs_inode structure. The "is_events" bit was taken from the nr_entries field, but the nr_entries field wasn't updated to be 30 bits and was still 31. Including the "is_freed" bit this would use 33 bits which would make the structure use another integer for just one bit. * tag 'trace-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: eventfs: Fix bitwise fields for "is_events" tracefs: Check for dentry->d_inode exists in set_gid()
This commit is contained in:
Linus Torvalds
commit
360f0342b2
2 changed files with 5 additions and 1 deletions
|
|
@ -215,6 +215,10 @@ static void set_gid(struct dentry *parent, kgid_t gid)
|
|||
struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
|
||||
next = tmp->next;
|
||||
|
||||
/* Note, getdents() can add a cursor dentry with no inode */
|
||||
if (!dentry->d_inode)
|
||||
continue;
|
||||
|
||||
spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
|
||||
|
||||
change_gid(dentry, gid);
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ struct eventfs_inode {
|
|||
};
|
||||
unsigned int is_freed:1;
|
||||
unsigned int is_events:1;
|
||||
unsigned int nr_entries:31;
|
||||
unsigned int nr_entries:30;
|
||||
};
|
||||
|
||||
static inline struct tracefs_inode *get_tracefs(const struct inode *inode)
|
||||
|
|
|
|||
Loading…
Reference in a new issue