mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs
History
Wengang Wang f1c08645df fs/ocfs2: fix race in ocfs2_dentry_attach_lock() 
commit be99ca2716 upstream.

ocfs2_dentry_attach_lock() can be executed in parallel threads against the
same dentry.  Make that race safe.  The race is like this:

            thread A                               thread B

(A1) enter ocfs2_dentry_attach_lock,
seeing dentry->d_fsdata is NULL,
and no alias found by
ocfs2_find_local_alias, so kmalloc
a new ocfs2_dentry_lock structure
to local variable "dl", dl1

               .....

                                    (B1) enter ocfs2_dentry_attach_lock,
                                    seeing dentry->d_fsdata is NULL,
                                    and no alias found by
                                    ocfs2_find_local_alias so kmalloc
                                    a new ocfs2_dentry_lock structure
                                    to local variable "dl", dl2.

                                                   ......

(A2) set dentry->d_fsdata with dl1,
call ocfs2_dentry_lock() and increase
dl1->dl_lockres.l_ro_holders to 1 on
success.
              ......

                                    (B2) set dentry->d_fsdata with dl2
                                    call ocfs2_dentry_lock() and increase
				    dl2->dl_lockres.l_ro_holders to 1 on
				    success.

                                                  ......

(A3) call ocfs2_dentry_unlock()
and decrease
dl2->dl_lockres.l_ro_holders to 0
on success.
             ....

                                    (B3) call ocfs2_dentry_unlock(),
                                    decreasing
				    dl2->dl_lockres.l_ro_holders, but
				    see it's zero now, panic

Link: http://lkml.kernel.org/r/20190529174636.22364-1-wen.gang.wang@oracle.com
Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
Reported-by: Daniel Sobe <daniel.sobe@nxp.com>
Tested-by: Daniel Sobe <daniel.sobe@nxp.com>
Reviewed-by: Changwei Ge <gechangwei@live.cn>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-06-19 08:20:54 +02:00
..
9p 9p locks: add mount option for lock retry interval 2019-04-20 09:15:04 +02:00
adfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
affs affs_lookup(): close a race with affs_remove_link() 2018-05-30 07:51:47 +02:00
afs afs: Fix directory permissions check 2018-07-08 15:30:51 +02:00
autofs4 autofs: fix error return in autofs_fill_super() 2019-03-13 14:03:19 -07:00
befs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:42:51 +01:00
btrfs Btrfs: incremental send, fix file corruption when no-holes feature is enabled 2019-06-09 09:18:16 +02:00
cachefiles fscache, cachefiles: remove redundant variable 'cache' 2018-12-17 09:28:53 +01:00
ceph ceph: flush dirty inodes before proceeding with remount 2019-05-25 18:25:22 +02:00
cifs CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM 2019-06-09 09:18:18 +02:00
coda coda: fix 'kernel memory exposure attempt' in fsync 2017-11-24 08:37:05 +01:00
configfs configfs: fix possible use-after-free in configfs_register_group 2019-06-15 11:54:53 +02:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-13 11:15:12 -08:00
crypto fscrypt: use unbound workqueue for decryption 2018-08-03 07:50:32 +02:00
debugfs debugfs: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
devpts fs/devpts: always delete dcache dentry-s in dput() 2019-03-23 14:35:21 +01:00
dlm dlm: Don't swamp the CPU with callbacks queued during recovery 2019-02-12 19:45:57 +01:00
ecryptfs eCryptfs: don't pass up plaintext names when using filename encryption 2018-06-21 04:02:42 +09:00
efivarfs VFS: Kill off s_options and helpers 2017-07-11 06:09:21 -04:00
efs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
exofs fs/exofs: fix potential memory leak in mount option parsing 2018-11-27 16:10:47 +01:00
exportfs exportfs: do not read dentry after free 2018-12-17 09:28:50 +01:00
ext2 ext2: Fix underflow in ext2_max_size() 2019-03-23 14:35:23 +01:00
ext4 ext4: do not delete unlinked inode from orphan list on failed truncate 2019-05-31 06:47:10 -07:00
f2fs f2fs: fix to do sanity check on valid block count of segment 2019-06-15 11:54:53 +02:00
fat fs/fat/file.c: issue flush after the writeback of FAT 2019-06-15 11:54:51 +02:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 09:28:53 +01:00
fuse fuse: retrieve: cap requested size to negotiated max_write 2019-06-15 11:54:54 +02:00
gfs2 gfs2: Fix occasional glock use-after-free 2019-05-31 06:47:14 -07:00
hfs hfs: do not free node before using 2018-12-17 09:28:54 +01:00
hfsplus hfsplus: do not free node before using 2018-12-17 09:28:54 +01:00
hostfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hpfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hugetlbfs hugetlb: use same fault hash key for shared and private mappings 2019-05-31 06:47:12 -07:00
isofs isofs: reject hardware sector size > 2048 bytes 2018-10-03 17:00:57 -07:00
jbd2 jbd2: check superblock mapped prior to committing 2019-05-21 18:50:18 +02:00
jffs2 jffs2: fix use-after-free on symlink traversal 2019-05-08 07:20:49 +02:00
jfs jfs: Fix inconsistency between memory allocation and ea_buf->max_size 2018-08-09 12:16:39 +02:00
kernfs kernfs: fix barrier usage in __kernfs_new_node() 2019-05-16 19:42:19 +02:00
lockd Revert "lockd: Show pid of lockd for remote locks" 2019-06-09 09:18:18 +02:00
minix License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ncpfs staging: ncpfs: memory corruption in ncp_read_kernel() 2018-03-28 18:24:43 +02:00
nfs NFS: Fix a double unlock from nfs_match,get_client 2019-05-31 06:47:35 -07:00
nfs_common lockd: fix "list_add double add" caused by legacy signal interface 2018-02-03 17:39:08 +01:00
nfsd nfsd: allow fh_want_write to be called twice 2019-06-15 11:54:54 +02:00
nilfs2 do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:51:47 +02:00
nls License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
notify fanotify: fix handling of events on child sub-directory 2019-02-06 17:31:37 +01:00
ntfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ocfs2 fs/ocfs2: fix race in ocfs2_dentry_attach_lock() 2019-06-19 08:20:54 +02:00
omfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
openpromfs
orangefs orangefs: report attributes_mask and attributes for statx 2018-06-26 08:06:33 +08:00
overlayfs ovl: check whiteout in ovl_create_over_whiteout() 2018-11-21 09:24:17 +01:00
proc fs/proc/proc_sysctl.c: Fix a NULL pointer dereference 2019-05-02 09:40:31 +02:00
pstore pstore/ram: Run without kernel crash dump region 2019-06-11 12:21:48 +02:00
qnx4 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qnx6 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls. 2019-01-26 09:37:05 +01:00
ramfs mm: make pagevec_lookup() update index 2017-09-06 17:27:26 -07:00
reiserfs reiserfs: propagate errors from fill_with_dentries() properly 2018-11-27 16:10:46 +01:00
romfs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
squashfs Squashfs: Compute expected length from inode size rather than block length 2018-09-05 09:26:32 +02:00
sysfs scsi: sysfs: Introduce sysfs_{un,}break_active_protection() 2018-09-05 09:26:41 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 09:28:48 +01:00
tracefs VFS: Don't use save/replace_mount_options if not using generic_show_options 2017-07-06 03:31:46 -04:00
ubifs ubifs: Handle re-linking of inodes correctly while recovery 2018-12-29 13:39:11 +01:00
udf udf: Fix crash on IO error during truncate 2019-03-27 14:13:52 +09:00
ufs ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour 2019-05-25 18:25:36 +02:00
xfs xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute 2019-04-27 09:35:41 +02:00
Kconfig fs/Kconfig: kill CONFIG_PERCPU_RWSEM some more 2017-07-12 16:26:00 -07:00
Kconfig.binfmt
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:13:04 +01:00
anon_inodes.c
attr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bad_inode.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_aout.c fs: fix kernel_read prototype 2017-09-04 19:05:15 -04:00
binfmt_elf.c binfmt_elf: Respect error return from `regset->active' 2018-09-26 08:38:09 +02:00
binfmt_elf_fdpic.c Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-09-14 18:13:32 -07:00
binfmt_em86.c
binfmt_flat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
binfmt_misc.c fs/binfmt_misc.c: do not allow offset overflow 2018-06-26 08:06:33 +08:00
binfmt_script.c Revert "exec: load_script: don't blindly truncate shebang string" 2019-02-15 09:08:56 +01:00
block_dev.c block: fix the return errno for direct IO 2019-04-17 08:37:53 +02:00
buffer.c fs: fix guard_bio_eod to check for real EOD errors 2019-04-05 22:31:28 +02:00
char_dev.c chardev: add additional check for minor range overlap 2019-05-31 06:47:31 -07:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
coredump.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dax.c fs/dax.c: release PMD lock even when there is no PMD support in DAX 2018-04-26 11:02:14 +02:00
dcache.c fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() 2019-02-06 17:31:34 +01:00
dcookies.c
direct-io.c iomap: report collisions between directio and buffered writes to userspace 2019-04-27 09:35:41 +02:00
drop_caches.c fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() 2019-03-13 14:03:18 -07:00
eventfd.c There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
eventpoll.c fs/epoll: drop ovflist branch prediction 2019-02-12 19:46:10 +01:00
exec.c exec: Fix mem leak in kernel_read_file 2019-03-13 14:03:11 -07:00
fcntl.c fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall 2017-12-17 15:07:59 +01:00
fhandle.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c fs/file.c: initialize init_files.resize_wait 2019-04-05 22:31:28 +02:00
file_table.c fput: Don't reinvent the wheel but use existing llist API 2017-08-28 00:50:23 -04:00
filesystems.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs-writeback.c fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount 2019-05-21 18:50:20 +02:00
fs_pin.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs_struct.c
inode.c Fix up non-directory creation in SGID directories 2018-07-17 11:39:27 +02:00
internal.h Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2017-09-13 09:11:44 -07:00
ioctl.c vfs: swap names of {do,vfs}_clone_file_range() 2018-11-10 07:48:33 -08:00
iomap.c iomap: report collisions between directio and buffered writes to userspace 2019-04-27 09:35:41 +02:00
libfs.c fs: convert __generic_file_fsync to use errseq_t based reporting 2017-07-06 07:02:29 -04:00
locks.c fs/lock: skip lock owner pid translation in case we are in init_pid_ns 2018-10-03 17:00:53 -07:00
mbcache.c mbcache: initialize entry->e_referenced in mb_cache_entry_create() 2018-02-22 15:42:25 +01:00
mount.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpage.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namei.c namei: allow restricted O_CREAT of FIFOs and regular files 2018-12-01 09:42:59 +01:00
namespace.c mount: Prevent MNT_DETACH from disconnecting locked mounts 2018-11-21 09:24:14 +01:00
no-block.c
nsfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
open.c fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-06-11 12:21:51 +02:00
pipe.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
read_write.c fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-06-11 12:21:51 +02:00
readdir.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
select.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_file.c seq_file: fix incomplete reset on read from zero offset 2018-02-22 15:42:28 +01:00
signalfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
splice.c fs: prevent page refcount overflow in pipe_buf_get 2019-05-04 09:15:18 +02:00
stack.c
stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
statfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c fs: don't scan the inode cache before SB_BORN is set 2018-05-30 07:51:47 +02:00
sync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timerfd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
userfaultfd.c coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 2019-04-27 09:35:37 +02:00
utimes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c sysfs: Do not return POSIX ACL xattrs via listxattr 2018-10-10 08:54:27 +02:00