On Fri, 21 Mar 2025 at 19:40, Alexey Nepomnyashih <sdl@xxxxxxxx> wrote: > > From: Ard Biesheuvel <ardb@xxxxxxxxxx> > > commit cdb46a8aefbf7fd36772bb206aaaf7e45d7cf8f6 upstream. > > syzbot reports issues with concurrent fsopen()/fsconfig() invocations on > efivarfs, which are the result of the fact that the efivarfs list (which > caches the names and GUIDs of existing EFI variables) is a global > structure. In normal use, these issues are unlikely to trigger, even in > the presence of multiple mounts of efivarfs, but the execution pattern > used by the syzkaller reproducer may result in multiple instances of the > superblock that share the global efivarfs list, and this causes list > corruption when the list is reinitialized by one user while another is > traversing it. > > So let's move the list head into the superblock s_fs_info field, so that > it will never be shared between distinct instances of the superblock. In > the common case, there will still be a single instance of this list, but > in the artificial syzkaller case, no list corruption can occur any > longer. > > Reported-by: syzbot+1902c359bfcaf39c46f2@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > Reported-by: syzbot+246ea4feed277471958a@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=246ea4feed277471958a > Signed-off-by: Alexey Nepomnyashih <sdl@xxxxxxxx> > --- > fs/efivarfs/inode.c | 3 ++- > fs/efivarfs/internal.h | 9 ++++++--- > fs/efivarfs/super.c | 26 +++++++++++++++++--------- > fs/efivarfs/vars.c | 5 +++-- > 4 files changed, 28 insertions(+), 15 deletions(-) > The original commit has fs/efivarfs/inode.c | 3 ++- fs/efivarfs/internal.h | 6 +++--- fs/efivarfs/super.c | 19 ++++++++++--------- fs/efivarfs/vars.c | 5 +++-- 4 files changed, 18 insertions(+), 15 deletions(-) so you will need to explain where those extra 10 lines came from.
