+ nilfs2-convert-to-use-the-new-mount-api-v2.patch added to mm-nonmm-unstable branch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled
     Subject: nilfs2-convert-to-use-the-new-mount-api-v2
has been added to the -mm mm-nonmm-unstable branch.  Its filename is
     nilfs2-convert-to-use-the-new-mount-api-v2.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/nilfs2-convert-to-use-the-new-mount-api-v2.patch

This patch will later appear in the mm-nonmm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Eric Sandeen <sandeen@xxxxxxxxxx>
Subject: nilfs2-convert-to-use-the-new-mount-api-v2
Date: Fri, 26 Apr 2024 04:05:26 +0900

- fix UAF read for fc->root in put_fs_context() when call to
  nilfs_reconfigure() from nilfs_get_tree() fails.
- fix reference to uninitialized variable 's' in nilfs_get_tree().
- fix duplicate inclusion of fs_context.h.
- reflect function argument changes to kernel-doc comments.

[konishi.ryusuke: fixed missing SB_RDONLY flag repair, UAF read for
 fc->root on error, reference to uninitialized variable, duplicate header
 inclusion, and missing update of kernel-doc comments]
Link: https://lkml.kernel.org/r/33d078a7-9072-4d8e-a3a9-dec23d4191da@xxxxxxxxxx
Link: https://lkml.kernel.org/r/20240425190526.10905-1-konishi.ryusuke@xxxxxxxxx
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 fs/nilfs2/super.c     |   24 +++++++++++++++---------
 fs/nilfs2/the_nilfs.c |    1 -
 2 files changed, 15 insertions(+), 10 deletions(-)

--- a/fs/nilfs2/super.c~nilfs2-convert-to-use-the-new-mount-api-v2
+++ a/fs/nilfs2/super.c
@@ -29,14 +29,13 @@
 #include <linux/slab.h>
 #include <linux/init.h>
 #include <linux/blkdev.h>
-#include <linux/fs_context.h>
-#include <linux/fs_parser.h>
 #include <linux/crc32.h>
 #include <linux/vfs.h>
 #include <linux/writeback.h>
 #include <linux/seq_file.h>
 #include <linux/mount.h>
 #include <linux/fs_context.h>
+#include <linux/fs_parser.h>
 #include "nilfs.h"
 #include "export.h"
 #include "mdt.h"
@@ -1025,8 +1024,7 @@ int nilfs_checkpoint_is_mounted(struct s
 /**
  * nilfs_fill_super() - initialize a super block instance
  * @sb: super_block
- * @data: mount options
- * @silent: silent mode flag
+ * @fc: filesystem context
  *
  * This function is called exclusively by nilfs->ns_mount_mutex.
  * So, the recovery process is protected from other simultaneous mounts.
@@ -1193,8 +1191,9 @@ nilfs_get_tree(struct fs_context *fc)
 	int err;
 
 	if (ctx->cno && !(fc->sb_flags & SB_RDONLY)) {
-		nilfs_err(s, "invalid option \"cp=%llu\": read-only option is not specified",
-			ctx->cno);
+		nilfs_err(NULL,
+			  "invalid option \"cp=%llu\": read-only option is not specified",
+			  ctx->cno);
 		return -EINVAL;
 	}
 
@@ -1225,13 +1224,20 @@ nilfs_get_tree(struct fs_context *fc)
 			}
 		} else {
 			/*
-			 * Try remount to setup mount states if the current
+			 * Try reconfigure to setup mount states if the current
 			 * tree is not mounted and only snapshots use this sb.
+			 *
+			 * Since nilfs_reconfigure() requires fc->root to be
+			 * set, set it first and release it on failure.
 			 */
-			fc->root = s->s_root;
+			fc->root = dget(s->s_root);
 			err = nilfs_reconfigure(fc);
-			if (err)
+			if (err) {
+				dput(fc->root);
+				fc->root = NULL;  /* prevent double release */
 				goto failed_super;
+			}
+			return 0;
 		}
 	}
 
--- a/fs/nilfs2/the_nilfs.c~nilfs2-convert-to-use-the-new-mount-api-v2
+++ a/fs/nilfs2/the_nilfs.c
@@ -659,7 +659,6 @@ static int nilfs_load_super_block(struct
  * init_nilfs - initialize a NILFS instance.
  * @nilfs: the_nilfs structure
  * @sb: super block
- * @data: mount options
  *
  * init_nilfs() performs common initialization per block device (e.g.
  * reading the super block, getting disk layout information, initializing
_

Patches currently in -mm which might be from sandeen@xxxxxxxxxx are

nilfs2-convert-to-use-the-new-mount-api.patch
nilfs2-convert-to-use-the-new-mount-api-v2.patch
[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux