This is a note to let you know that I've just added the patch titled
ovl: fix use inode directly in rcu-walk mode
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ovl-fix-use-inode-directly-in-rcu-walk-mode.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 672e4268b2863d7e4978dfed29552b31c2f9bd4e Mon Sep 17 00:00:00 2001
From: Chen Zhongjin <chenzhongjin@xxxxxxxxxx>
Date: Mon, 28 Nov 2022 11:33:05 +0100
Subject: ovl: fix use inode directly in rcu-walk mode
From: Chen Zhongjin <chenzhongjin@xxxxxxxxxx>
commit 672e4268b2863d7e4978dfed29552b31c2f9bd4e upstream.
ovl_dentry_revalidate_common() can be called in rcu-walk mode. As document
said, "in rcu-walk mode, d_parent and d_inode should not be used without
care".
Check inode here to protect access under rcu-walk mode.
Fixes: bccece1ead36 ("ovl: allow remote upper")
Reported-and-tested-by: syzbot+a4055c78774bbf3498bb@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Chen Zhongjin <chenzhongjin@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # v5.7
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/overlayfs/super.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -138,11 +138,16 @@ static int ovl_dentry_revalidate_common(
unsigned int flags, bool weak)
{
struct ovl_entry *oe = dentry->d_fsdata;
+ struct inode *inode = d_inode_rcu(dentry);
struct dentry *upper;
unsigned int i;
int ret = 1;
- upper = ovl_dentry_upper(dentry);
+ /* Careful in RCU mode */
+ if (!inode)
+ return -ECHILD;
+
+ upper = ovl_i_dentry_upper(inode);
if (upper)
ret = ovl_revalidate_real(upper, flags, weak);
Patches currently in stable-queue which might be from chenzhongjin@xxxxxxxxxx are
queue-5.10/media-dvb-core-fix-ignored-return-value-in-dvb_regis.patch
queue-5.10/perf-fix-possible-memleak-in-pmu_dev_alloc.patch
queue-5.10/scsi-fcoe-fix-transport-not-deattached-when-fcoe_if_.patch
queue-5.10/vme-fix-error-not-catched-in-fake_init.patch
queue-5.10/ovl-fix-use-inode-directly-in-rcu-walk-mode.patch
queue-5.10/wifi-cfg80211-fix-not-unregister-reg_pdev-when-load_.patch
queue-5.10/fs-sysv-fix-sysv_nblocks-returns-wrong-value.patch
queue-5.10/configfs-fix-possible-memory-leak-in-configfs_create.patch
queue-5.10/media-vimc-fix-wrong-function-called-when-vimc_init-.patch
queue-5.10/acpica-fix-error-code-path-in-acpi_ds_call_control_m.patch
queue-5.10/media-vidtv-fix-use-after-free-in-vidtv_bridge_dvb_i.patch
