Patch "tracefs: Zero out the tracefs_inode when allocating it" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    tracefs: Zero out the tracefs_inode when allocating it

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tracefs-zero-out-the-tracefs_inode-when-allocating-it.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From SRS0=eEWY=JP=rostedt.homelinux.com=rostedt@xxxxxxxxxx Tue Feb  6 13:10:43 2024
From: Steven Rostedt <rostedt@xxxxxxxxxxx>
Date: Tue, 06 Feb 2024 07:09:52 -0500
Subject: tracefs: Zero out the tracefs_inode when allocating it
To: linux-kernel@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Sasha Levin <sashal@xxxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>, kernel test robot <oliver.sang@xxxxxxxxx>
Message-ID: <20240206120954.038732037@xxxxxxxxxxxxxxxxxxxxx>

From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>

commit d81786f53aec14fd4d56263145a0635afbc64617 upstream.

eventfs uses the tracefs_inode and assumes that it's already initialized
to zero. That is, it doesn't set fields to zero (like ti->private) after
getting its tracefs_inode. This causes bugs due to stale values.

Just initialize the entire structure to zero on allocation so there isn't
any more surprises.

This is a partial fix to access to ti->private. The assignment still needs
to be made before the dentry is instantiated.

Link: https://lore.kernel.org/linux-trace-kernel/20240131185512.315825944@xxxxxxxxxxx

Cc: stable@xxxxxxxxxxxxxxx
Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Cc: Mark Rutland <mark.rutland@xxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Cc: Christian Brauner <brauner@xxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode")
Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-lkp/202401291043.e62e89dc-oliver.sang@xxxxxxxxx
Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/tracefs/inode.c    |    6 ++++--
 fs/tracefs/internal.h |    3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -38,8 +38,6 @@ static struct inode *tracefs_alloc_inode
 	if (!ti)
 		return NULL;
 
-	ti->flags = 0;
-
 	return &ti->vfs_inode;
 }
 
@@ -779,7 +777,11 @@ static void init_once(void *foo)
 {
 	struct tracefs_inode *ti = (struct tracefs_inode *) foo;
 
+	/* inode_init_once() calls memset() on the vfs_inode portion */
 	inode_init_once(&ti->vfs_inode);
+
+	/* Zero out the rest */
+	memset_after(ti, 0, vfs_inode);
 }
 
 static int __init tracefs_init(void)
--- a/fs/tracefs/internal.h
+++ b/fs/tracefs/internal.h
@@ -11,9 +11,10 @@ enum {
 };
 
 struct tracefs_inode {
+	struct inode            vfs_inode;
+	/* The below gets initialized with memset_after(ti, 0, vfs_inode) */
 	unsigned long           flags;
 	void                    *private;
-	struct inode            vfs_inode;
 };
 
 /*


Patches currently in stable-queue which might be from rostedt@xxxxxxxxxx are

queue-6.6/eventfs-keep-all-directory-links-at-1.patch
queue-6.6/eventfs-make-sure-that-parent-d_inode-is-locked-in-creating-files-dirs.patch
queue-6.6/eventfs-save-directory-inodes-in-the-eventfs_inode-structure.patch
queue-6.6/revert-eventfs-save-ownership-and-mode.patch
queue-6.6/tracefs-zero-out-the-tracefs_inode-when-allocating-it.patch
queue-6.6/eventfs-read-ei-entries-before-ei-children-in-eventfs_iterate.patch
queue-6.6/eventfs-do-not-invalidate-dentry-in-create_file-dir_dentry.patch
queue-6.6/eventfs-fix-file-and-directory-uid-and-gid-ownership.patch
queue-6.6/eventfs-remove-lookup-parameter-from-create_dir-file_dentry.patch
queue-6.6/eventfs-use-gfp_nofs-for-allocation-when-eventfs_mutex-is-held.patch
queue-6.6/eventfs-remove-fsnotify-functions-from-lookup.patch
queue-6.6/eventfs-use-err_cast-in-eventfs_create_events_dir.patch
queue-6.6/revert-eventfs-use-simple_recursive_removal-to-clean-up-dentries.patch
queue-6.6/eventfs-use-simple_recursive_removal-to-clean-up-dentries.patch
queue-6.6/eventfs-stop-using-dcache_readdir-for-getdents.patch
queue-6.6/eventfs-have-event-files-and-directories-default-to-parent-uid-and-gid.patch
queue-6.6/eventfs-use-eventfs_remove_events_dir.patch
queue-6.6/eventfs-delete-eventfs_inode-when-the-last-dentry-is-freed.patch
queue-6.6/tracefs-avoid-using-the-ei-dentry-pointer-unnecessarily.patch
queue-6.6/tracefs-remove-stale-update_gid-code.patch
queue-6.6/eventfs-initialize-the-tracefs-inode-properly.patch
queue-6.6/eventfs-remove-special-processing-of-dput-of-events-directory.patch
queue-6.6/eventfs-save-ownership-and-mode.patch
queue-6.6/tracefs-check-for-dentry-d_inode-exists-in-set_gid.patch
queue-6.6/eventfs-do-ctx-pos-update-for-all-iterations-in-eventfs_iterate.patch
queue-6.6/tracefs-dentry-lookup-crapectomy.patch
queue-6.6/eventfs-move-taking-of-inode_lock-into-dcache_dir_open_wrapper.patch
queue-6.6/eventfs-have-a-free_ei-that-just-frees-the-eventfs_inode.patch
queue-6.6/revert-eventfs-remove-is_freed-union-with-rcu-head.patch
queue-6.6/eventfs-have-the-inodes-all-for-files-and-directories-all-be-the-same.patch
queue-6.6/eventfs-use-kcalloc-instead-of-kzalloc.patch
queue-6.6/eventfs-test-for-ei-is_freed-when-accessing-ei-dentry.patch
queue-6.6/eventfs-fix-bitwise-fields-for-is_events.patch
queue-6.6/eventfs-fix-warn_on-in-create_file_dentry.patch
queue-6.6/eventfs-fix-events-beyond-name_max-blocking-tasks.patch
queue-6.6/eventfs-shortcut-eventfs_iterate-by-skipping-entries-already-read.patch
queue-6.6/revert-eventfs-do-not-allow-null-parent-to-eventfs_start_creating.patch
queue-6.6/eventfs-do-not-allow-null-parent-to-eventfs_start_creating.patch
queue-6.6/eventfs-do-not-create-dentries-nor-inodes-in-iterate_shared.patch
queue-6.6/eventfs-have-eventfs_iterate-stop-immediately-if-ei-is_freed-is-set.patch
queue-6.6/eventfs-fix-typo-in-eventfs_inode-union-comment.patch
queue-6.6/eventfs-remove-expectation-that-ei-is_freed-means-ei-dentry-null.patch
queue-6.6/eventfs-restructure-eventfs_inode-structure-to-be-more-condensed.patch
queue-6.6/eventfs-warn-if-an-eventfs_inode-is-freed-without-is_freed-being-set.patch
queue-6.6/eventfs-get-rid-of-dentry-pointers-without-refcounts.patch
queue-6.6/eventfs-remove-unused-d_parent-pointer-field.patch
queue-6.6/eventfs-hold-eventfs_mutex-when-calling-callback-functions.patch
queue-6.6/eventfs-remove-is_freed-union-with-rcu-head.patch
queue-6.6/tracefs-eventfs-modify-mismatched-function-name.patch
queue-6.6/eventfs-fix-kerneldoc-of-eventfs_remove_rec.patch
queue-6.6/tracefs-eventfs-use-root-and-instance-inodes-as-default-ownership.patch
queue-6.6/revert-eventfs-check-for-null-ef-in-eventfs_set_attr.patch
queue-6.6/eventfs-fix-failure-path-in-eventfs_create_events_dir.patch
queue-6.6/eventfs-clean-up-dentry-ops-and-add-revalidate-function.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux