Patch "pstore: inode: Only d_invalidate() is needed" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 22 Mar 2024 13:57:01 -0400

This is a note to let you know that I've just added the patch titled

    pstore: inode: Only d_invalidate() is needed

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     pstore-inode-only-d_invalidate-is-needed.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 893c8184eb8cab48adf7b2e8f6740af6b4fc82e0
Author: Kees Cook <keescook@xxxxxxxxxxxx>
Date:   Thu Feb 22 09:48:46 2024 -0800

    pstore: inode: Only d_invalidate() is needed
    
    [ Upstream commit a43e0fc5e9134a46515de2f2f8d4100b74e50de3 ]
    
    Unloading a modular pstore backend with records in pstorefs would
    trigger the dput() double-drop warning:
    
      WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410
    
    Using the combo of d_drop()/dput() (as mentioned in
    Documentation/filesystems/vfs.rst) isn't the right approach here, and
    leads to the reference counting problem seen above. Use d_invalidate()
    and update the code to not bother checking for error codes that can
    never happen.
    
    Suggested-by: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
    Fixes: 609e28bb139e ("pstore: Remove filesystem records when backend is unregistered")
    Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
    ---
    Cc: "Guilherme G. Piccoli" <gpiccoli@xxxxxxxxxx>
    Cc: Tony Luck <tony.luck@xxxxxxxxx>
    Cc: linux-hardening@xxxxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index 904863dbf5327..7dbbf3b6d98d3 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -306,7 +306,6 @@ int pstore_put_backend_records(struct pstore_info *psi)
 {
 	struct pstore_private *pos, *tmp;
 	struct dentry *root;
-	int rc = 0;
 
 	root = psinfo_lock_root();
 	if (!root)
@@ -316,11 +315,8 @@ int pstore_put_backend_records(struct pstore_info *psi)
 		list_for_each_entry_safe(pos, tmp, &records_list, list) {
 			if (pos->record->psi == psi) {
 				list_del_init(&pos->list);
-				rc = simple_unlink(d_inode(root), pos->dentry);
-				if (WARN_ON(rc))
-					break;
-				d_drop(pos->dentry);
-				dput(pos->dentry);
+				d_invalidate(pos->dentry);
+				simple_unlink(d_inode(root), pos->dentry);
 				pos->dentry = NULL;
 			}
 		}
@@ -328,7 +324,7 @@ int pstore_put_backend_records(struct pstore_info *psi)
 
 	inode_unlock(d_inode(root));
 
-	return rc;
+	return 0;
 }
 
 /*







