| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Feb 2016 11:30:29 +0100
From: Roman Pen <r.peniaev@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: Roman Pen <r.peniaev@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] debugfs: fix inode i_nlink references for automount dentry
Directory inodes should start off with i_nlink == 2 (one extra ref
for "." entry). debugfs_create_automount() increases neither the
i_nlink reference for current inode nor for parent inode.
On attempt to remove the automount dentry, kernel complains:
[ 86.288070] WARNING: CPU: 1 PID: 3616 at fs/inode.c:273 drop_nlink+0x3e/0x50()
[ 86.288461] Modules linked in: debugfs_example2(O-)
[ 86.288745] CPU: 1 PID: 3616 Comm: rmmod Tainted: G O 4.4.0-rc3-next-20151207+ #135
[ 86.289197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150617_082717-anatol 04/01/2014
[ 86.289696] ffffffff81be05c9 ffff8800b9e6fda0 ffffffff81352e2c 0000000000000000
[ 86.290110] ffff8800b9e6fdd8 ffffffff81065142 ffff8801399175e8 ffff8800bb78b240
[ 86.290507] ffff8801399175e8 ffff8800b73d7898 ffff8800b73d7840 ffff8800b9e6fde8
[ 86.290933] Call Trace:
[ 86.291080] [<ffffffff81352e2c>] dump_stack+0x4e/0x82
[ 86.291340] [<ffffffff81065142>] warn_slowpath_common+0x82/0xc0
[ 86.291640] [<ffffffff8106523a>] warn_slowpath_null+0x1a/0x20
[ 86.291932] [<ffffffff811ae62e>] drop_nlink+0x3e/0x50
[ 86.292208] [<ffffffff811ba35b>] simple_unlink+0x4b/0x60
[ 86.292481] [<ffffffff811ba3a7>] simple_rmdir+0x37/0x50
[ 86.292748] [<ffffffff812d9808>] __debugfs_remove.part.16+0xa8/0xd0
[ 86.293082] [<ffffffff812d9a0b>] debugfs_remove_recursive+0xdb/0x1c0
[ 86.293406] [<ffffffffa00004dd>] cleanup_module+0x2d/0x3b [debugfs_example2]
[ 86.293762] [<ffffffff810d959b>] SyS_delete_module+0x16b/0x220
[ 86.294077] [<ffffffff818ef857>] entry_SYSCALL_64_fastpath+0x12/0x6a
[ 86.294405] ---[ end trace c9fc53353fe14a36 ]---
[ 86.294639] ------------[ cut here ]------------
To reproduce the issue it is enough to invoke these lines:
autom = debugfs_create_automount("automount", NULL, vfsmount_cb, data);
BUG_ON(IS_ERR_OR_NULL(autom));
debugfs_remove(autom);
The issue is fixed by increasing inode i_nlink references for current
and parent inodes.
Signed-off-by: Roman Pen <r.peniaev@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org
---
fs/debugfs/inode.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index bece948..13d65f8 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -461,7 +461,11 @@ struct dentry *debugfs_create_automount(const char *name,
inode->i_flags |= S_AUTOMOUNT;
inode->i_private = data;
dentry->d_fsdata = (void *)f;
+ /* directory inodes start off with i_nlink == 2 (for "." entry) */
+ inc_nlink(inode);
d_instantiate(dentry, inode);
+ inc_nlink(d_inode(dentry->d_parent));
+ fsnotify_mkdir(d_inode(dentry->d_parent), dentry);
return end_creating(dentry);
}
EXPORT_SYMBOL(debugfs_create_automount);
--
2.6.2
Powered by blists - more mailing lists