| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220811160948.1542842-13-sashal@kernel.org>
Date: Thu, 11 Aug 2022 12:09:41 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Al Viro <viro@...iv.linux.org.uk>, Sasha Levin <sashal@...nel.org>,
linux-fsdevel@...r.kernel.org
Subject: [PATCH AUTOSEL 4.19 13/14] d_add_ci(): make sure we don't miss d_lookup_done()
From: Al Viro <viro@...iv.linux.org.uk>
[ Upstream commit 40a3cb0d2314a41975aa385a74643878454f6eac ]
All callers of d_alloc_parallel() must make sure that resulting
in-lookup dentry (if any) will encounter __d_lookup_done() before
the final dput(). d_add_ci() might end up creating in-lookup
dentries; they are fed to d_splice_alias(), which will normally
make sure they meet __d_lookup_done(). However, it is possible
to end up with d_splice_alias() failing with ERR_PTR(-ELOOP)
without having done so. It takes a corrupted ntfs or case-insensitive
xfs image, but neither should end up with memory corruption...
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
fs/dcache.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/dcache.c b/fs/dcache.c
index 1897833a4668..1e9f4dd94e6c 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2080,6 +2080,7 @@ struct dentry *d_add_ci(struct dentry *dentry, struct inode *inode,
}
res = d_splice_alias(inode, found);
if (res) {
+ d_lookup_done(found);
dput(found);
return res;
}
--
2.35.1
Powered by blists - more mailing lists