[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20221103142340.6qc23fgvchtmrv6z@wittgenstein>
Date: Thu, 3 Nov 2022 15:23:40 +0100
From: Christian Brauner <brauner@...nel.org>
To: syzbot <syzbot+3f6ef1c4586bb6fd1f61@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org,
miklos@...redi.hu, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] BUG: unable to handle kernel paging request in
ovl_set_acl
On Thu, Nov 03, 2022 at 04:40:22AM -0700, syzbot wrote:
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
Unrelated failure. I've reproduced the issue manually and verified that
the patch I wanted to test fixes it. Patch is in the relevant branch an
in for-next:
https://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git/commit/?h=fs.acl.rework&id=5b52aebef8954cadff29918bb61d7fdc7be07837
This is only relevant for the next mw so nothing in ovl in mainline.
Fwiw, this is the fix:
>From 5b52aebef8954cadff29918bb61d7fdc7be07837 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@...nel.org>
Date: Thu, 3 Nov 2022 08:18:46 +0100
Subject: [PATCH] ovl: call posix_acl_release() after error checking
The current placement of posix_acl_release() in ovl_set_or_remove_acl()
means it can be called on an error pointer instead of actual acls.
Fix this by moving the posix_acl_release() call after the error handling.
Fixes: 0e641857322f ("ovl: implement set acl method") # mainline only
Reported-by: syzbot+3f6ef1c4586bb6fd1f61@...kaller.appspotmail.com
Signed-off-by: Christian Brauner (Microsoft) <brauner@...nel.org>
---
fs/overlayfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 77a77fd7a77b..ee6dfa577c93 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -621,11 +621,11 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode,
real_acl = vfs_get_acl(mnt_user_ns(realpath.mnt), realdentry,
acl_name);
revert_creds(old_cred);
- posix_acl_release(real_acl);
if (IS_ERR(real_acl)) {
err = PTR_ERR(real_acl);
goto out_drop_write;
}
+ posix_acl_release(real_acl);
}
if (!upperdentry) {
--
2.34.1
Powered by blists - more mailing lists