lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20231120153623.49c5119b@gandalf.local.home>
Date:   Mon, 20 Nov 2023 15:36:23 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Naresh Kamboju <naresh.kamboju@...aro.org>
Cc:     linux-trace-kernel@...r.kernel.org, linux-kernel@...r.kernel.org,
        mhiramat@...nel.org, mark.rutland@....com, lkft@...aro.org
Subject: Re: selftests: ftrace: WARNING: __list_del_entry_valid_or_report
 (lib/list_debug.c:62 (discriminator 1))

On Thu, 16 Nov 2023 18:00:16 +0530
Naresh Kamboju <naresh.kamboju@...aro.org> wrote:

> Following kernel crash noticed while running selftests: ftrace on arm64 Juno-r2
> device running stable-rc linux-6.6.y kernel.
> 
> This kernel crash is hard to reproduce.
> 

Can you test this patch.

Note, there's a similar bug on 6.7-rc1 which I'll fix first. And when
that's accepted, I'll push this one for v6.6. This may be two patches as
one if the d_invalidate() issue, and another is a memory leak fix.

-- Steve

diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c
index 5fcfb634fec2..b60048469df1 100644
--- a/fs/tracefs/event_inode.c
+++ b/fs/tracefs/event_inode.c
@@ -289,6 +289,8 @@ void eventfs_set_ef_status_free(struct tracefs_inode *ti, struct dentry *dentry)
 		ef = dentry->d_fsdata;
 		if (ef)
 			free_ef(ef);
+		else
+			kfree(ei);
 		return;
 	}
 
@@ -342,7 +344,6 @@ static void eventfs_post_create_dir(struct eventfs_file *ef)
 static struct dentry *
 create_dentry(struct eventfs_file *ef, struct dentry *parent, bool lookup)
 {
-	bool invalidate = false;
 	struct dentry *dentry;
 
 	mutex_lock(&eventfs_mutex);
@@ -387,23 +388,24 @@ create_dentry(struct eventfs_file *ef, struct dentry *parent, bool lookup)
 			eventfs_post_create_dir(ef);
 		dentry->d_fsdata = ef;
 	} else {
-		/* A race here, should try again (unless freed) */
-		invalidate = true;
-
 		/*
+		 * If we are here then the directory is being freed.
+		 * The simple_recursive_removal() will get rid of the dentry
+		 * here.
+		 */
+		dentry = NULL;
+		 /*
 		 * Should never happen unless we get here due to being freed.
 		 * Otherwise it means two dentries exist with the same name.
 		 */
 		WARN_ON_ONCE(!ef->is_freed);
 	}
 	mutex_unlock(&eventfs_mutex);
-	if (invalidate)
-		d_invalidate(dentry);
 
-	if (lookup || invalidate)
+	if (lookup)
 		dput(dentry);
 
-	return invalidate ? NULL : dentry;
+	return dentry;
 }
 
 static bool match_event_file(struct eventfs_file *ef, const char *name)
-- 
2.42.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ