| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240826040018.2990763-1-libaokun@huaweicloud.com>
Date: Mon, 26 Aug 2024 12:00:18 +0800
From: libaokun@...weicloud.com
To: netfs@...ts.linux.dev,
dhowells@...hat.com,
jlayton@...nel.org
Cc: hsiangkao@...ux.alibaba.com,
jefflexu@...ux.alibaba.com,
linux-erofs@...ts.ozlabs.org,
brauner@...nel.org,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
libaokun@...weicloud.com,
yangerkun@...wei.com,
houtao1@...wei.com,
yukuai3@...wei.com,
wozizhi@...wei.com,
Baokun Li <libaokun1@...wei.com>,
stable@...nel.org
Subject: [PATCH] cachefiles: fix dentry leak in cachefiles_open_file()
From: Baokun Li <libaokun1@...wei.com>
In ondemand mode, dentry leaks may be caused when the mount has the
following concurrency with cull:
P1 | P2
-----------------------------------------------------------
cachefiles_lookup_cookie
cachefiles_look_up_object
lookup_one_positive_unlocked
// get dentry
cachefiles_cull
inode->i_flags |= S_KERNEL_FILE;
cachefiles_open_file
cachefiles_mark_inode_in_use
__cachefiles_mark_inode_in_use
can_use = false
if (!(inode->i_flags & S_KERNEL_FILE))
can_use = true
return false
return false
// Returns an error but doesn't put dentry
After that the following WARNING will be triggered when the backend folder
is umounted:
==================================================================
BUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]
WARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70
CPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25
RIP: 0010:umount_check+0x5d/0x70
Call Trace:
<TASK>
d_walk+0xda/0x2b0
do_one_tree+0x20/0x40
shrink_dcache_for_umount+0x2c/0x90
generic_shutdown_super+0x20/0x160
kill_block_super+0x1a/0x40
ext4_kill_sb+0x22/0x40
deactivate_locked_super+0x35/0x80
cleanup_mnt+0x104/0x160
==================================================================
Add the missing dput() to cachefiles_open_file() for a quick fix.
Fixes: 1f08c925e7a3 ("cachefiles: Implement backing file wrangling")
Cc: stable@...nel.org
Signed-off-by: Baokun Li <libaokun1@...wei.com>
---
fs/cachefiles/namei.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index f53977169db4..0bd2f367c3ff 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -554,6 +554,7 @@ static bool cachefiles_open_file(struct cachefiles_object *object,
if (!cachefiles_mark_inode_in_use(object, d_inode(dentry))) {
pr_notice("cachefiles: Inode already in use: %pd (B=%lx)\n",
dentry, d_inode(dentry)->i_ino);
+ dput(dentry);
return false;
}
--
2.39.2
Powered by blists - more mailing lists