projects / wrapfs-2.6.38.y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 79cf668)
fs/dcache: move security_d_instantiate() behind attaching dentry to inode
authorzhangyi (F) <yi.zhang@huawei.com>
Wed, 6 Nov 2019 09:43:52 +0000 (17:43 +0800)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 19 Dec 2019 15:59:03 +0000 (15:59 +0000)
During backport 1e2e547a93a "do d_instantiate/unlock_new_inode
combinations safely", there was a error instantiating sequence of
attaching dentry to inode and calling security_d_instantiate().

Before commit ce23e640133 "->getxattr(): pass dentry and inode as
separate arguments" and b96809173e9 "security_d_instantiate(): move to
the point prior to attaching dentry to inode", security_d_instantiate()
should be called beind __d_instantiate(), otherwise it will trigger
below problem when CONFIG_SECURITY_SMACK on ext4 was enabled because
d_inode(dentry) used by ->getxattr() is NULL before __d_instantiate()
instantiate inode.

[   31.858026] BUG: unable to handle kernel paging request at ffffffffffffff70
...
[   31.882024] Call Trace:
[   31.882378]  [<ffffffffa347f75c>] ext4_xattr_get+0x8c/0x3e0
[   31.883195]  [<ffffffffa3489454>] ext4_xattr_security_get+0x24/0x40
[   31.884086]  [<ffffffffa336a56b>] generic_getxattr+0x5b/0x90
[   31.884907]  [<ffffffffa3700514>] smk_fetch+0xb4/0x150
[   31.885634]  [<ffffffffa3700772>] smack_d_instantiate+0x1c2/0x550
[   31.886508]  [<ffffffffa36f9a5a>] security_d_instantiate+0x3a/0x80
[   31.887389]  [<ffffffffa3353b26>] d_instantiate_new+0x36/0x130
[   31.888223]  [<ffffffffa342b1ef>] ext4_mkdir+0x4af/0x6a0
[   31.888928]  [<ffffffffa3343470>] vfs_mkdir+0x100/0x280
[   31.889536]  [<ffffffffa334b086>] SyS_mkdir+0xb6/0x170
[   31.890255]  [<ffffffffa307c855>] ? trace_do_page_fault+0x95/0x2b0
[   31.891134]  [<ffffffffa3c5e078>] entry_SYSCALL_64_fastpath+0x18/0x73

Cc: <stable@vger.kernel.org> # 3.16, 4.4
Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
fs/dcache.c patch | blob | history

diff --git a/fs/dcache.c b/fs/dcache.c
index 6b0ef157a48bc0d171607c0c5e464aec4f0da4c7..9cd0e99812a5966efe4e8a34164c3209efffcd9f 100644 (file)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1685,7 +1685,6 @@ void d_instantiate_new(struct dentry *entry, struct inode *inode)
        BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
        BUG_ON(!inode);
        lockdep_annotate_inode_mutex_key(inode);
-       security_d_instantiate(entry, inode);
        spin_lock(&inode->i_lock);
        __d_instantiate(entry, inode);
        WARN_ON(!(inode->i_state & I_NEW));
@@ -1693,6 +1692,7 @@ void d_instantiate_new(struct dentry *entry, struct inode *inode)
        smp_mb();
        wake_up_bit(&inode->i_state, __I_NEW);
        spin_unlock(&inode->i_lock);
+       security_d_instantiate(entry, inode);
 }
 EXPORT_SYMBOL(d_instantiate_new);
 
wrapfs-2.6.38.y