Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751910AbaGXJ0a (ORCPT ); Thu, 24 Jul 2014 05:26:30 -0400 Received: from mailout3.samsung.com ([203.254.224.33]:30174 "EHLO mailout3.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750987AbaGXJ01 (ORCPT ); Thu, 24 Jul 2014 05:26:27 -0400 X-AuditID: cbfee61b-f79f86d00000144c-e5-53d0d1419501 From: Chao Yu To: tyhicks@canonical.com Cc: ecryptfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ecryptfs: avoid to access NULL pointer when write metadata in xattr Date: Thu, 24 Jul 2014 17:25:42 +0800 Message-id: <000001cfa721$57072880$05157980$@samsung.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-index: Ac+mL/9EQJk/8q5fQ12YIoNDvVGWPg== Content-language: zh-cn X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMLMWRmVeSWpSXmKPExsVy+t9jQV3HixeCDa5Pk7V4e3c5u8XlXXPY LDbdbGFyYPaY1dDL5vF5k1wAUxSXTUpqTmZZapG+XQJXxuep2QVHpCs+//rE2sB4XbyLkZND QsBEomXBGmYIW0ziwr31bF2MXBxCAtMZJSY8eAHl/GCUWDfnDCNIFZuAisTyjv9MILaIgKTE 0cfTWEBsZgErieO7V4NNEhYIk7j65RQ7iM0ioCrR8eQdmM0rYClxYOEJKFtQ4sfke1C9WhLr dx5ngrDlJTaveQt1kYLEjrOvgfZyAO3Skzi8VAKiRFxi45FbLBMYBWYhmTQLyaRZSCbNQtKy gJFlFaNoakFyQXFSeq6RXnFibnFpXrpecn7uJkZw0D6T3sG4qsHiEKMAB6MSD2/H3vPBQqyJ ZcWVuYcYJTiYlUR4V266ECzEm5JYWZValB9fVJqTWnyIUZqDRUmc92CrdaCQQHpiSWp2ampB ahFMlomDU6qB0fan2KTbqsFvTfcHLS+RqtM37Amaa+Yo9j1luv8ZfsbayUYX/4drFnVfWa73 uLzsVH7gyWUpvevE4yYHHRRe61p6sejZ+1dfZ+zeefdazflz7n99OXhOHD3d/yNgHUfD3cnW ZjGV3+85rDsScWnm4W1VP7aqnZr2urCi8IWiR/mKjN23f81U5lZiKc5INNRiLipOBADHar/U VgIAAA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org https://bugzilla.kernel.org/show_bug.cgi?id=41692 Christopher Head 2014-06-28 05:26:20 UTC described: "I tried to reproduce this on 3.12.21. Instead, when I do "echo hello > foo" in an ecryptfs mount with ecryptfs_xattr specified, I get a kernel crash: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] fsstack_copy_attr_all+0x2/0x61 PGD d7840067 PUD b2c3c067 PMD 0 Oops: 0002 [#1] SMP Modules linked in: nvidia(PO) CPU: 3 PID: 3566 Comm: bash Tainted: P O 3.12.21-gentoo-r1 #2 Hardware name: ASUSTek Computer Inc. G60JX/G60JX, BIOS 206 03/15/2010 task: ffff8801948944c0 ti: ffff8800bad70000 task.ti: ffff8800bad70000 RIP: 0010:[] [] fsstack_copy_attr_all+0x2/0x61 RSP: 0018:ffff8800bad71c10 EFLAGS: 00010246 RAX: 00000000000181a4 RBX: ffff880198648480 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffff880172010450 RDI: 0000000000000000 RBP: ffff880198490e40 R08: 0000000000000000 R09: 0000000000000000 R10: ffff880172010450 R11: ffffea0002c51e80 R12: 0000000000002000 R13: 000000000000001a R14: 0000000000000000 R15: ffff880198490e40 FS: 00007ff224caa700(0000) GS:ffff88019fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000bb07f000 CR4: 00000000000007e0 Stack: ffffffff811826e8 ffff8800a39d8000 0000000000000000 000000000000001a ffff8800a01d0000 ffff8800a39d8000 ffffffff81185fd5 ffffffff81082c2c 00000001a39d8000 53d0abbc98490e40 0000000000000037 ffff8800a39d8220 Call Trace: [] ? ecryptfs_setxattr+0x40/0x52 [] ? ecryptfs_write_metadata+0x1b3/0x223 [] ? should_resched+0x5/0x23 [] ? ecryptfs_initialize_file+0xaf/0xd4 [] ? ecryptfs_create+0xf4/0x142 [] ? vfs_create+0x48/0x71 [] ? do_last.isra.68+0x559/0x952 [] ? link_path_walk+0xbd/0x458 [] ? path_openat+0x224/0x472 [] ? do_filp_open+0x2b/0x6f [] ? __alloc_fd+0xd6/0xe7 [] ? do_sys_open+0x65/0xe9 [] ? system_call_fastpath+0x16/0x1b RIP [] fsstack_copy_attr_all+0x2/0x61 RSP CR2: 0000000000000000 ---[ end trace df9dba5f1ddb8565 ]---" If we create a file when we mount with ecryptfs_xattr_metadata option, we will encounter a crash in this path: ->ecryptfs_create ->ecryptfs_initialize_file ->ecryptfs_write_metadata ->ecryptfs_write_metadata_to_xattr ->ecryptfs_setxattr ->fsstack_copy_attr_all It's because our dentry->d_inode used in fsstack_copy_attr_all is NULL, and it will be initialized when ecryptfs_initialize_file finish. So we should skip copying attr from lower inode when the value of ->d_inode is invalid. Signed-off-by: Chao Yu --- fs/ecryptfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index e67f9f0..436b7d8 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -1037,7 +1037,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, } rc = vfs_setxattr(lower_dentry, name, value, size, flags); - if (!rc) + if (!rc && dentry->d_inode) fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode); out: return rc; -- 2.0.1.474.g72c7794 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/