Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2170882imm;
        Mon, 28 May 2018 03:09:03 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZprAF50WwCALqk9ukUsp0VeTtIy68bAxDOwYmWJEtbwgFhkJjEgqgqU8sLbcXOdQkZ+exQ5
X-Received: by 2002:a17:902:82cc:: with SMTP id u12-v6mr12856483plz.83.1527502143778;
        Mon, 28 May 2018 03:09:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527502143; cv=none;
        d=google.com; s=arc-20160816;
        b=sCaRWrXvv2g4LRneuK5V7m0G+j1aHK1u3gerPEDPJi0dEE9nL8vnC/Qm2dmS74MuxA
         FgIUgOlDKbHZQ5MeXYPjqFL95meOyCvYn/6aXOWZkl4PlEj3JVvrOyMdz4JHJeNwHG2y
         lFkj7MXcZdwf6grp66ardf/BZnwtpZ/n4oyjL9ZVbyCgaSmQp+1t2/RkorxRaImpVH5N
         M8KTPnycqhim4IbRiiReAz0v8pe2RoN6Ar02ExvC70wZUYqvHdt0cp4xaNJFMgNsDq4W
         AzpsSNPgYp2tO3D1URKdxVg5iYtK4EWENByR7Jt9g+ibKwuQi44qJiVw8DeTh1pczvCJ
         u3RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=Nh+/yer9bySplqQ0d1Li5t1FooXO+Va+Ef/3sPoSTjw=;
        b=vRUQUap/F3/f7KwEv2qZKNd5R9+8WLusMiWDKRfB9sbENbz2v1xyvRwvZI7st8T+K5
         3eKQ9jiTdP12b7yrAdvXFF/Zbcy9giP1hQiMseSfvFOYLToC4l2fjL6Hc5NNqNVVJ0dR
         LbfUSeNJIC4mBxv7Cgv8oBqC95AzIdVEi1bcmWyPXuEFNViqwJZjvwWRxW/uVSdjg9mn
         0ezea9Su3nwpJdrQZkXQFLg4NYIMeuVl/RN+RQMejxhNKvkCOgZ9nquLmv+vmH6QsrCe
         oDP+2DwfTfJ0z+7Y89oZoxggL6KUuqj8iwPac25arGfcwrtYARD6IPCpHt2YXIUzl0Fm
         eBgg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0LkOhxFh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 124-v6si5589348pgg.29.2018.05.28.03.08.49;
        Mon, 28 May 2018 03:09:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0LkOhxFh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932274AbeE1KHM (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Mon, 28 May 2018 06:07:12 -0400
Received: from mail.kernel.org ([198.145.29.99]:54982 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932192AbeE1KG7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 May 2018 06:06:59 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id BAB5B2089E;
        Mon, 28 May 2018 10:06:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527502019;
        bh=oZLU24C+6wM9MaZf4kufnCelriG6/87G2kpX4yr2FOA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=0LkOhxFhiVfIuNt9BVtumVP9rtUCxSwd2wvwY0P3c8uLSiditR6YpQ3JDfYdrhtWT
         UzZ3ZvShSS4ze1HW1rolawPRkzgmwObtrCPiSn8VXUSAR75I4TFUtn+CDadJ0IQCaH
         vitEVhJdQE2m/z6BihIYLTdY6tR0TBp7a6RKHBFI=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, David Sterba <dsterba@suse.com>,
        Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 3.18 004/185] affs_lookup(): close a race with affs_remove_link()
Date:   Mon, 28 May 2018 12:00:45 +0200
Message-Id: <20180528100050.960579859@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180528100050.700971285@linuxfoundation.org>
References: <20180528100050.700971285@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Al Viro <viro@zeniv.linux.org.uk>

commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream.

we unlock the directory hash too early - if we are looking at secondary
link and primary (in another directory) gets removed just as we unlock,
we could have the old primary moved in place of the secondary, leaving
us to look into freed entry (and leaving our dentry with ->d_fsdata
pointing to a freed entry).

Cc: stable@vger.kernel.org # 2.4.4+
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/affs/namei.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -224,9 +224,10 @@ affs_lookup(struct inode *dir, struct de
 
 	affs_lock_dir(dir);
 	bh = affs_find_entry(dir, dentry);
-	affs_unlock_dir(dir);
-	if (IS_ERR(bh))
+	if (IS_ERR(bh)) {
+		affs_unlock_dir(dir);
 		return ERR_CAST(bh);
+	}
 	if (bh) {
 		u32 ino = bh->b_blocknr;
 
@@ -240,10 +241,13 @@ affs_lookup(struct inode *dir, struct de
 		}
 		affs_brelse(bh);
 		inode = affs_iget(sb, ino);
-		if (IS_ERR(inode))
+		if (IS_ERR(inode)) {
+			affs_unlock_dir(dir);
 			return ERR_CAST(inode);
+		}
 	}
 	d_add(dentry, inode);
+	affs_unlock_dir(dir);
 	return NULL;
 }