Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2175164imm;
        Mon, 28 May 2018 03:14:56 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZp2UkJctr4obOxDQuH+cvpRXxTTehK7yJwt/SGG5cg+va4hUqmn2cjTekr+epACcoTBIl/P
X-Received: by 2002:a62:1656:: with SMTP id 83-v6mr12801653pfw.61.1527502496583;
        Mon, 28 May 2018 03:14:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527502496; cv=none;
        d=google.com; s=arc-20160816;
        b=y9dBKLof1UgFlcVRe1EvPIBrFH8xpuRZ1bXScz1D2kh+trZ1hs0XEWK+9WSTRYruwf
         FCsG6jS4AWtsrfWCoI5KkeYB4QIeGJAdJAfVO5QSE5bJyybz6aigKaTMe0scnfJSK8em
         dwkWnOU4C3A+xWrJ5sin9Op7pFczImGkUOKFjb0Z5dRh21G8UcjtkgS6GSf2Eqy8fkC/
         fCIu2vbiGMv4sp5/V/u8eMYWHUmEtgtaVIRZdRRhEKrXXVNGrH+ZXG87NhLWHRWFiRTe
         fSln90aUVRj3kSM+CHaVhH1nVafsxoJbNe6Pwh5XrjDW8KstvrYTkGb/VZS4PhVInTcM
         YAkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=GUXnjfgu3T4/FRj5Wi3KIjsY4sBMb3Io67Ce5C1mibE=;
        b=lv0LG4xH4VR2/ZzSjI/GGLuJZ6VH5JX49K0s9s6LCUckdEAUXpL/iw174E2wBD2cQj
         pGTtEEKrFvfhzoUSczPDCib7/F+PTh64Gnqip88+gbPsXP0IqUe7fGEIg7jaMvGphSvG
         0fkap2U2HV+gCB/TDGRAW31W5F+GZWYdcCgIqRbp9L4LvNaZ9L6rZuMYBJvCKlshmIHA
         gNUgaV0kVnYGZd6J2pv3V68Dg8DZ1eZsj9qDAR2DsLQBWCVKJ1cbNm50jdWh9HSlzc5B
         Y2VPo6KoDI4tEpEb5RUg+YtWJkp89tYmncFu+pl3iGXngQhhV7SjwzdqaQJ8PYt/CM0G
         u6Lw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ecdX9clU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y20-v6si895395plp.267.2018.05.28.03.14.41;
        Mon, 28 May 2018 03:14:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ecdX9clU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S936887AbeE1KOe (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Mon, 28 May 2018 06:14:34 -0400
Received: from mail.kernel.org ([198.145.29.99]:34504 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S936516AbeE1KOa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 May 2018 06:14:30 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 9F29F2086D;
        Mon, 28 May 2018 10:14:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527502469;
        bh=xRvn/FP0tdHUBPP+0Lqnc85zWHsYxu1xI52ctfsJU2Y=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ecdX9clUFqJ1zuqhNFdZzeLKKJ621qDMqSNU8bKE3ntM83qCusHy6kBDOJ96hNvIG
         kMZYaEVB/VHIPDFakPZq67pMXJMSejwrOj8OtX6LYpsdwVGCSt0uNRtefshAE3fXeR
         1NMQOcOZ91v6MmLjrzdbdRgw9jtfaf8ZNoae5dHk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, David Sterba <dsterba@suse.com>,
        Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 4.4 004/268] affs_lookup(): close a race with affs_remove_link()
Date:   Mon, 28 May 2018 11:59:38 +0200
Message-Id: <20180528100202.593711854@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180528100202.045206534@linuxfoundation.org>
References: <20180528100202.045206534@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Al Viro <viro@zeniv.linux.org.uk>

commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream.

we unlock the directory hash too early - if we are looking at secondary
link and primary (in another directory) gets removed just as we unlock,
we could have the old primary moved in place of the secondary, leaving
us to look into freed entry (and leaving our dentry with ->d_fsdata
pointing to a freed entry).

Cc: stable@vger.kernel.org # 2.4.4+
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/affs/namei.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -224,9 +224,10 @@ affs_lookup(struct inode *dir, struct de
 
 	affs_lock_dir(dir);
 	bh = affs_find_entry(dir, dentry);
-	affs_unlock_dir(dir);
-	if (IS_ERR(bh))
+	if (IS_ERR(bh)) {
+		affs_unlock_dir(dir);
 		return ERR_CAST(bh);
+	}
 	if (bh) {
 		u32 ino = bh->b_blocknr;
 
@@ -240,10 +241,13 @@ affs_lookup(struct inode *dir, struct de
 		}
 		affs_brelse(bh);
 		inode = affs_iget(sb, ino);
-		if (IS_ERR(inode))
+		if (IS_ERR(inode)) {
+			affs_unlock_dir(dir);
 			return ERR_CAST(inode);
+		}
 	}
 	d_add(dentry, inode);
+	affs_unlock_dir(dir);
 	return NULL;
 }