Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2272732imm; Mon, 28 May 2018 05:10:35 -0700 (PDT) X-Google-Smtp-Source: ADUXVKL+mK/Uh5N/jO/Jc1e9OgF4bQhCo6u9mU7HuuHygXvns4kPcxSyn+6Ifa1ilioSidp8fZQD X-Received: by 2002:a17:902:8c83:: with SMTP id t3-v6mr6031624plo.357.1527509435930; Mon, 28 May 2018 05:10:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527509435; cv=none; d=google.com; s=arc-20160816; b=HN8FjDLQ4u9AcnH4NYwiXfYLJ35iIhyLBoBS777dn+dsrweYF+fN2WZAmue+c2cNrW 3eAUQqnFei0P9iX9zZdRQ4O90hMit3ECSWZQzLvocmSna5oEx+dRGDVbAHbj/MCqCoby h523vlkVxV01eE1S964i9pz6ACar+9l/UKqAQd64lz/imMbc/NsmOEnRLTx2IKtg82EQ ZS/ktiFxXioWzOTJz9LsLJygHMkVmTDEXLP3XQ6rJ9/6WJ8GkokGcqK9arfQLkLIjZca m+gk5791Ogl/ZjBm4EBXs4XKQ08NWWGfdyywjFRRAwsF+SX0x+VjIOvaD425zNtQ3WYX RgPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=F05xdjVIm+2tLBqLzIaql/e10beiHMRiAmjf+7/m/vM=; b=J4OaXbzEw99KiTFITVEU0ivN2hJ8hO+VX4F6PRo78JptFsr/iAyxlHT2WeXOJC/rXO giKHlfxIDIDVcTRq+rRtXMfPM2irmKuefMlmEe4sO2C+EyC338URWuV9RANfboyM5ldr 6DVsxS6pvojd0tTf+rtcEpoGA+xjZo9G1m9wIHKzkKeH8VXWHBjJ9BVfDSBwOrSP043i syYDdovjBzNtiqC3oBCeappYaH88xWYE9qEZo4R5lxQ+FEhyUvNBKWC8Ky6fXnpOddvg D3g+IO9zsLkk3KspK51nzpDhg+oAyRGnCypTtVPZnPSlMh4xT2rYPyjky6mMzXOlvs9+ 4mBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=T+SYW2PZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e63-v6si30113733pfd.261.2018.05.28.05.10.21; Mon, 28 May 2018 05:10:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=T+SYW2PZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423052AbeE1LEq (ORCPT + 99 others); Mon, 28 May 2018 07:04:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:51730 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1165005AbeE1LEf (ORCPT ); Mon, 28 May 2018 07:04:35 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 733E42087E; Mon, 28 May 2018 11:04:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527505475; bh=tCYMEXBbsCCG9DKa29elG+8IWNYdTq5ODglBPQeH520=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=T+SYW2PZxiNMGsDo+ejKZ47prqhXdhBZfpGCY252+mnp9cdofYZ1AUU7YFngCqVZO oSeQE9uJgAhgkR+MSjSdSvc33LLYoQJOeyRTLSWZeXdxx/kyq64KIug7LHnMd6fEn4 i6VoCxzTMJE9D/JRuJvoOFJQphDoOWcMEmMkf/J0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Sterba , Al Viro Subject: [PATCH 4.16 008/272] affs_lookup(): close a race with affs_remove_link() Date: Mon, 28 May 2018 12:00:41 +0200 Message-Id: <20180528100240.887700939@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100240.256525891@linuxfoundation.org> References: <20180528100240.256525891@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Al Viro commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream. we unlock the directory hash too early - if we are looking at secondary link and primary (in another directory) gets removed just as we unlock, we could have the old primary moved in place of the secondary, leaving us to look into freed entry (and leaving our dentry with ->d_fsdata pointing to a freed entry). Cc: stable@vger.kernel.org # 2.4.4+ Acked-by: David Sterba Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- fs/affs/namei.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/fs/affs/namei.c +++ b/fs/affs/namei.c @@ -206,9 +206,10 @@ affs_lookup(struct inode *dir, struct de affs_lock_dir(dir); bh = affs_find_entry(dir, dentry); - affs_unlock_dir(dir); - if (IS_ERR(bh)) + if (IS_ERR(bh)) { + affs_unlock_dir(dir); return ERR_CAST(bh); + } if (bh) { u32 ino = bh->b_blocknr; @@ -222,10 +223,13 @@ affs_lookup(struct inode *dir, struct de } affs_brelse(bh); inode = affs_iget(sb, ino); - if (IS_ERR(inode)) + if (IS_ERR(inode)) { + affs_unlock_dir(dir); return ERR_CAST(inode); + } } d_add(dentry, inode); + affs_unlock_dir(dir); return NULL; }