Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2364780imm; Mon, 28 May 2018 06:48:09 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrv29DbJXvQ2PNqHgUCvhqrM+Me1mOn+sfIL1CEhEqP7G7qgPasDlixKS0Q+BMKBQxTsZ9g X-Received: by 2002:aa7:82c7:: with SMTP id f7-v6mr13548973pfn.218.1527515289146; Mon, 28 May 2018 06:48:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527515289; cv=none; d=google.com; s=arc-20160816; b=UAlKUgP9r78yPZdFdfBOpvvRBdf04bdXwIvwfHMNTiWMY5Br8X/qUhYhS0TEOqIZ7M tHN9GGbZvSpnGKbaFpLy93gr+9CrnoG85A0ENYKf3XVOLzV376+D6ow9ZI8WNeedFdM7 gtbuloYTEjFIZ+pOfXQ67cIXCcQ2kP3KILVcoyUyPd0zEuseheJdtC9tLieh3USFO9T3 zKYMsEjIeTXiMyyl9VGa+4F79PIqU898rPSKv1tO+adlHvEAlwEnFXe3peMWndYPG9bX RExVV1RgJFV3LykdF/4ITZakO9WTeLBpiSpLd7HUuTI/hQ1BxTVaQZ2rO8ykiCqFLkZe K04Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=1EsUErqjEAjkdBWM1fBPpE4hUAbLU+98Fc9c27m7Jxc=; b=k3+OHVrR8rlC+Z0GxSQcNKLXkpXRr/GxdHWI06+KRkMdrWkXbkq3+mXhEgEb9D98ce 6+45eNPisMWwGAzYx2RlvT3QGdk4q0NOdRVFYqeWm/LercaBgdeS890H4sWUNP1N59sP +8WSDN0ghOYll7l9E1UUk8PlFbcUDhi+OvgcLWHFVwYtj5MZvKtIAjVDj/VDLwRLJRKB ejy2xm93ywTf85WscPLnAYn5buLWsqH3zsa1jL5imGdfNsusbjyrOixqGanx0YKM5O7M SYzwhodNGjR8xn5vV5udQOQBhu6nz69ELz3eJHnMmZMtKCiFgLNwLjrqPCcH6VDiY71f FNtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ibv/KBq/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p25-v6si4651551pfi.345.2018.05.28.06.47.54; Mon, 28 May 2018 06:48:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ibv/KBq/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937614AbeE1NrM (ORCPT + 99 others); Mon, 28 May 2018 09:47:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:33928 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S937507AbeE1Kmh (ORCPT ); Mon, 28 May 2018 06:42:37 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 31AB32086D; Mon, 28 May 2018 10:42:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527504156; bh=H2vUEnn5jCCjKEcm/cQ60NCyQjDZjLFigJF3CFXOMkc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ibv/KBq/C5KYU8Prb3Q+NY+pj3MuGE+XdYfcZlpwqErdurtIXMC9YHuvb9TZm/oyT a1IDoXd1ac+xJVm6Ujk+/p7Kt1EBg8NEqh6KkZVgrhyqgifeIVNRWxYuIN+F4otd/e y7ku/9sO/n+FGEVquApvb1RNfTV3Ut+TcXMb3OgI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Sterba , Al Viro Subject: [PATCH 4.14 005/496] affs_lookup(): close a race with affs_remove_link() Date: Mon, 28 May 2018 11:56:30 +0200 Message-Id: <20180528100319.764203737@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100319.498712256@linuxfoundation.org> References: <20180528100319.498712256@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Al Viro commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream. we unlock the directory hash too early - if we are looking at secondary link and primary (in another directory) gets removed just as we unlock, we could have the old primary moved in place of the secondary, leaving us to look into freed entry (and leaving our dentry with ->d_fsdata pointing to a freed entry). Cc: stable@vger.kernel.org # 2.4.4+ Acked-by: David Sterba Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- fs/affs/namei.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/fs/affs/namei.c +++ b/fs/affs/namei.c @@ -206,9 +206,10 @@ affs_lookup(struct inode *dir, struct de affs_lock_dir(dir); bh = affs_find_entry(dir, dentry); - affs_unlock_dir(dir); - if (IS_ERR(bh)) + if (IS_ERR(bh)) { + affs_unlock_dir(dir); return ERR_CAST(bh); + } if (bh) { u32 ino = bh->b_blocknr; @@ -222,10 +223,13 @@ affs_lookup(struct inode *dir, struct de } affs_brelse(bh); inode = affs_iget(sb, ino); - if (IS_ERR(inode)) + if (IS_ERR(inode)) { + affs_unlock_dir(dir); return ERR_CAST(inode); + } } d_add(dentry, inode); + affs_unlock_dir(dir); return NULL; }