Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp718322imm; Mon, 2 Jul 2018 21:37:55 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKCWQyWzUeQjNC1A2v8HviB1aC8o2GJlyXCTCLO4vfP7ggtF1MigqCe+u7ZuLBu+F/v5MH0 X-Received: by 2002:a17:902:8a8c:: with SMTP id p12-v6mr28678998plo.212.1530592675788; Mon, 02 Jul 2018 21:37:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530592675; cv=none; d=google.com; s=arc-20160816; b=q7QTgClw6tcLuCizyFoL7+lM2hXFTDV/jqkzFPxtqPmmlCc6w4HfVKPQsis/vwvfto zsbK8EE9VCSFm1S5ZPxqVmfyUkBH2JiTXG5lu3030zD7rPcrDZXQ+Y3IiCTVKxSe4QTT K07oIyEs/SbX59syrYduV0gvUNsK88lNx4ZZUhZ/Y9pkQ//Y1KnKbKAQhNSRVe1UphCz m8anJ9Hqtmk9O9QWbUk/qMZrF0IEP/V/XpbhIEblK3pT1FSWciaZk9ILddtrb9uKFExj xqSH07VHvg+/x2Cuz3cQq7sRZTomeCEy17Fnz//UgwuQwrduz0LfY8+W1SuHUUiRAWTX BdZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=3G74/XVxxU5hZZBjfn7Z7jbH9JgNIgc/obWda7W3fLw=; b=MTIGfiCpQso0LE4DJ3vEt/PTX0utADgXOEmL/Q6/gdDjqrlx7s7sneSBDwvcubtjdO yO4JQoS2eapJA3rCiLC6L8MosucuV6jcXfv7lqZvODKvur2zyp5koDDf/p74zwKTwn9w SqkvxR+C9YlBFRYCAh0y+mL3nraVCoCBRuFtn2UBiqoG1l/4ishmD3XiiOfhC9VaTPoR b90tYYO4zsNEJ6Z+hNHud/jvVVP5i8OLiSMlcBB4aXer11AjQ62bHgz5SBLT7U6gB8IK FWNNA/GFQVJpGgmyyT5Af7SC5rxrAERBoe5F8bC3ST8/kvdZmrdjSDfl3EZfXlNtl6Fk cfIw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x32-v6si218299pld.330.2018.07.02.21.37.40; Mon, 02 Jul 2018 21:37:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753837AbeGCEhB (ORCPT + 99 others); Tue, 3 Jul 2018 00:37:01 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:38090 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751760AbeGCEhA (ORCPT ); Tue, 3 Jul 2018 00:37:00 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 1BF3EC9F; Tue, 3 Jul 2018 04:36:59 +0000 (UTC) Date: Tue, 3 Jul 2018 06:36:55 +0200 From: Greg KH To: Seung-Woo Kim Cc: linux-kernel@vger.kernel.org, Andrew Morton , torvalds@linux-foundation.org, stable@vger.kernel.org, lwn@lwn.net, Jiri Slaby Subject: Re: Linux 3.18.111 Message-ID: <20180703043655.GA9793@kroah.com> References: <20180530073211.GA22422@kroah.com> <20180703032456epcas1p29c4570ae3f6bb3f8d7c2d475e1ba4658~9vfIpgNT51989519895epcas1p2d@epcas1p2.samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180703032456epcas1p29c4570ae3f6bb3f8d7c2d475e1ba4658~9vfIpgNT51989519895epcas1p2d@epcas1p2.samsung.com> User-Agent: Mutt/1.10.0 (2018-05-17) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 03, 2018 at 12:24:59PM +0900, Seung-Woo Kim wrote: > Hello, > > On 2018년 05월 30일 16:32, Greg KH wrote: > > I'm announcing the release of the 3.18.111 kernel. > > > > All users of the 3.18 kernel series must upgrade. > > > > The updated 3.18.y git tree can be found at: > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y > > and can be browsed at the normal kernel.org git web browser: > > http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary > > > > thanks, > > > > greg k-h > > > > ------------ > > > > > do d_instantiate/unlock_new_inode combinations safely > > Recent my test in 3.18.113 kernel with security smack showed following > crash during mkdir on ext4 fs. > > Unable to handle kernel paging request at virtual address ffffffffffffff98 > pgd = ffffffc012411000 > [ffffffffffffff98] *pgd=0000000000000000, *pud=0000000000000000 > ------------[ cut here ]------------ > Kernel BUG at ffffffc0007d9430 [verbose debug info unavailable] > Internal error: Oops - BUG: 96000005 [#1] PREEMPT SMP > CPU: 0 MPIDR: 80000000 PID: 1237 Comm: mkdir Not tainted > 3.18.113-00083-g1bfc02f-dirty #29-Tizen > task: ffffffc02cbc2340 ti: ffffffc02b7fc000 task.ti: ffffffc02b7fc000 > PC is at down_read+0x24/0x54 > LR is at down_read+0x24/0x54 > [...] > Call trace: > [] down_read+0x24/0x54 > [] ext4_xattr_get+0x74/0x1f4 > [] ext4_xattr_security_get+0x28/0x38 > [] generic_getxattr+0x4c/0x60 > [] smk_fetch.isra.6+0x8c/0xe0 > [] smack_d_instantiate+0x194/0x324 > [] security_d_instantiate+0x24/0x30 > [] d_instantiate_new+0x34/0x94 > [] ext4_mkdir+0x284/0x354 > [] vfs_mkdir+0xc0/0x150 > [] SyS_mkdirat+0x88/0xb8 > [] SyS_mkdir+0x18/0x20 > Code: aa0003f3 b00017c0 912e1000 97e38943 (c85f7e60) > ---[ end trace b1ad797d63dae9c5 ]--- > > It is because d_instantiate_new() added from above commit calls > security_d_instantiate() before calling __d_instantiate() and > dentry->d_inode is not yet set and null. In 3.18.113 kernel, > inode->i_op_getxattr() of ext4 is still generic_getxattr() and it only > has dentry parameter without inode, so it tries to access dentry->d_inode. > > I did not test with selinux, but selinux also calls > inode->i_op_getxattr() from selinux_d_instantiate(), so maybe there is > also same issue. So should I revert something or do you have a proposed fix for this? thanks, greg k-h