Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp8376pja; Fri, 22 Nov 2019 02:43:48 -0800 (PST) X-Google-Smtp-Source: APXvYqxUrxle5F/kh8WPGAaufsG614gfYShmoo3El8hAtG3vW5OXcao3v3Dmyicigtr1tRDJo0Xw X-Received: by 2002:a50:b685:: with SMTP id d5mr220695ede.276.1574419428747; Fri, 22 Nov 2019 02:43:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574419428; cv=none; d=google.com; s=arc-20160816; b=J78oKjR8O20WN4oeyx+tXqILDZmRlepHSmuQDom5BA8R/Yi1YLPRCyVgZYmlB8otgF qP7TaHfapRQ3xlW7qfF4HbNMFt71UytkHHIWDpgut/S7g5GSFVM0YZtaxch3Z8j/ZWwY DB8teU/bofF2z5czXD48OW2AkwmycyBpxyIphZH+YydpFiEM451UtfRbVqOKEchcZ1+4 yxHGOlWLJULUW4LaX68tC9p4mUGzSp6iYwinqpH4oKFwVRXwM1DOq+QfGkqt59Pw8BYJ lGej/q1iBnAWUlSYHsQh5rD9cT18EURyWbqYwqtD+4Rh1tvO5ClWQShVUjU3pUuIxXhB bGAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/HoAqhWurBUaDt1udvh5V9ZFgSNmHkfFotPUQtV8ouI=; b=DkxnsbyYJTp36SDiYHiATUkXTW3Ug+Y7y3nirqFoXnS1HLyQOK4cF5qAzJJ+F7QpyK bSy2/VJwzVHcjs02loZHLWX/F+pFMINKxHXasW/Y8AVjAD4rr8LfAsFqw0EI4orEdaIk UAmjV0f8CFOINA4ROnuzBuBIlNBfoT0c7KOdhpsdP8+DzBQcRT8SGS69uBFljnZBNdY2 j9YgcvMo8ZgpZu4mNYH13Eg4EPX9JvF/QHqcccnh7fhjLZi+IIoMzPXzJGttbOmU/kWc +/xdCEtWkA4GJAVS/MyXQc0b/yh1HCFFWviH0kJMqVDxLQW+3tQU1RDujKddKbdYxtBP AQsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G/cXFOo0"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l10si4621178edk.212.2019.11.22.02.43.25; Fri, 22 Nov 2019 02:43:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="G/cXFOo0"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728731AbfKVKjB (ORCPT + 99 others); Fri, 22 Nov 2019 05:39:01 -0500 Received: from mail.kernel.org ([198.145.29.99]:41730 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728729AbfKVKi7 (ORCPT ); Fri, 22 Nov 2019 05:38:59 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2424620718; Fri, 22 Nov 2019 10:38:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574419138; bh=jHCaCThgU4X31QvfveZ85LoX6zHx6CKBd0KHw9g/OJs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G/cXFOo0DaaFfRe9kBZ8NkXsybmcKAr0ozgEKgnpVrp0hHLX+w+ly/r3OE9S6S0VR C32DA9Thhud/O4ghKtbaKdSqXbSMcKE/rpeSwfpBlfrqLfzGSXRTk4ZEzwHGhToeSk AHNCfhAETL3gokvubJ6WkflZkG0gd7LKLPfigKcs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Al Viro Subject: [PATCH 4.9 011/222] ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either Date: Fri, 22 Nov 2019 11:25:51 +0100 Message-Id: <20191122100832.981895986@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100830.874290814@linuxfoundation.org> References: <20191122100830.874290814@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Al Viro commit 762c69685ff7ad5ad7fee0656671e20a0c9c864d upstream. We need to get the underlying dentry of parent; sure, absent the races it is the parent of underlying dentry, but there's nothing to prevent losing a timeslice to preemtion in the middle of evaluation of lower_dentry->d_parent->d_inode, having another process move lower_dentry around and have its (ex)parent not pinned anymore and freed on memory pressure. Then we regain CPU and try to fetch ->d_inode from memory that is freed by that point. dentry->d_parent *is* stable here - it's an argument of ->lookup() and we are guaranteed that it won't be moved anywhere until we feed it to d_add/d_splice_alias. So we safely go that way to get to its underlying dentry. Cc: stable@vger.kernel.org # since 2009 or so Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- fs/ecryptfs/inode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -326,9 +326,9 @@ static int ecryptfs_i_size_read(struct d static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry, struct dentry *lower_dentry) { + struct path *path = ecryptfs_dentry_to_lower_path(dentry->d_parent); struct inode *inode, *lower_inode; struct ecryptfs_dentry_info *dentry_info; - struct vfsmount *lower_mnt; int rc = 0; dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL); @@ -340,13 +340,12 @@ static struct dentry *ecryptfs_lookup_in return ERR_PTR(-ENOMEM); } - lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); fsstack_copy_attr_atime(d_inode(dentry->d_parent), - d_inode(lower_dentry->d_parent)); + d_inode(path->dentry)); BUG_ON(!d_count(lower_dentry)); ecryptfs_set_dentry_private(dentry, dentry_info); - dentry_info->lower_path.mnt = lower_mnt; + dentry_info->lower_path.mnt = mntget(path->mnt); dentry_info->lower_path.dentry = lower_dentry; /*