korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
6379b44cdc
linux/fs/ubifs
History
Zhihao Cheng 6379b44cdc ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path 
For error handling path in ubifs_symlink(), inode will be marked as
bad first, then iput() is invoked. If inode->i_link is initialized by
fscrypt_encrypt_symlink() in encryption scenario, inode->i_link won't
be freed by callchain ubifs_free_inode -> fscrypt_free_inode in error
handling path, because make_bad_inode() has changed 'inode->i_mode' as
'S_IFREG'.
Following kmemleak is easy to be reproduced by injecting error in
ubifs_jnl_update() when doing symlink in encryption scenario:
 unreferenced object 0xffff888103da3d98 (size 8):
  comm "ln", pid 1692, jiffies 4294914701 (age 12.045s)
  backtrace:
   kmemdup+0x32/0x70
   __fscrypt_encrypt_symlink+0xed/0x1c0
   ubifs_symlink+0x210/0x300 [ubifs]
   vfs_symlink+0x216/0x360
   do_symlinkat+0x11a/0x190
   do_syscall_64+0x3b/0xe0
There are two ways fixing it:
 1. Remove make_bad_inode() in error handling path. We can do that
    because ubifs_evict_inode() will do same processes for good
    symlink inode and bad symlink inode, for inode->i_nlink checking
    is before is_bad_inode().
 2. Free inode->i_link before marking inode bad.
Method 2 is picked, it has less influence, personally, I think.

Cc: stable@vger.kernel.org
Fixes: 2c58d548f5 ("fscrypt: cache decrypted symlink target in ->i_link")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Suggested-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2024-02-25 21:40:39 +01:00
..
auth.c ubifs: auth.c: fix kernel-doc function prototype warning 2024-01-05 16:34:39 +01:00
budget.c ubifs: Reserve one leb for each journal head while doing budget 2023-02-02 21:13:40 +01:00
commit.c ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex 2024-01-05 17:03:41 +01:00
compress.c ubifs: Remove return in compr_exit() 2023-04-21 22:31:03 +02:00
crypto.c fscrypt: make the bounce page pool opt-in instead of opt-out 2023-09-24 23:03:09 -07:00
debug.c ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed 2024-02-25 21:40:11 +01:00
debug.h ubifs: ubifs_dump_sleb: Remove unused function 2020-12-13 22:12:38 +01:00
dir.c ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path 2024-02-25 21:40:39 +01:00
file.c ubifs: Convert populate_page() to take a folio 2024-02-25 21:08:02 +01:00
find.c ubifs: fix function pointer cast warnings 2024-02-25 21:22:21 +01:00
gc.c ubifs: read-only if LEB may always be taken in ubifs_garbage_collect 2021-12-23 22:30:38 +01:00
io.c ubifs: Fix kernel-doc 2023-02-02 21:13:53 +01:00
ioctl.c ubifs: convert to ctime accessor functions 2023-07-24 10:30:05 +02:00
journal.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
Kconfig fscrypt: Allow modular crypto algorithms 2019-12-31 10:33:51 -06:00
key.h ubifs: allow both hash and disk name to be provided in no-key names 2020-01-22 14:49:56 -08:00
log.c ubifs: remove unnecessary check in ubifs_log_start_commit 2019-07-08 19:43:51 +02:00
lprops.c ubifs: fix function pointer cast warnings 2024-02-25 21:22:21 +01:00
lpt_commit.c ubifs: Remove unreachable code in dbg_check_ltab_lnum 2024-02-25 21:29:30 +01:00
lpt.c ubifs: Fix the printing type of c->big_lpt 2020-12-13 21:57:10 +01:00
Makefile ubifs: Export filesystem error counters 2021-12-23 20:23:42 +01:00
master.c ubifs: Fix spelling mistakes 2021-06-22 09:21:39 +02:00
misc.c ubifs: Allow setting assert action as mount parameter 2018-08-15 00:25:21 +02:00
misc.h ubifs: misc.h: delete a duplicated word 2020-08-02 22:59:03 +02:00
orphan.c ubifs: Pass node length in all node dumping callers 2020-12-13 22:12:32 +01:00
recovery.c ubifs: Pass node length in all node dumping callers 2020-12-13 22:12:32 +01:00
replay.c ubifs: describe function parameters 2024-01-05 16:35:25 +01:00
sb.c ubifs: Default to zstd compression 2021-04-15 22:00:26 +02:00
scan.c ubifs: Pass node length in all node dumping callers 2020-12-13 22:12:32 +01:00
shrinker.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
super.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
sysfs.c ubifs: make kobj_type structures constant 2023-02-13 22:29:54 +01:00
tnc_commit.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
tnc_misc.c ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed 2024-02-25 21:40:11 +01:00
tnc.c ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed 2024-02-25 21:40:11 +01:00
ubifs-media.h ubifs: Add support for zstd compression. 2019-07-08 19:43:53 +02:00
ubifs.h ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed 2024-02-25 21:40:11 +01:00
xattr.c ubifs: move ubifs_xattr_handlers to .rodata 2023-10-10 13:49:20 +02:00