renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-29 15:43:59 +08:00
Code
ae284d87ab
linux-next/fs/f2fs
History
Jamie Iles ae284d87ab f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info 
syzkaller found that with CONFIG_DEBUG_KOBJECT_RELEASE=y, unmounting an
f2fs filesystem could result in the following splat:

  kobject: 'loop5' ((____ptrval____)): kobject_release, parent 0000000000000000 (delayed 250)
  kobject: 'f2fs_xattr_entry-7:5' ((____ptrval____)): kobject_release, parent 0000000000000000 (delayed 750)
  ------------[ cut here ]------------
  ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x98
  WARNING: CPU: 0 PID: 699 at lib/debugobjects.c:485 debug_print_object+0x180/0x240
  Kernel panic - not syncing: panic_on_warn set ...
  CPU: 0 PID: 699 Comm: syz-executor.5 Tainted: G S                5.9.0-rc8+ #101
  Hardware name: linux,dummy-virt (DT)
  Call trace:
   dump_backtrace+0x0/0x4d8
   show_stack+0x34/0x48
   dump_stack+0x174/0x1f8
   panic+0x360/0x7a0
   __warn+0x244/0x2ec
   report_bug+0x240/0x398
   bug_handler+0x50/0xc0
   call_break_hook+0x160/0x1d8
   brk_handler+0x30/0xc0
   do_debug_exception+0x184/0x340
   el1_dbg+0x48/0xb0
   el1_sync_handler+0x170/0x1c8
   el1_sync+0x80/0x100
   debug_print_object+0x180/0x240
   debug_check_no_obj_freed+0x200/0x430
   slab_free_freelist_hook+0x190/0x210
   kfree+0x13c/0x460
   f2fs_put_super+0x624/0xa58
   generic_shutdown_super+0x120/0x300
   kill_block_super+0x94/0xf8
   kill_f2fs_super+0x244/0x308
   deactivate_locked_super+0x104/0x150
   deactivate_super+0x118/0x148
   cleanup_mnt+0x27c/0x3c0
   __cleanup_mnt+0x28/0x38
   task_work_run+0x10c/0x248
   do_notify_resume+0x9d4/0x1188
   work_pending+0x8/0x34c

Like the error handling for f2fs_register_sysfs(), we need to wait for
the kobject to be destroyed before returning to prevent a potential
use-after-free.

Fixes: bf9e697ecd ("f2fs: expose features to sysfs entry")
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Chao Yu <chao@kernel.org>
Signed-off-by: Jamie Iles <jamie@nuviainc.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2020-10-14 13:23:30 -07:00
..
acl.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
acl.h f2fs: Use the correct style for SPDX License Identifier 2020-05-08 06:55:55 -07:00
checkpoint.c f2fs: handle errors of f2fs_get_meta_page_nofail 2020-10-13 23:23:29 -07:00
compress.c f2fs: fix slab leak of rpages pointer 2020-09-29 09:16:36 -07:00
data.c f2fs: introduce check_swap_activate_fast() 2020-10-13 23:23:34 -07:00
debug.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
dir.c f2fs: fix uninit-value in f2fs_lookup 2020-09-29 02:12:41 -07:00
extent_cache.c f2fs: support 64-bits key in f2fs rb-tree node entry 2020-09-10 14:03:30 -07:00
f2fs.h f2fs: handle errors of f2fs_get_meta_page_nofail 2020-10-13 23:23:29 -07:00
file.c f2fs: fix writecount false positive in releasing compress blocks 2020-10-13 23:23:34 -07:00
gc.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
gc.h f2fs: support age threshold based garbage collection 2020-09-11 11:11:15 -07:00
hash.c f2fs-for-5.8-rc1 2020-06-09 11:28:59 -07:00
inline.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
inode.c f2fs: fix to set SBI_NEED_FSCK flag for inconsistent inode 2020-10-09 10:29:31 -07:00
Kconfig f2fs: compress: support lzo-rle compress algorithm 2020-05-11 20:36:46 -07:00
Makefile f2fs: support data compression 2020-01-17 16:48:07 -08:00
namei.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
node.c f2fs: handle errors of f2fs_get_meta_page_nofail 2020-10-13 23:23:29 -07:00
node.h f2fs: shrink spinlock coverage 2020-05-11 20:36:46 -07:00
recovery.c f2fs: fix error path in do_recover_data() 2020-07-08 10:11:19 -07:00
segment.c f2fs: don't issue flush in f2fs_flush_device_cache() for nobarrier case 2020-10-13 23:23:34 -07:00
segment.h f2fs: fix wrong total_sections check and fsmeta check 2020-09-29 01:48:34 -07:00
shrinker.c f2fs: fix inconsistent comments 2020-03-10 09:18:33 -07:00
super.c f2fs: compress: introduce cic/dic slab cache 2020-09-29 09:16:36 -07:00
sysfs.c f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info 2020-10-14 13:23:30 -07:00
trace.c f2fs: do not use mutex lock in atomic context 2019-03-05 19:58:06 -08:00
trace.h f2fs: Use the correct style for SPDX License Identifier 2020-05-08 06:55:55 -07:00
verity.c f2fs: use macro instead of f2fs verity version 2020-08-03 10:32:51 -07:00
xattr.c f2fs: clean up kvfree 2020-09-14 11:15:37 -07:00
xattr.h f2fs: code cleanup by removing ifdef macro surrounding 2020-05-26 18:56:10 -07:00