shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-03 17:51:57 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
v3.10.59
linux/fs
History
Chao Yu f52c88e8e1 ecryptfs: avoid to access NULL pointer when write metadata in xattr 
commit 35425ea249 upstream.

Christopher Head 2014-06-28 05:26:20 UTC described:
"I tried to reproduce this on 3.12.21. Instead, when I do "echo hello > foo"
in an ecryptfs mount with ecryptfs_xattr specified, I get a kernel crash:

BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
PGD d7840067 PUD b2c3c067 PMD 0
Oops: 0002 [#1] SMP
Modules linked in: nvidia(PO)
CPU: 3 PID: 3566 Comm: bash Tainted: P           O 3.12.21-gentoo-r1 #2
Hardware name: ASUSTek Computer Inc. G60JX/G60JX, BIOS 206 03/15/2010
task: ffff8801948944c0 ti: ffff8800bad70000 task.ti: ffff8800bad70000
RIP: 0010:[<ffffffff8110eb39>]  [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
RSP: 0018:ffff8800bad71c10  EFLAGS: 00010246
RAX: 00000000000181a4 RBX: ffff880198648480 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffff880172010450 RDI: 0000000000000000
RBP: ffff880198490e40 R08: 0000000000000000 R09: 0000000000000000
R10: ffff880172010450 R11: ffffea0002c51e80 R12: 0000000000002000
R13: 000000000000001a R14: 0000000000000000 R15: ffff880198490e40
FS:  00007ff224caa700(0000) GS:ffff88019fcc0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000bb07f000 CR4: 00000000000007e0
Stack:
ffffffff811826e8 ffff8800a39d8000 0000000000000000 000000000000001a
ffff8800a01d0000 ffff8800a39d8000 ffffffff81185fd5 ffffffff81082c2c
00000001a39d8000 53d0abbc98490e40 0000000000000037 ffff8800a39d8220
Call Trace:
[<ffffffff811826e8>] ? ecryptfs_setxattr+0x40/0x52
[<ffffffff81185fd5>] ? ecryptfs_write_metadata+0x1b3/0x223
[<ffffffff81082c2c>] ? should_resched+0x5/0x23
[<ffffffff8118322b>] ? ecryptfs_initialize_file+0xaf/0xd4
[<ffffffff81183344>] ? ecryptfs_create+0xf4/0x142
[<ffffffff810f8c0d>] ? vfs_create+0x48/0x71
[<ffffffff810f9c86>] ? do_last.isra.68+0x559/0x952
[<ffffffff810f7ce7>] ? link_path_walk+0xbd/0x458
[<ffffffff810fa2a3>] ? path_openat+0x224/0x472
[<ffffffff810fa7bd>] ? do_filp_open+0x2b/0x6f
[<ffffffff81103606>] ? __alloc_fd+0xd6/0xe7
[<ffffffff810ee6ab>] ? do_sys_open+0x65/0xe9
[<ffffffff8157d022>] ? system_call_fastpath+0x16/0x1b
RIP  [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
RSP <ffff8800bad71c10>
CR2: 0000000000000000
---[ end trace df9dba5f1ddb8565 ]---"

If we create a file when we mount with ecryptfs_xattr_metadata option, we will
encounter a crash in this path:
->ecryptfs_create
  ->ecryptfs_initialize_file
    ->ecryptfs_write_metadata
      ->ecryptfs_write_metadata_to_xattr
        ->ecryptfs_setxattr
          ->fsstack_copy_attr_all
It's because our dentry->d_inode used in fsstack_copy_attr_all is NULL, and it
will be initialized when ecryptfs_initialize_file finish.

So we should skip copying attr from lower inode when the value of ->d_inode is
invalid.

Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-10-30 09:35:13 -07:00
..
9p
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
adfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
affs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
afs
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
autofs4
autofs - remove autofs dentry mount check
2013-05-06 13:06:59 -07:00
befs
befs_readdir(): do not increment ->f_pos if filldir tells us to stop
2013-05-31 15:17:56 -04:00
bfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
btrfs
Btrfs: fix race in WAIT_SYNC ioctl
2014-10-30 09:35:09 -07:00
cachefiles
lift sb_start_write() out of ->write()
2013-04-09 14:12:56 -04:00
ceph
ceph: allow sync_read/write return partial successed size of read/write.
2014-01-09 12:24:25 -08:00
cifs
CIFS: Fix SMB2 readdir error handling
2014-10-05 14:54:11 -07:00
coda
lift sb_start_write() out of ->write()
2013-04-09 14:12:56 -04:00
configfs
configfs: fix race between dentry put and lookup
2013-11-29 11:11:53 -08:00
cramfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
debugfs
debugfs: debugfs_remove_recursive() must not rely on list_empty(d_subdirs)
2013-08-14 22:59:10 -07:00
devpts
devpts: plug the memory leak in kill_sb
2013-12-04 10:55:49 -08:00
dlm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2013-05-01 14:08:52 -07:00
ecryptfs
ecryptfs: avoid to access NULL pointer when write metadata in xattr
2014-10-30 09:35:13 -07:00
efivarfs
efivarfs: Never return ENOENT from firmware again
2013-05-13 20:12:10 +01:00
efs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
exofs
ore: Fix wrong math in allocation of per device BIO
2014-02-13 13:48:00 -08:00
exportfs
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
ext2
ext2: Fix fs corruption in ext2_get_xip_mem()
2014-10-05 14:54:15 -07:00
ext3
ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree()
2013-07-21 18:21:23 -07:00
ext4
ext4: fix BUG_ON in mb_free_blocks()
2014-09-05 16:28:36 -07:00
f2fs
Merge tag 'f2fs-for-v3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
2013-05-08 15:11:48 -07:00
fat
fat: fix possible overflow for fat_clusters
2013-05-24 16:22:50 -07:00
freevxfs
fs: Readd the fs module aliases.
2013-03-12 18:55:21 -07:00
fscache
fs/fscache/stats.c: fix memory leak
2013-04-29 15:54:27 -07:00
fuse
fuse: handle large user and group ID
2014-07-28 08:00:02 -07:00
gfs2
GFS2: Increase i_writecount during gfs2_setattr_chown
2014-01-25 08:27:11 -08:00
hfs
hfs: avoid crash in hfs_bnode_create
2013-05-24 16:22:51 -07:00
hfsplus
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
hostfs
hostfs: use kmalloc instead of kzalloc
2013-05-04 15:48:45 -04:00
hpfs
hpfs: better test for errors
2013-07-13 11:42:26 -07:00
hppfs
hppfs: get rid of ->fsync()
2013-04-29 15:41:42 -04:00
hugetlbfs
cope with potentially long ->d_dname() output for shmem/hugetlb
2013-10-18 07:45:45 -07:00
isofs
isofs: Fix unbounded recursion when processing relocated directories
2014-09-05 16:28:34 -07:00
jbd
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2013-05-03 09:56:25 -07:00
jbd2
jbd2: fix infinite loop when recovering corrupt journal blocks
2014-09-05 16:28:36 -07:00
jffs2
jffs2: remove from wait queue after schedule()
2014-04-26 17:15:36 -07:00
jfs
jfs: fix error path in ialloc
2013-11-13 12:05:31 +09:00
lockd
lockd: fix rpcbind crash on lockd startup failure
2014-10-05 14:54:13 -07:00
logfs
block: Remove bi_idx references
2013-03-23 14:15:31 -07:00
minix
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
ncpfs
ncpfs: fix rmdir returns Device or resource busy
2013-06-07 12:15:38 -04:00
nfs
NFSv4.1: Fix an NFSv4.1 state renewal regression
2014-10-30 09:35:11 -07:00
nfs_common
nfs_common: Update the translation between nfsv3 acls linux posix acls
2013-02-13 06:15:14 -08:00
nfsd
svcrdma: Select NFSv4.1 backchannel transport based on forward channel
2014-09-05 16:28:37 -07:00
nilfs2
nilfs2: fix data loss with mmap()
2014-10-05 14:54:14 -07:00
nls
notify
fanotify: enable close-on-exec on events' fd when requested in fanotify_init()
2014-10-30 09:35:12 -07:00
ntfs
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
ocfs2
ocfs2/dlm: do not get resource spinlock if lockres is new
2014-10-05 14:54:14 -07:00
omfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
openpromfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
proc
CAPABILITIES: remove undefined caps from all processes
2014-09-17 09:03:57 -07:00
pstore
Merge tag 'please-pull-pstore' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux
2013-05-09 16:42:10 -07:00
qnx4
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
qnx6
qnx6: qnx6_readdir() has a braino in pos calculation
2013-05-31 15:17:31 -04:00
quota
quota: Fix race between dqput() and dquot_scan_active()
2014-03-06 21:30:12 -08:00
ramfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-02-26 20:16:07 -08:00
reiserfs
reiserfs: call truncate_setsize under tailpack mutex
2014-07-06 18:54:15 -07:00
romfs
romfs: fix nommu map length to keep inside filesystem
2013-04-29 09:17:57 +10:00
squashfs
fs: Limit sys_mount to only request filesystem modules. (Part 3)
2013-03-11 07:09:48 -07:00
sysfs
sysfs: check if one entry has been removed before freeing
2013-04-05 15:35:52 -07:00
sysv
sysv: Add forgotten superblock lock init for v7 fs
2013-10-05 07:13:09 -07:00
ubifs
UBIFS: Remove incorrect assertion in shrink_tnc()
2014-07-06 18:54:13 -07:00
udf
udf: Avoid infinite loop when processing indirect ICBs
2014-10-09 12:18:42 -07:00
ufs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2013-04-30 09:36:50 -07:00
xfs
xfs: don't zero partial page cache pages during O_DIRECT writes
2014-09-17 09:04:01 -07:00
aio.c
aio: fix kernel memory disclosure in io_getevents() introduced in v3.10
2014-06-30 20:09:45 -07:00
anon_inodes.c
get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
2013-02-26 02:46:11 -05:00
attr.c
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2014-06-16 13:42:52 -07:00
bad_inode.c
binfmt_aout.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
binfmt_elf_fdpic.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
2013-05-02 10:16:16 -07:00
binfmt_elf.c
fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from Oopsing
2013-10-13 16:08:31 -07:00
binfmt_em86.c
binfmt_flat.c
new helper: read_code()
2013-04-29 15:40:23 -04:00
binfmt_misc.c
binfmt_misc: reuse string_unescape_inplace()
2013-04-30 17:04:03 -07:00
binfmt_script.c
exec: do not leave bprm->interp on stack
2012-12-20 17:40:19 -08:00
binfmt_som.c
bio-integrity.c
bio-integrity: Fix bio_integrity_verify segment start bug
2014-03-23 21:38:21 -07:00
bio.c
block: Fix bio_copy_data()
2013-10-05 07:13:09 -07:00
block_dev.c
writeback: Fix periodic writeback after fs mount
2013-07-28 16:29:40 -07:00
buffer.c
Fix nasty 32-bit overflow bug in buffer i/o code.
2014-10-05 14:54:14 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
Removed unused typedef to avoid "unused local typedef" warnings.
2013-05-04 15:03:05 -04:00
compat.c
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
coredump.c
coredump: fix the setting of PF_DUMPCORE
2014-07-31 12:53:50 -07:00
coredump.h
dcache.c
vfs: fix bad hashing of dentries
2014-09-17 09:04:02 -07:00
dcookies.c
fs/compat: fix lookup_dcookie() parameter handling
2014-02-13 13:48:00 -08:00
direct-io.c
Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block
2013-05-08 10:13:35 -07:00
drop_caches.c
eventfd.c
eventpoll.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-05-01 07:21:43 -07:00
exec.c
metag: Reduce maximum stack size to 256MB
2014-06-07 13:25:38 -07:00
fcntl.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
fhandle.c
Merge branch 'for-3.8' of git://linux-nfs.org/~bfields/linux
2012-12-20 14:04:11 -08:00
file_table.c
don't bother with {get,put}_write_access() on non-regular files
2014-05-30 21:52:12 -07:00
file.c
fs/file.c:fdtable: avoid triggering OOMs from alloc_fdmem
2014-02-22 12:41:25 -08:00
filesystems.c
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
fs_struct.c
constify path_get/path_put and fs_struct.c stuff
2013-03-01 23:51:07 -05:00
fs-writeback.c
bdi: avoid oops on device removal
2014-04-26 17:15:35 -07:00
generic_acl.c
inode.c
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2014-06-16 13:42:52 -07:00
internal.h
splice: don't pass the address of ->f_pos to methods
2013-06-20 19:02:45 +04:00
ioctl.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
ioprio.c
Kconfig
efivarfs: Move to fs/efivarfs
2013-04-17 13:25:09 +01:00
Kconfig.binfmt
fs: make binfmt support for #! scripts modular and removable
2013-04-30 17:04:04 -07:00
libfs.c
vfs: drop vmtruncate
2012-12-20 18:46:29 -05:00
locks.c
locks: allow __break_lease to sleep even when break_time is 0
2014-05-13 13:59:44 +02:00
Makefile
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
mbcache.c
mount.h
vfs: Is mounted should be testing mnt_ns for NULL or error.
2014-02-06 11:08:16 -08:00
mpage.c
namei.c
vfs: fix bad hashing of dentries
2014-09-17 09:04:02 -07:00
namespace.c
fs: Add a missing permission check to do_umount
2014-10-30 09:35:09 -07:00
no-block.c
open.c
don't bother with {get,put}_write_access() on non-regular files
2014-05-30 21:52:12 -07:00
pipe.c
vfs: fix subtle use-after-free of pipe_inode_info
2013-12-11 22:36:26 -08:00
pnode.c
vfs: Fix invalid ida_remove() call
2013-05-31 15:16:33 -04:00
pnode.h
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
posix_acl.c
posix_acl: handle NULL ACL in posix_acl_equiv_mode
2014-06-07 13:25:33 -07:00
proc_namespace.c
read_write.c
fs/compat: fix parameter handling for compat readv/writev syscalls
2014-02-13 13:48:00 -08:00
readdir.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
select.c
sched/rt: Move rt specific bits into new header file
2013-02-07 20:51:08 +01:00
seq_file.c
seq_file: always update file->f_pos in seq_lseek()
2013-11-13 12:05:34 +09:00
signalfd.c
switch signalfd{,4}() to COMPAT_SYSCALL_DEFINE
2013-03-03 22:58:46 -05:00
splice.c
fuse: fix pipe_buf_operations
2014-02-13 13:47:59 -08:00
stack.c
stat.c
switch vfs_getattr() to struct path
2013-02-26 02:46:08 -05:00
statfs.c
vfs: allow O_PATH file descriptors for fstatfs()
2013-10-18 07:45:44 -07:00
super.c
livelock avoidance in sget()
2013-08-04 16:51:15 +08:00
sync.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
timerfd.c
compat: restore timerfd settime and gettime compat syscalls
2013-03-02 09:35:13 -05:00
utimes.c
vfs: allow utimensat() calls to retry once on an ESTALE error
2012-12-20 18:50:08 -05:00
xattr_acl.c
xattr.c
vfs: make lremovexattr retry once on ESTALE error
2012-12-20 18:50:11 -05:00