Commit 598f4716 authored by Jann Horn's avatar Jann Horn Committed by liwei
Browse files

fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected 

mainline inclusion
from mainline-v6.3-rc1
commit 47d58691
category: performance
bugzilla: https://gitee.com/openeuler/kernel/issues/IA5PIS
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47d586913f2abec4d240bae33417f537fda987ec



--------------------------------

Currently, filp_close() and generic_shutdown_super() use printk() to log
messages when bugs are detected. This is problematic because infrastructure
like syzkaller has no idea that this message indicates a bug.
In addition, some people explicitly want their kernels to BUG() when kernel
data corruption has been detected (CONFIG_BUG_ON_DATA_CORRUPTION).
And finally, when generic_shutdown_super() detects remaining inodes on a
system without CONFIG_BUG_ON_DATA_CORRUPTION, it would be nice if later
accesses to a busy inode would at least crash somewhat cleanly rather than
walking through freed memory.

To address all three, use CHECK_DATA_CORRUPTION() when kernel bugs are
detected.

Signed-off-by: default avatarJann Horn <jannh@google.com>
Reviewed-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>

Conflicts:
	include/linux/poison.h
Signed-off-by: default avatarliwei <liwei728@huawei.com>
parent 67f42125

fs/open.c

+3 −2
Original line number Diff line number Diff line
@@ -1285,8 +1285,9 @@ int filp_close(struct file *filp, fl_owner_t id) 
{

	int retval = 0;



	if (!file_count(filp)) {

		printk(KERN_ERR "VFS: Close: file count is 0\n");

	if (CHECK_DATA_CORRUPTION(file_count(filp) == 0,

			"VFS: Close: file count is 0 (f_op=%ps)",

			filp->f_op)) {

		return 0;

	}

fs/super.c

+17 −4
Original line number Diff line number Diff line
@@ -465,10 +465,23 @@ void generic_shutdown_super(struct super_block *sb) 
		if (sop->put_super)

			sop->put_super(sb);



		if (!list_empty(&sb->s_inodes)) {

			printk("VFS: Busy inodes after unmount of %s. "

			   "Self-destruct in 5 seconds.  Have a nice day...\n",

			   sb->s_id);

		if (CHECK_DATA_CORRUPTION(!list_empty(&sb->s_inodes),

				"VFS: Busy inodes after unmount of %s (%s)",

				sb->s_id, sb->s_type->name)) {

			/*

			 * Adding a proper bailout path here would be hard, but

			 * we can at least make it more likely that a later

			 * iput_final() or such crashes cleanly.

			 */

			struct inode *inode;



			spin_lock(&sb->s_inode_list_lock);

			list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {

				inode->i_op = VFS_PTR_POISON;

				inode->i_sb = VFS_PTR_POISON;

				inode->i_mapping = VFS_PTR_POISON;

			}

			spin_unlock(&sb->s_inode_list_lock);

		}

	}

	spin_lock(&sb_lock);

include/linux/poison.h

+3 −0
Original line number Diff line number Diff line
@@ -85,4 +85,7 @@ 
/********** net/core/page_pool.c **********/

#define PP_SIGNATURE		(0x40 + POISON_POINTER_DELTA)



/********** VFS **********/

#define VFS_PTR_POISON ((void *)(0xF5 + POISON_POINTER_DELTA))



#endif