Commit 97c0a3d6 authored by Kees Cook's avatar Kees Cook Committed by Yang Yingliang
Browse files

pstore: inode: Only d_invalidate() is needed 

mainline inclusion
from mainline-v6.9-rc1
commit a43e0fc5e9134a46515de2f2f8d4100b74e50de3
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9IG
CVE: CVE-2024-27389

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a43e0fc5e9134a46515de2f2f8d4100b74e50de3



--------------------------------

Unloading a modular pstore backend with records in pstorefs would
trigger the dput() double-drop warning:

  WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

Using the combo of d_drop()/dput() (as mentioned in
Documentation/filesystems/vfs.rst) isn't the right approach here, and
leads to the reference counting problem seen above. Use d_invalidate()
and update the code to not bother checking for error codes that can
never happen.

Suggested-by: default avatarAlexander Viro <viro@zeniv.linux.org.uk>
Fixes: 609e28bb ("pstore: Remove filesystem records when backend is unregistered")
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Conflicts:
	fs/pstore/inode.c
[yyl: adjust context]
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 93f42c5d

fs/pstore/inode.c

+3 −7
Original line number Diff line number Diff line
@@ -312,7 +312,6 @@ int pstore_put_backend_records(struct pstore_info *psi) 
{

	struct pstore_private *pos, *tmp;

	struct dentry *root;

	int rc = 0;



	root = psinfo_lock_root();

	if (!root)
@@ -322,11 +321,8 @@ int pstore_put_backend_records(struct pstore_info *psi) 
	list_for_each_entry_safe(pos, tmp, &records_list, list) {

		if (pos->record->psi == psi) {

			list_del_init(&pos->list);

			rc = simple_unlink(d_inode(root), pos->dentry);

			if (WARN_ON(rc))

				break;

			d_drop(pos->dentry);

			dput(pos->dentry);

			d_invalidate(pos->dentry);

			simple_unlink(d_inode(root), pos->dentry);

			pos->dentry = NULL;

		}

	}
@@ -334,7 +330,7 @@ int pstore_put_backend_records(struct pstore_info *psi) 


	inode_unlock(d_inode(root));



	return rc;

	return 0;

}



/*