From: Greg KH <gregkh@linuxfoundation.org>
To: Seung-Woo Kim <sw0312.kim@samsung.com>
Cc: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
torvalds@linux-foundation.org, stable@vger.kernel.org,
lwn@lwn.net, Jiri Slaby <jslaby@suse.cz>
Subject: Re: Linux 3.18.111
Date: Tue, 3 Jul 2018 06:36:55 +0200 [thread overview]
Message-ID: <20180703043655.GA9793@kroah.com> (raw)
In-Reply-To: <20180703032456epcas1p29c4570ae3f6bb3f8d7c2d475e1ba4658~9vfIpgNT51989519895epcas1p2d@epcas1p2.samsung.com>
On Tue, Jul 03, 2018 at 12:24:59PM +0900, Seung-Woo Kim wrote:
> Hello,
>
> On 2018년 05월 30일 16:32, Greg KH wrote:
> > I'm announcing the release of the 3.18.111 kernel.
> >
> > All users of the 3.18 kernel series must upgrade.
> >
> > The updated 3.18.y git tree can be found at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y
> > and can be browsed at the normal kernel.org git web browser:
> > http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
> >
> > thanks,
> >
> > greg k-h
> >
> > ------------
>
> <snip.>
>
> > do d_instantiate/unlock_new_inode combinations safely
>
> Recent my test in 3.18.113 kernel with security smack showed following
> crash during mkdir on ext4 fs.
>
> Unable to handle kernel paging request at virtual address ffffffffffffff98
> pgd = ffffffc012411000
> [ffffffffffffff98] *pgd=0000000000000000, *pud=0000000000000000
> ------------[ cut here ]------------
> Kernel BUG at ffffffc0007d9430 [verbose debug info unavailable]
> Internal error: Oops - BUG: 96000005 [#1] PREEMPT SMP
> CPU: 0 MPIDR: 80000000 PID: 1237 Comm: mkdir Not tainted
> 3.18.113-00083-g1bfc02f-dirty #29-Tizen
> task: ffffffc02cbc2340 ti: ffffffc02b7fc000 task.ti: ffffffc02b7fc000
> PC is at down_read+0x24/0x54
> LR is at down_read+0x24/0x54
> [...]
> Call trace:
> [<ffffffc0007d9430>] down_read+0x24/0x54
> [<ffffffc00022ff64>] ext4_xattr_get+0x74/0x1f4
> [<ffffffc000234838>] ext4_xattr_security_get+0x28/0x38
> [<ffffffc0001ab9f0>] generic_getxattr+0x4c/0x60
> [<ffffffc0002786a0>] smk_fetch.isra.6+0x8c/0xe0
> [<ffffffc000278888>] smack_d_instantiate+0x194/0x324
> [<ffffffc000273794>] security_d_instantiate+0x24/0x30
> [<ffffffc00019edf4>] d_instantiate_new+0x34/0x94
> [<ffffffc0002046b4>] ext4_mkdir+0x284/0x354
> [<ffffffc0001959bc>] vfs_mkdir+0xc0/0x150
> [<ffffffc00019a108>] SyS_mkdirat+0x88/0xb8
> [<ffffffc00019a150>] SyS_mkdir+0x18/0x20
> Code: aa0003f3 b00017c0 912e1000 97e38943 (c85f7e60)
> ---[ end trace b1ad797d63dae9c5 ]---
>
> It is because d_instantiate_new() added from above commit calls
> security_d_instantiate() before calling __d_instantiate() and
> dentry->d_inode is not yet set and null. In 3.18.113 kernel,
> inode->i_op_getxattr() of ext4 is still generic_getxattr() and it only
> has dentry parameter without inode, so it tries to access dentry->d_inode.
>
> I did not test with selinux, but selinux also calls
> inode->i_op_getxattr() from selinux_d_instantiate(), so maybe there is
> also same issue.
So should I revert something or do you have a proposed fix for this?
thanks,
greg k-h
next prev parent reply other threads:[~2018-07-03 4:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20180530073304epcas3p4967df82d2d086fd08fd354781df61861@epcas3p4.samsung.com>
2018-05-30 7:32 ` Linux 3.18.111 Greg KH
2018-05-30 7:32 ` Greg KH
2018-07-03 3:24 ` Seung-Woo Kim
2018-07-03 4:36 ` Greg KH [this message]
2018-07-03 4:43 ` Seung-Woo Kim
2018-07-03 5:01 ` Linus Torvalds
2018-07-05 0:52 ` Al Viro
2018-08-08 10:06 ` Seung-Woo Kim
2018-08-10 6:43 ` Seung-Woo Kim
2018-08-10 10:11 ` Greg Kroah-Hartman
2018-08-13 0:24 ` Seung-Woo Kim
2018-08-09 9:53 ` [PATCH 3.18.y 1/5] xattr_handler: pass dentry and inode as separate arguments of ->get() Seung-Woo Kim
[not found] ` <CGME20180809095342epcas1p49a6d26e336b6e7f0f120583c410d2afb@epcas1p4.samsung.com>
[not found] ` <1533808424-20649-1-git-send-email-sw0312.kim@samsung.com>
2018-08-09 9:53 ` [PATCH 3.18.y 2/5] ->getxattr(): pass dentry and inode as separate arguments Seung-Woo Kim
2018-08-09 9:53 ` [PATCH 3.18.y 3/5] security_d_instantiate(): move to the point prior to attaching dentry to inode Seung-Woo Kim
2018-08-09 9:53 ` [PATCH 3.18.y 4/5] switch xattr_handler->set() to passing dentry and inode separately Seung-Woo Kim
2018-08-09 9:53 ` [PATCH 3.18.y 5/5] switch ->setxattr() " Seung-Woo Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180703043655.GA9793@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=lwn@lwn.net \
--cc=stable@vger.kernel.org \
--cc=sw0312.kim@samsung.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.