From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDA801366 for ; Sun, 8 Sep 2024 12:20:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725798016; cv=none; b=f3kPC3m0FYteXOwgCqHLCfiAL49oxjOcQxj0bIJGJE+NT6CN5IGfIu/rCpauJVaQrq0OyHp01KXEP/wTeTmnYWrpnrWMcUILR8I27Hm3ILpCm4M6yJMZ+CUURn6vWnn8XD2ulN/REwyJLEpwmXhi4augd5g4H4Zn1Gm2XxEWPds= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725798016; c=relaxed/simple; bh=ACaf92hMvx7Wcd57Pq3FZ97iloayntzXczmW4KnZBpw=; h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=SoGr3ZbjV1Vt/iQ0tET5lxNPVs17ea4Mxmr6aODxLUjHIo0R7pZULUaUyrt0Z7WIqezzQvzthjZQZ/1Vj6m3yB94zcp4z571OPcejhF9C7EUIMPY0UirnTF6gb7GlmgUmXy7GpznLYBq3+mDN4+/0Na5g1jt1RA9xU/9ogJUOyg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Ub7VZe9p; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Ub7VZe9p" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E916C4CEC3; Sun, 8 Sep 2024 12:20:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1725798016; bh=ACaf92hMvx7Wcd57Pq3FZ97iloayntzXczmW4KnZBpw=; h=Subject:To:Cc:From:Date:From; b=Ub7VZe9pcKcojvYtL7+BB1RMmG3xql6BvOe4qsNJxjCjM4DWr5TBYsR3Eb2WP/eul U9FLaV/OrMcMmH1btfOFraAVkQGIceXZ47ktoBMJfAMfpgeEVLCJgNerj0qxboeBUT gtIgGC5J5oNqMxR6M9eaDRo9VOgi+hq9hPCgJPPo= Subject: FAILED: patch "[PATCH] nilfs2: protect references to superblock parameters exposed" failed to apply to 5.10-stable tree To: konishi.ryusuke@gmail.com,akpm@linux-foundation.org,stable@vger.kernel.org Cc: From: Date: Sun, 08 Sep 2024 14:20:05 +0200 Message-ID: <2024090805-deck-despise-e91c@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 683408258917541bdb294cd717c210a04381931e # git commit -s git send-email --to '' --in-reply-to '2024090805-deck-despise-e91c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 683408258917 ("nilfs2: protect references to superblock parameters exposed in sysfs") 3bcd6c5bd483 ("nilfs2: replace snprintf in show functions with sysfs_emit") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 683408258917541bdb294cd717c210a04381931e Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi Date: Sun, 11 Aug 2024 19:03:20 +0900 Subject: [PATCH] nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device issues. So, accessing them requires mutual exclusion using the reader/writer semaphore "nilfs->ns_sem". Some sysfs attribute show methods read this superblock buffer without the necessary mutual exclusion, which can cause problems with pointer dereferencing and memory access, so fix it. Link: https://lkml.kernel.org/r/20240811100320.9913-1-konishi.ryusuke@gmail.com Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/ group") Signed-off-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c index a5569b7f47a3..14868a3dd592 100644 --- a/fs/nilfs2/sysfs.c +++ b/fs/nilfs2/sysfs.c @@ -836,9 +836,15 @@ ssize_t nilfs_dev_revision_show(struct nilfs_dev_attr *attr, struct the_nilfs *nilfs, char *buf) { - struct nilfs_super_block **sbp = nilfs->ns_sbp; - u32 major = le32_to_cpu(sbp[0]->s_rev_level); - u16 minor = le16_to_cpu(sbp[0]->s_minor_rev_level); + struct nilfs_super_block *raw_sb; + u32 major; + u16 minor; + + down_read(&nilfs->ns_sem); + raw_sb = nilfs->ns_sbp[0]; + major = le32_to_cpu(raw_sb->s_rev_level); + minor = le16_to_cpu(raw_sb->s_minor_rev_level); + up_read(&nilfs->ns_sem); return sysfs_emit(buf, "%d.%d\n", major, minor); } @@ -856,8 +862,13 @@ ssize_t nilfs_dev_device_size_show(struct nilfs_dev_attr *attr, struct the_nilfs *nilfs, char *buf) { - struct nilfs_super_block **sbp = nilfs->ns_sbp; - u64 dev_size = le64_to_cpu(sbp[0]->s_dev_size); + struct nilfs_super_block *raw_sb; + u64 dev_size; + + down_read(&nilfs->ns_sem); + raw_sb = nilfs->ns_sbp[0]; + dev_size = le64_to_cpu(raw_sb->s_dev_size); + up_read(&nilfs->ns_sem); return sysfs_emit(buf, "%llu\n", dev_size); } @@ -879,9 +890,15 @@ ssize_t nilfs_dev_uuid_show(struct nilfs_dev_attr *attr, struct the_nilfs *nilfs, char *buf) { - struct nilfs_super_block **sbp = nilfs->ns_sbp; + struct nilfs_super_block *raw_sb; + ssize_t len; - return sysfs_emit(buf, "%pUb\n", sbp[0]->s_uuid); + down_read(&nilfs->ns_sem); + raw_sb = nilfs->ns_sbp[0]; + len = sysfs_emit(buf, "%pUb\n", raw_sb->s_uuid); + up_read(&nilfs->ns_sem); + + return len; } static @@ -889,10 +906,16 @@ ssize_t nilfs_dev_volume_name_show(struct nilfs_dev_attr *attr, struct the_nilfs *nilfs, char *buf) { - struct nilfs_super_block **sbp = nilfs->ns_sbp; + struct nilfs_super_block *raw_sb; + ssize_t len; - return scnprintf(buf, sizeof(sbp[0]->s_volume_name), "%s\n", - sbp[0]->s_volume_name); + down_read(&nilfs->ns_sem); + raw_sb = nilfs->ns_sbp[0]; + len = scnprintf(buf, sizeof(raw_sb->s_volume_name), "%s\n", + raw_sb->s_volume_name); + up_read(&nilfs->ns_sem); + + return len; } static const char dev_readme_str[] =