* [PATCH 01/15] configfs: fix registered group removal
@ 2018-07-15 23:16 Mike Christie
2018-07-17 13:17 ` Christoph Hellwig
0 siblings, 1 reply; 2+ messages in thread
From: Mike Christie @ 2018-07-15 23:16 UTC (permalink / raw)
To: target-devel
This patch fixes a bug where configfs_register_group had added
a group in a tree, and userspace has done a rmdir on a dir somewhere
above that group and we hit a kernel crash. The problem is configfs_rmdir
will detach everything under it and unlink groups on the default_groups
list. It will not unlink groups added with configfs_register_group so when
configfs_unregister_group is called to drop its references to the group/items
we crash when we try to access the freed dentrys.
The patch just adds a check for if a rmdir has been done above
us and if so just does the unlink part of unregistration.
Sorry if you are getting this multiple times. I thouhgt I sent
this to some of you and lkml, but I do not see it.
Signed-off-by: Mike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joel Becker <jlbec@evilplan.org>
---
fs/configfs/dir.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 577cff2..45cdbb5 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1777,6 +1777,15 @@ void configfs_unregister_group(struct config_group *group)
struct dentry *dentry = group->cg_item.ci_dentry;
struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
+ mutex_lock(&subsys->su_mutex);
+ if (!group->cg_item.ci_parent->ci_group)
+ /*
+ * The parent has already been unlinked and detached
+ * due to a rmdir.
+ */
+ goto unlink_group;
+ mutex_unlock(&subsys->su_mutex);
+
inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
spin_lock(&configfs_dirent_lock);
configfs_detach_prep(dentry, NULL);
@@ -1791,6 +1800,7 @@ void configfs_unregister_group(struct config_group *group)
dput(dentry);
mutex_lock(&subsys->su_mutex);
+unlink_group:
unlink_group(group);
mutex_unlock(&subsys->su_mutex);
}
--
2.7.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 01/15] configfs: fix registered group removal
2018-07-15 23:16 [PATCH 01/15] configfs: fix registered group removal Mike Christie
@ 2018-07-17 13:17 ` Christoph Hellwig
0 siblings, 0 replies; 2+ messages in thread
From: Christoph Hellwig @ 2018-07-17 13:17 UTC (permalink / raw)
To: target-devel
Thanks, applied to the configfs tree.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-17 13:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-15 23:16 [PATCH 01/15] configfs: fix registered group removal Mike Christie
2018-07-17 13:17 ` Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).