archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 05:04:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/fs
History
David Howells d27c712578
afs: Fix delayed allocation of a cell's anonymous key 
The allocation of a cell's anonymous key is done in a background thread
along with other cell setup such as doing a DNS upcall.  In the reported
bug, this is triggered by afs_parse_source() parsing the device name given
to mount() and calling afs_lookup_cell() with the name of the cell.

The normal key lookup then tries to use the key description on the
anonymous authentication key as the reference for request_key() - but it
may not yet be set and so an oops can happen.

This has been made more likely to happen by the fix for dynamic lookup
failure.

Fix this by firstly allocating a reference name and attaching it to the
afs_cell record when the record is created.  It can share the memory
allocation with the cell name (unfortunately it can't just overlap the cell
name by prepending it with "afs@" as the cell name already has a '.'
prepended for other purposes).  This reference name is then passed to
request_key().

Secondly, the anon key is now allocated on demand at the point a key is
requested in afs_request_key() if it is not already allocated.  A mutex is
used to prevent multiple allocation for a cell.

Thirdly, make afs_request_key_rcu() return NULL if the anonymous key isn't
yet allocated (if we need it) and then the caller can return -ECHILD to
drop out of RCU-mode and afs_request_key() can be called.

Note that the anonymous key is kind of necessary to make the key lookup
cache work as that doesn't currently cache a negative lookup, but it's
probably worth some investigation to see if NULL can be used instead.

Fixes: 330e2c5148 ("afs: Fix dynamic lookup to fail on cell lookup failure")
Reported-by: syzbot+41c68824eefb67cdf00c@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://patch.msgid.link/800328.1764325145@warthog.procyon.org.uk
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
2025-11-28 11:30:10 +01:00
..
9p Revert "fs/9p: Refresh metadata in d_revalidate for uncached mode too" 2025-10-22 14:25:27 +09:00
adfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
affs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
afs afs: Fix delayed allocation of a cell's anonymous key 2025-11-28 11:30:10 +01:00
autofs new helper: set_default_d_op() 2025-06-10 22:21:16 -04:00
befs
bfs bfs: Reconstruct file type when loading from disk 2025-10-29 14:39:34 +01:00
btrfs for-6.18-rc5-tag 2025-11-11 10:13:17 -08:00
cachefiles VFS: unify old_mnt_idmap and new_mnt_idmap in renamedata 2025-09-23 12:37:35 +02:00
ceph Some messenger improvements from Eric and Max, a patch to address the 2025-10-10 11:30:19 -07:00
coda vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
configfs file->f_path constification 2025-10-03 16:32:36 -07:00
cramfs Patch series in this pull request: 2025-10-02 18:44:54 -07:00
crypto fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT 2025-11-04 16:37:38 -08:00
debugfs vfs-6.18-rc1.async 2025-09-29 11:55:15 -07:00
devpts devpts, sunrpc, hostfs: don't bother with ->d_op 2025-06-11 13:40:04 -04:00
dlm dlm for 6.18 2025-09-29 15:24:58 -07:00
ecryptfs mount-related stuff for this cycle 2025-10-03 10:19:44 -07:00
efivarfs power: always freeze efivarfs 2025-11-12 10:12:39 +01:00
efs
erofs erofs: avoid infinite loop due to incomplete zstd-compressed data 2025-11-07 04:10:45 +08:00
exfat vfs-6.18-rc7.fixes 2025-11-17 09:11:27 -08:00
exportfs exportfs: use lookup_one_unlocked() 2025-06-11 13:44:15 +02:00
ext2 \n 2025-07-28 16:16:09 -07:00
ext4 Ext4 bug fixes for 6.18-rc2, including 2025-10-15 07:51:57 -07:00
f2fs f2fs: fix wrong block mapping for multi-devices 2025-10-13 23:55:44 +00:00
fat vfat: fix missing sb_min_blocksize() return value checks 2025-11-05 14:00:16 +01:00
freevxfs
fuse virtio-fs: fix incorrect check for fsvq->kobj 2025-11-05 14:00:16 +01:00
gfs2 finish_no_open calling conventions change 2025-10-03 10:59:31 -07:00
hfs hfs/hfsplus: rework debug output subsystem 2025-09-24 16:30:34 -07:00
hfsplus hfs/hfsplus: rework debug output subsystem 2025-09-24 16:30:34 -07:00
hostfs hostfs: Fix only passing host root in boot stage with new mount 2025-10-21 14:22:42 +02:00
hpfs - Avoid -Wflex-array-member-not-at-end warnings 2025-10-10 14:06:02 -07:00
hugetlbfs hugetlbfs: move lock assertions after early returns in huge_pmd_unshare() 2025-10-21 15:46:17 -07:00
iomap iomap: open code bio_iov_iter_get_bdev_pages 2025-10-07 08:05:44 -06:00
isofs isofs: check the return value of sb_min_blocksize() in isofs_fill_super 2025-11-05 14:00:16 +01:00
jbd2 jbd2: ensure that all ongoing I/O complete before freeing blocks 2025-10-10 13:10:06 -04:00
jffs2 mm: introduce memdesc_flags_t 2025-09-13 16:55:07 -07:00
jfs A few fixes and cleanups for JFS. 2025-10-03 13:54:23 -07:00
kernfs vfs-6.18-rc1.misc 2025-09-29 09:03:07 -07:00
lockd SUNRPC: Move the svc_rpcb_cleanup() call sites 2025-09-23 13:28:19 -04:00
minix minixfs: Verify inode mode when loading from disk 2025-08-19 13:30:46 +02:00
netfs vfs-6.18-rc1.workqueue 2025-09-29 10:27:17 -07:00
nfs NFS: Fix LTP test failures when timestamps are delegated 2025-11-10 16:55:12 -05:00
nfs_common NFS/localio: nfs_uuid_put() fix the wake up after unlinking the file 2025-08-05 16:45:40 -07:00
nfsd nfsd-6.18 fixes: 2025-11-12 18:41:01 -08:00
nilfs2 nilfs2: avoid having an active sc_timer before freeing sci 2025-11-09 21:19:46 -08:00
nls
notify fs/notify: call exportfs_encode_fid with s_umount 2025-10-06 16:31:52 +02:00
ntfs3 ntfs3: stop using write_cache_pages 2025-09-13 16:55:13 -07:00
ocfs2 ocfs2: clear extent cache after moving/defragmenting extents 2025-10-15 13:24:33 -07:00
omfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
openpromfs
orangefs orangefs: Two cleanups and a bug fix. 2025-10-03 13:59:56 -07:00
overlayfs ovl: fail ovl_lock_rename_workdir() if either target is unhashed 2025-11-28 10:42:32 +01:00
proc fs/proc: fix uaf in proc_readdir_de() 2025-11-09 21:19:43 -08:00
pstore pstore update for v6.18-rc1 2025-09-29 18:08:34 -07:00
qnx4
qnx6
quota fs: replace use of system_unbound_wq with system_dfl_wq 2025-09-19 16:15:07 +02:00
ramfs fs: rename generic_delete_inode() and generic_drop_inode() 2025-09-15 16:09:42 +02:00
resctrl x86,fs/resctrl: Fix NULL pointer dereference with events force-disabled in mbm_event mode 2025-10-20 18:06:31 +02:00
romfs fs: replace mmap hook with .mmap_prepare for simple mappings 2025-06-19 13:56:59 +02:00
smb cifs: Add the smb3_read_* tracepoints to SMB1 2025-11-20 03:12:05 -06:00
squashfs Patch series in this pull request: 2025-10-02 18:44:54 -07:00
sysfs sysfs: check visibility before changing group attribute ownership 2025-10-17 09:48:34 +02:00
tests
tracefs Massage rpc_pipefs to use saner primitives and clean up the 2025-07-28 09:56:09 -07:00
ubifs Summary of significant series in this pull request: 2025-10-02 18:18:33 -07:00
udf fs: udf: fix OOB read in lengthAllocDescs handling 2025-09-22 15:33:56 +02:00
ufs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
unicode
vboxsf simplify vboxsf_dir_atomic_open() 2025-09-16 23:59:38 -04:00
verity Optimize fsverity with 2-way interleaved hashing 2025-09-29 15:55:20 -07:00
xfs xfs: fixes for 6.18-rc7 2025-11-22 10:23:34 -08:00
zonefs zonefs: correct some spelling mistakes 2025-08-12 11:59:27 +09:00
aio.c Summary of significant series in this pull request: 2025-10-02 18:18:33 -07:00
anon_inodes.c module: Rename EXPORT_SYMBOL_GPL_FOR_MODULES to EXPORT_SYMBOL_FOR_MODULES 2025-08-11 16:16:36 +02:00
attr.c vfs: add ATTR_CTIME_SET flag 2025-09-21 19:24:50 -04:00
backing-file.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
bad_inode.c
binfmt_elf.c binfmt_elf: preserve original ELF e_flags for core dumps 2025-09-03 20:49:32 -07:00
binfmt_elf_fdpic.c execve updates for v6.17 2025-07-28 17:11:40 -07:00
binfmt_flat.c
binfmt_misc.c binfmt_misc: restore write access before closing files opened by open_exec() 2025-11-05 14:00:16 +01:00
binfmt_script.c
bpf_fs_kfuncs.c bpf...d_path(): constify path argument 2025-09-15 21:17:08 -04:00
buffer.c fs/buffer: fix use-after-free when call bh_read() helper 2025-08-19 13:51:28 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: fix core_pattern input validation 2025-10-07 13:12:46 +02:00
d_path.c fold fs_struct->{lock,seq} into a seqlock 2025-07-08 10:25:19 +02:00
dax.c dax: skip read lock assertion for read-only filesystems 2025-10-07 12:48:33 +02:00
dcache.c vfs: Don't leak disconnected dentries on umount 2025-10-07 13:09:08 +02:00
direct-io.c Summary of significant series in this pull request: 2025-07-31 14:57:54 -07:00
drop_caches.c
eventfd.c
eventpoll.c eventpoll: Replace rwlock with spinlock 2025-09-05 15:51:24 +02:00
exec.c coredump: fix core_pattern input validation 2025-10-07 13:12:46 +02:00
fcntl.c fcntl: trim arguments 2025-09-26 10:21:23 +02:00
fhandle.c namespace-6.18-rc1 2025-09-29 11:20:29 -07:00
file.c fs: always return zero on success from replace_fd() 2025-08-11 14:52:25 +02:00
file_attr.c fs: return EOPNOTSUPP from file_setattr/file_getattr syscalls 2025-10-10 13:46:00 +02:00
file_table.c fs: update comment in init_file() 2025-10-07 12:48:33 +02:00
filesystems.c fs/filesystems: Fix potential unsigned integer underflow in fs_name() 2025-04-14 13:05:59 +02:00
fs-writeback.c vfs-6.18-rc1.writeback 2025-09-29 11:34:40 -07:00
fs_context.c change the calling conventions for vfs_parse_fs_string() 2025-09-04 15:20:51 -04:00
fs_parser.c fs/fs_parse: Remove unused and problematic validate_constant_table() 2025-04-21 10:27:59 +02:00
fs_pin.c
fs_struct.c fold fs_struct->{lock,seq} into a seqlock 2025-07-08 10:25:19 +02:00
fs_types.c
fsopen.c fscontext: do not consume log entries when returning -EMSGSIZE 2025-08-11 14:52:41 +02:00
init.c VFS: rename kern_path_locked() and related functions. 2025-09-23 12:37:36 +02:00
inode.c fs: add iput_not_last() 2025-11-12 10:47:42 +01:00
internal.h file->f_path constification 2025-10-03 16:32:36 -07:00
ioctl.c fs: remove vfs_ioctl export 2025-09-01 13:08:01 +02:00
Kconfig Summary of significant series in this pull request: 2025-10-02 18:18:33 -07:00
Kconfig.binfmt binfmt_elf: preserve original ELF e_flags for core dumps 2025-09-03 20:49:32 -07:00
kernel_read_file.c
libfs.c vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
locks.c locks: Remove the last reference to EXPORT_OP_ASYNC_LOCK. 2025-08-11 14:52:24 +02:00
Makefile Remove bcachefs core code 2025-09-29 13:43:52 -07:00
mbcache.c
mnt_idmapping.c
mount.h mount-related stuff for this cycle 2025-10-03 10:19:44 -07:00
mpage.c mpage: convert do_mpage_readpage() to return void type 2025-09-21 14:22:16 -07:00
namei.c file->f_path constification 2025-10-03 16:32:36 -07:00
namespace.c fs/namespace: fix reference leak in grab_requested_mnt_ns 2025-11-25 09:34:56 +01:00
nsfs.c nsfs: handle inode number mismatches gracefully in file handles 2025-10-07 12:48:33 +02:00
open.c file->f_path constification 2025-10-03 16:32:36 -07:00
pidfs.c file->f_path constification 2025-10-03 16:32:36 -07:00
pipe.c Add RWF_NOSIGNAL flag for pwritev2 2025-08-29 15:08:07 +02:00
pnode.c umount_tree(): take all victims out of propagation graph at once 2025-09-15 21:26:44 -04:00
pnode.h umount_tree(): take all victims out of propagation graph at once 2025-09-15 21:26:44 -04:00
posix_acl.c
proc_namespace.c ->mnt_devname is never NULL 2025-05-23 14:20:44 +02:00
read_write.c copy_file_range: limit size if in compat mode 2025-08-15 16:11:47 +02:00
readdir.c readdir: supply dir_context.count as readdir buffer size hint 2025-05-29 12:31:23 +02:00
remap_range.c
select.c fs: annotate suspected data race between poll_schedule_timeout() and pollwake() 2025-06-23 12:36:51 +02:00
seq_file.c
signalfd.c
splice.c netfs: Fix unbuffered write error handling 2025-08-15 15:56:49 +02:00
stack.c docs/vfs: update references to i_mutex to i_rwsem 2025-06-23 12:17:33 +02:00
stat.c constify path argument of vfs_statx_path() 2025-09-15 21:17:07 -04:00
statfs.c
super.c power: always freeze efivarfs 2025-11-12 10:12:39 +01:00
sync.c
sysctls.c
timerfd.c A treewide hrtimer timer cleanup 2025-03-25 10:54:15 -07:00
userfaultfd.c mm/mremap: use an explicit uffd failure path for mremap 2025-07-24 19:12:29 -07:00
utimes.c
xattr.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00