| From f09bdb2256007acdbefbb7e94c09f70855d02225 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 14 Jul 2021 21:27:01 -0700 |
| Subject: hfs: add missing clean-up in hfs_fill_super |
| |
| From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> |
| |
| [ Upstream commit 16ee572eaf0d09daa4c8a755fdb71e40dbf8562d ] |
| |
| Patch series "hfs: fix various errors", v2. |
| |
| This series ultimately aims to address a lockdep warning in |
| hfs_find_init reported by Syzbot [1]. |
| |
| The work done for this led to the discovery of another bug, and the |
| Syzkaller repro test also reveals an invalid memory access error after |
| clearing the lockdep warning. Hence, this series is broken up into |
| three patches: |
| |
| 1. Add a missing call to hfs_find_exit for an error path in |
| hfs_fill_super |
| |
| 2. Fix memory mapping in hfs_bnode_read by fixing calls to kmap |
| |
| 3. Add lock nesting notation to tell lockdep that the observed locking |
| hierarchy is safe |
| |
| This patch (of 3): |
| |
| Before exiting hfs_fill_super, the struct hfs_find_data used in |
| hfs_find_init should be passed to hfs_find_exit to be cleaned up, and to |
| release the lock held on the btree. |
| |
| The call to hfs_find_exit is missing from an error path. We add it back |
| in by consolidating calls to hfs_find_exit for error paths. |
| |
| Link: https://syzkaller.appspot.com/bug?id=f007ef1d7a31a469e3be7aeb0fde0769b18585db [1] |
| Link: https://lkml.kernel.org/r/20210701030756.58760-1-desmondcheongzx@gmail.com |
| Link: https://lkml.kernel.org/r/20210701030756.58760-2-desmondcheongzx@gmail.com |
| Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com> |
| Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com> |
| Cc: Gustavo A. R. Silva <gustavoars@kernel.org> |
| Cc: Al Viro <viro@zeniv.linux.org.uk> |
| Cc: Shuah Khan <skhan@linuxfoundation.org> |
| Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/hfs/super.c | 10 +++++----- |
| 1 file changed, 5 insertions(+), 5 deletions(-) |
| |
| diff --git a/fs/hfs/super.c b/fs/hfs/super.c |
| index bf6304a350a6..c2a5a0ca3948 100644 |
| --- a/fs/hfs/super.c |
| +++ b/fs/hfs/super.c |
| @@ -427,14 +427,12 @@ static int hfs_fill_super(struct super_block *sb, void *data, int silent) |
| if (!res) { |
| if (fd.entrylength > sizeof(rec) || fd.entrylength < 0) { |
| res = -EIO; |
| - goto bail; |
| + goto bail_hfs_find; |
| } |
| hfs_bnode_read(fd.bnode, &rec, fd.entryoffset, fd.entrylength); |
| } |
| - if (res) { |
| - hfs_find_exit(&fd); |
| - goto bail_no_root; |
| - } |
| + if (res) |
| + goto bail_hfs_find; |
| res = -EINVAL; |
| root_inode = hfs_iget(sb, &fd.search_key->cat, &rec); |
| hfs_find_exit(&fd); |
| @@ -450,6 +448,8 @@ static int hfs_fill_super(struct super_block *sb, void *data, int silent) |
| /* everything's okay */ |
| return 0; |
| |
| +bail_hfs_find: |
| + hfs_find_exit(&fd); |
| bail_no_root: |
| pr_err("get root inode failed\n"); |
| bail: |
| -- |
| 2.30.2 |
| |