android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_asus_sm8350/fs
History
Edwin Török 55acdd926f dlm: avoid double-free on error path in dlm_device_{register,unregister} 
Can be reproduced when running dlm_controld (tested on 4.4.x, 4.12.4):
 # seq 1 100 | xargs -P0 -n1 dlm_tool join
 # seq 1 100 | xargs -P0 -n1 dlm_tool leave

misc_register fails due to duplicate sysfs entry, which causes
dlm_device_register to free ls->ls_device.name.
In dlm_device_deregister the name was freed again, causing memory
corruption.

According to the comment in dlm_device_deregister the name should've been
set to NULL when registration fails,
so this patch does that.

sysfs: cannot create duplicate filename '/dev/char/10:1'
------------[ cut here ]------------
warning: cpu: 1 pid: 4450 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x56/0x70
modules linked in: msr rfcomm dlm ccm bnep dm_crypt uvcvideo
videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core videodev
btusb media btrtl btbcm btintel bluetooth ecdh_generic intel_rapl
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm
snd_hda_codec_hdmi irqbypass crct10dif_pclmul crc32_pclmul
ghash_clmulni_intel thinkpad_acpi pcbc nvram snd_seq_midi
snd_seq_midi_event aesni_intel snd_hda_codec_realtek snd_hda_codec_generic
snd_rawmidi aes_x86_64 crypto_simd glue_helper snd_hda_intel snd_hda_codec
cryptd intel_cstate arc4 snd_hda_core snd_seq snd_seq_device snd_hwdep
iwldvm intel_rapl_perf mac80211 joydev input_leds iwlwifi serio_raw
cfg80211 snd_pcm shpchp snd_timer snd mac_hid mei_me lpc_ich mei soundcore
sunrpc parport_pc ppdev lp parport autofs4 i915 psmouse
 e1000e ahci libahci i2c_algo_bit sdhci_pci ptp drm_kms_helper sdhci
pps_core syscopyarea sysfillrect sysimgblt fb_sys_fops drm wmi video
cpu: 1 pid: 4450 comm: dlm_test.exe not tainted 4.12.4-041204-generic
hardware name: lenovo 232425u/232425u, bios g2et82ww (2.02 ) 09/11/2012
task: ffff96b0cbabe140 task.stack: ffffb199027d0000
rip: 0010:sysfs_warn_dup+0x56/0x70
rsp: 0018:ffffb199027d3c58 eflags: 00010282
rax: 0000000000000038 rbx: ffff96b0e2c49158 rcx: 0000000000000006
rdx: 0000000000000000 rsi: 0000000000000086 rdi: ffff96b15e24dcc0
rbp: ffffb199027d3c70 r08: 0000000000000001 r09: 0000000000000721
r10: ffffb199027d3c00 r11: 0000000000000721 r12: ffffb199027d3cd1
r13: ffff96b1592088f0 r14: 0000000000000001 r15: ffffffffffffffef
fs:  00007f78069c0700(0000) gs:ffff96b15e240000(0000)
knlgs:0000000000000000
cs:  0010 ds: 0000 es: 0000 cr0: 0000000080050033
cr2: 000000178625ed28 cr3: 0000000091d3e000 cr4: 00000000001406e0
call trace:
 sysfs_do_create_link_sd.isra.2+0x9e/0xb0
 sysfs_create_link+0x25/0x40
 device_add+0x5a9/0x640
 device_create_groups_vargs+0xe0/0xf0
 device_create_with_groups+0x3f/0x60
 ? snprintf+0x45/0x70
 misc_register+0x140/0x180
 device_write+0x6a8/0x790 [dlm]
 __vfs_write+0x37/0x160
 ? apparmor_file_permission+0x1a/0x20
 ? security_file_permission+0x3b/0xc0
 vfs_write+0xb5/0x1a0
 sys_write+0x55/0xc0
 ? sys_fcntl+0x5d/0xb0
 entry_syscall_64_fastpath+0x1e/0xa9
rip: 0033:0x7f78083454bd
rsp: 002b:00007f78069bbd30 eflags: 00000293 orig_rax: 0000000000000001
rax: ffffffffffffffda rbx: 0000000000000006 rcx: 00007f78083454bd
rdx: 000000000000009c rsi: 00007f78069bee00 rdi: 0000000000000005
rbp: 00007f77f8000a20 r08: 000000000000fcf0 r09: 0000000000000032
r10: 0000000000000024 r11: 0000000000000293 r12: 00007f78069bde00
r13: 00007f78069bee00 r14: 000000000000000a r15: 00007f78069bbd70
code: 85 c0 48 89 c3 74 12 b9 00 10 00 00 48 89 c2 31 f6 4c 89 ef e8 2c c8
ff ff 4c 89 e2 48 89 de 48 c7 c7 b0 8e 0c a8 e8 41 e8 ed ff <0f> ff 48 89
df e8 00 d5 f4 ff 5b 41 5c 41 5d 5d c3 66 0f 1f 84
---[ end trace 40412246357cc9e0 ]---

dlm: 59f24629-ae39-44e2-9030-397ebc2eda26: leaving the lockspace group...
bug: unable to handle kernel null pointer dereference at 0000000000000001
ip: [<ffffffff811a3b4a>] kmem_cache_alloc+0x7a/0x140
pgd 0
oops: 0000 [#1] smp
modules linked in: dlm 8021q garp mrp stp llc openvswitch nf_defrag_ipv6
nf_conntrack libcrc32c iptable_filter dm_multipath crc32_pclmul dm_mod
aesni_intel psmouse aes_x86_64 sg ablk_helper cryptd lrw gf128mul
glue_helper i2c_piix4 nls_utf8 tpm_tis tpm isofs nfsd auth_rpcgss
oid_registry nfs_acl lockd grace sunrpc xen_wdt ip_tables x_tables autofs4
hid_generic usbhid hid sr_mod cdrom sd_mod ata_generic pata_acpi 8139too
serio_raw ata_piix 8139cp mii uhci_hcd ehci_pci ehci_hcd libata
scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_mod ipv6
cpu: 0 pid: 394 comm: systemd-udevd tainted: g w 4.4.0+0 #1
hardware name: xen hvm domu, bios 4.7.2-2.2 05/11/2017
task: ffff880002410000 ti: ffff88000243c000 task.ti: ffff88000243c000
rip: e030:[<ffffffff811a3b4a>] [<ffffffff811a3b4a>]
kmem_cache_alloc+0x7a/0x140
rsp: e02b:ffff88000243fd90 eflags: 00010202
rax: 0000000000000000 rbx: ffff8800029864d0 rcx: 000000000007b36c
rdx: 000000000007b36b rsi: 00000000024000c0 rdi: ffff880036801c00
rbp: ffff88000243fdc0 r08: 0000000000018880 r09: 0000000000000054
r10: 000000000000004a r11: ffff880034ace6c0 r12: 00000000024000c0
r13: ffff880036801c00 r14: 0000000000000001 r15: ffffffff8118dcc2
fs: 00007f0ab77548c0(0000) gs:ffff880036e00000(0000) knlgs:0000000000000000
cs: e033 ds: 0000 es: 0000 cr0: 0000000080050033
cr2: 0000000000000001 cr3: 000000000332d000 cr4: 0000000000040660
stack:
ffffffff8118dc90 ffff8800029864d0 0000000000000000 ffff88003430b0b0
ffff880034b78320 ffff88003430b0b0 ffff88000243fdf8 ffffffff8118dcc2
ffff8800349c6700 ffff8800029864d0 000000000000000b 00007f0ab7754b90
call trace:
[<ffffffff8118dc90>] ? anon_vma_fork+0x60/0x140
[<ffffffff8118dcc2>] anon_vma_fork+0x92/0x140
[<ffffffff8107033e>] copy_process+0xcae/0x1a80
[<ffffffff8107128b>] _do_fork+0x8b/0x2d0
[<ffffffff81071579>] sys_clone+0x19/0x20
[<ffffffff815a30ae>] entry_syscall_64_fastpath+0x12/0x71
] code: f6 75 1c 4c 89 fa 44 89 e6 4c 89 ef e8 a7 e4 00 00 41 f7 c4 00 80
00 00 49 89 c6 74 47 eb 32 49 63 45 20 48 8d 4a 01 4d 8b 45 00 <49> 8b 1c
06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 ac 49 63
rip [<ffffffff811a3b4a>] kmem_cache_alloc+0x7a/0x140
rsp <ffff88000243fd90>
cr2: 0000000000000001
--[ end trace 70cb9fd1b164a0e8 ]--

CC: stable@vger.kernel.org
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Signed-off-by: David Teigland <teigland@redhat.com>
2017-08-07 11:23:09 -05:00
..
9p
9p: Implement show_options
2017-07-11 06:08:58 -04:00
adfs
affs
affs: Implement show_options
2017-07-11 06:06:17 -04:00
afs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
autofs4
Fix up over-eager 'wait_queue_t' renaming
2017-07-10 11:40:19 -07:00
befs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
bfs
bfs: fix sanity checks for empty files
2017-07-12 16:26:00 -07:00
btrfs
Merge branch 'for-4.13-part3' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
2017-07-28 12:26:59 -07:00
cachefiles
sched/wait: Disambiguate wq_entry->task_list and wq_head->task_list naming
2017-06-20 12:19:14 +02:00
ceph
ceph: fix race in concurrent readdir
2017-07-17 14:54:59 +02:00
cifs
Add wait_for_random_bytes() and get_random_*_wait() functions so that
2017-07-15 12:44:02 -07:00
coda
fs: implement vfs_iter_write using do_iter_write
2017-06-29 17:49:23 -04:00
configfs
configfs: Introduce config_item_get_unless_zero()
2017-06-12 13:20:20 +02:00
cramfs
crypto
The first major feature for ext4 this merge window is the largedir
2017-07-09 09:31:22 -07:00
debugfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
devpts
dlm
dlm: avoid double-free on error path in dlm_device_{register,unregister}
2017-08-07 11:23:09 -05:00
ecryptfs
ecryptfs: Convert to separately allocated bdi
2017-04-20 12:09:55 -06:00
efivarfs
VFS: Kill off s_options and helpers
2017-07-11 06:09:21 -04:00
efs
exofs
mm: drop "wait" parameter from write_one_page()
2017-07-05 18:44:22 -04:00
exportfs
Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-03-03 11:38:56 -08:00
ext2
ext2: preserve i_mode if ext2_set_acl() fails
2017-07-18 11:23:56 +02:00
ext4
ext4: fix copy paste error in ext4_swap_extents()
2017-08-06 01:33:07 -04:00
f2fs
f2fs: avoid cpu lockup
2017-07-17 19:23:18 -07:00
fat
fat: fix using uninitialized fields of fat_inode/fsinfo_inode
2017-03-09 17:01:10 -08:00
freevxfs
fscache
KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()
2017-03-02 10:09:00 +11:00
fuse
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2017-05-20 16:12:30 -07:00
gfs2
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
hfs
fs: semove set but not checked AOP_FLAG_UNINTERRUPTIBLE flag
2017-05-08 17:15:14 -07:00
hfsplus
hfsplus: Don't clear SGID when inheriting ACLs
2017-07-18 18:23:39 +02:00
hostfs
hpfs
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
hugetlbfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
isofs
isofs: Fix off-by-one in 'session' mount option parsing
2017-07-18 12:33:16 +02:00
jbd2
Writeback error handling fixes (pile #2)
2017-07-07 19:38:17 -07:00
jffs2
jffs2: fix spelling mistake: "requestied" -> "requested"
2017-04-19 11:35:55 -07:00
jfs
JFS fixes for 4.13
2017-07-25 08:51:57 -07:00
kernfs
kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file()
2017-03-17 10:25:59 +09:00
lockd
sunrpc: mark all struct svc_version instances as const
2017-07-13 15:58:03 -04:00
minix
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-08 10:50:54 -07:00
ncpfs
mm: per-cgroup memory reclaim stats
2017-07-06 16:24:35 -07:00
nfs
Two more NFS client bugfixes for 4.13
2017-08-02 20:56:44 -07:00
nfs_common
nfsd
nfsd: Fix a memory scribble in the callback channel
2017-07-17 13:15:06 -04:00
nilfs2
Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-07-03 13:08:04 -07:00
nls
notify
dentry name snapshots
2017-07-07 20:09:10 -04:00
ntfs
ntfs: Use ERR_CAST() to avoid cross-structure cast
2017-05-28 10:11:48 -07:00
ocfs2
ocfs2: don't clear SGID when inheriting ACLs
2017-08-02 17:16:13 -07:00
omfs
omfs: Implement show_options
2017-07-06 03:31:46 -04:00
openpromfs
orangefs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
overlayfs
ovl: check for bad and whiteout index on lookup
2017-07-20 11:08:21 +02:00
proc
Now that IPC and other changes have landed, enable manual markings for
2017-07-19 08:55:18 -07:00
pstore
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
qnx4
qnx6
quota
quota: add get_inode_usage callback to transfer multi-inode charges
2017-06-22 11:46:48 -04:00
ramfs
ramfs: Implement show_options
2017-07-06 03:31:46 -04:00
reiserfs
reiserfs: preserve i_mode if __reiserfs_set_acl() fails
2017-07-18 11:24:08 +02:00
romfs
squashfs
fs/pstore: fs/squashfs: change usage of LZ4 to work with new LZ4 version
2017-02-24 17:46:57 -08:00
sysfs
sysfs: be careful of error returns from ops->show()
2017-04-08 17:33:32 +02:00
sysv
mm: drop "wait" parameter from write_one_page()
2017-07-05 18:44:22 -04:00
tracefs
VFS: Don't use save/replace_mount_options if not using generic_show_options
2017-07-06 03:31:46 -04:00
ubifs
ubifs: Set double hash cookie also for RENAME_EXCHANGE
2017-07-14 22:50:57 +02:00
udf
udf: Convert udf_disk_stamp_to_time() to use mktime64()
2017-06-14 11:21:02 +02:00
ufs
Writeback error handling fixes (pile #1)
2017-07-07 18:39:15 -07:00
xfs
xfs: fix multi-AG deadlock in xfs_bunmapi
2017-07-26 08:20:03 -07:00
aio.c
fs: add O_DIRECT and aio support for sending down write life time hints
2017-06-27 12:05:36 -06:00
anon_inodes.c
attr.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
bad_inode.c
statx: Add a system call to make enhanced file info available
2017-03-02 20:51:15 -05:00
binfmt_aout.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
binfmt_elf_fdpic.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
binfmt_elf.c
binfmt_elf: safely increment argv pointers
2017-07-10 16:32:36 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_flat: Use %u to format u32
2017-07-16 09:24:05 -07:00
binfmt_misc.c
fs: constify tree_descr arrays passed to simple_fill_super()
2017-04-26 23:54:06 -04:00
binfmt_script.c
block_dev.c
Writeback error handling fixes (pile #2)
2017-07-07 19:38:17 -07:00
buffer.c
fs/buffer.c: make bh_lru_install() more efficient
2017-07-10 16:32:30 -07:00
char_dev.c
chardev: add helper function to register char devs with a struct device
2017-03-21 06:44:32 +01:00
compat_binfmt_elf.c
fs/binfmt: Convert obsolete cputime type to nsecs
2017-02-01 09:13:51 +01:00
compat_ioctl.c
Merge branch 'work.__copy_in_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-08 10:15:02 -07:00
compat.c
fs/compat.c: trim unused includes
2017-04-17 12:52:27 -04:00
coredump.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
dax.c
Writeback error handling fixes (pile #2)
2017-07-07 19:38:17 -07:00
dcache.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
dcookies.c
direct-io.c
fs: add O_DIRECT and aio support for sending down write life time hints
2017-06-27 12:05:36 -06:00
drop_caches.c
eventfd.c
There has been a fair amount of activity in the docs tree this time
2017-07-03 21:13:25 -07:00
eventpoll.c
kcmp: fs/epoll: wrap kcmp code with CONFIG_CHECKPOINT_RESTORE
2017-07-12 16:26:01 -07:00
exec.c
exec: Limit arg stack to at most 75% of _STK_LIM
2017-07-07 20:05:08 -07:00
fcntl.c
vfs: fix flock compat thinko
2017-07-07 13:48:18 -07:00
fhandle.c
fhandle: move compat syscalls from compat.c
2017-04-17 12:52:26 -04:00
file_table.c
fs: new infrastructure for writeback error handling and reporting
2017-07-06 07:02:25 -04:00
file.c
fs/file.c: replace alloc_fdmem() with kvmalloc() alternative
2017-07-06 16:24:30 -07:00
filesystems.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
fs_pin.c
sched/wait: Disambiguate wq_entry->task_list and wq_head->task_list naming
2017-06-20 12:19:14 +02:00
fs_struct.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
fs-writeback.c
writeback: rework wb_[dec|inc]_stat family of functions
2017-07-12 16:26:05 -07:00
inode.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-08 10:50:54 -07:00
internal.h
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-05-09 09:12:53 -07:00
ioctl.c
sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency
2017-03-02 08:42:37 +01:00
iomap.c
Changes since last update:
2017-07-14 22:57:32 -07:00
Kconfig
fs/Kconfig: kill CONFIG_PERCPU_RWSEM some more
2017-07-12 16:26:00 -07:00
Kconfig.binfmt
libfs.c
fs: convert __generic_file_fsync to use errseq_t based reporting
2017-07-06 07:02:29 -04:00
locks.c
fs/locks: pass kernel struct flock to fcntl_getlk/setlk
2017-05-27 06:07:19 -04:00
Makefile
mbcache.c
ext4: xattr inode deduplication
2017-06-22 11:44:55 -04:00
mount.h
Now that IPC and other changes have landed, enable manual markings for
2017-07-19 08:55:18 -07:00
mpage.c
There has been a fair amount of activity in the docs tree this time
2017-07-03 21:13:25 -07:00
namei.c
Now that IPC and other changes have landed, enable manual markings for
2017-07-19 08:55:18 -07:00
namespace.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
no-block.c
nsfs.c
VFS: Provide empty name qstr
2017-07-06 03:27:09 -04:00
open.c
Writeback error handling fixes (pile #2)
2017-07-07 19:38:17 -07:00
pipe.c
VFS: Provide empty name qstr
2017-07-06 03:27:09 -04:00
pnode.c
mnt: Make propagate_umount less slow for overlapping mount propagation trees
2017-05-23 08:41:17 -05:00
pnode.h
mnt: Tuck mounts under others instead of creating shadow/side mounts.
2017-02-04 00:01:06 +13:00
posix_acl.c
sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>
2017-03-02 08:42:31 +01:00
proc_namespace.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
read_write.c
Merge branch 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-07 21:48:15 -07:00
readdir.c
readdir: move compat syscalls from compat.c
2017-04-17 12:52:24 -04:00
select.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-06 20:57:13 -07:00
seq_file.c
mm: introduce kv[mz]alloc helpers
2017-05-08 17:15:12 -07:00
signalfd.c
sched/wait: Rename wait_queue_t => wait_queue_entry_t
2017-06-20 12:18:27 +02:00
splice.c
fs: implement vfs_iter_write using do_iter_write
2017-06-29 17:49:23 -04:00
stack.c
stat.c
ufs: restore maintaining ->i_blocks
2017-06-09 16:28:01 -04:00
statfs.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-08 10:50:54 -07:00
super.c
VFS: Kill off s_options and helpers
2017-07-11 06:09:21 -04:00
sync.c
fs: remove call_fsync helper function
2017-07-05 18:44:23 -04:00
timerfd.c
timerfd: Use get_itimerspec64() and put_itimerspec64()
2017-06-30 04:14:38 -04:00
userfaultfd.c
userfaultfd: non-cooperative: flush event_wqh at release time
2017-08-02 17:16:13 -07:00
utimes.c
utimes: move compat syscalls from compat.c
2017-04-17 12:52:23 -04:00
xattr.c
treewide: use kv[mz]alloc* rather than opencoded variants
2017-05-08 17:15:13 -07:00