diff mbox series

[SRU,L/K/J/F/OEM-5.17/OEM-6.0/OEM-6.1,1/1] UBUNTU: SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

Message ID 20230510204413.615426-2-cascardo@canonical.com
State New
Headers show
Series shiftfs: fix locking in shiftfs_create_object() | expand

Commit Message

Thadeu Lima de Souza Cascardo May 10, 2023, 8:44 p.m. UTC 
From: Andrea Righi <andrea.righi@canonical.com>

Make sure to always acquire the inode lock of loweri_dir_iop when
accessing its methods.

This also prevents an lock unbalance when one of such methods is not
implemented.

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
CVE-2023-2612
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
---
 fs/shiftfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Ian May May 10, 2023, 8:53 p.m. UTC | #1 
Acked-by: Ian May <ian.may@canonical.com>

On 2023-05-10 17:44:13 , Thadeu Lima de Souza Cascardo wrote:
> From: Andrea Righi <andrea.righi@canonical.com>
> 
> Make sure to always acquire the inode lock of loweri_dir_iop when
> accessing its methods.
> 
> This also prevents an lock unbalance when one of such methods is not
> implemented.
> 
> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
> CVE-2023-2612
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> ---
>  fs/shiftfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/shiftfs.c b/fs/shiftfs.c
> index 2664e1fb65d30..e777d9f685938 100644
> --- a/fs/shiftfs.c
> +++ b/fs/shiftfs.c
> @@ -409,6 +409,8 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry,
>  	const struct inode_operations *loweri_dir_iop = loweri_dir->i_op;
>  	struct dentry *lowerd_link = NULL;
>  
> +	inode_lock_nested(loweri_dir, I_MUTEX_PARENT);
> +
>  	if (hardlink) {
>  		loweri_iop_ptr = loweri_dir_iop->link;
>  	} else {
> @@ -434,8 +436,6 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry,
>  		goto out_iput;
>  	}
>  
> -	inode_lock_nested(loweri_dir, I_MUTEX_PARENT);
> -
>  	if (!hardlink) {
>  		inode = new_inode(dir_sb);
>  		if (!inode) {
> -- 
> 2.39.2
> 
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff mbox series

Patch

diff --git a/fs/shiftfs.c b/fs/shiftfs.c
index 2664e1fb65d30..e777d9f685938 100644
--- a/fs/shiftfs.c
+++ b/fs/shiftfs.c
@@ -409,6 +409,8 @@  static int shiftfs_create_object(struct inode *diri, struct dentry *dentry,
 	const struct inode_operations *loweri_dir_iop = loweri_dir->i_op;
 	struct dentry *lowerd_link = NULL;
 
+	inode_lock_nested(loweri_dir, I_MUTEX_PARENT);
+
 	if (hardlink) {
 		loweri_iop_ptr = loweri_dir_iop->link;
 	} else {
@@ -434,8 +436,6 @@  static int shiftfs_create_object(struct inode *diri, struct dentry *dentry,
 		goto out_iput;
 	}
 
-	inode_lock_nested(loweri_dir, I_MUTEX_PARENT);
-
 	if (!hardlink) {
 		inode = new_inode(dir_sb);
 		if (!inode) {