Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/fs/nfsd
History
Yang Erkun c20d9d9df5 nfsd: make sure exp active before svc_export_show 
commit be8f982c369c965faffa198b46060f8853e0f1f0 upstream.

The function `e_show` was called with protection from RCU. This only
ensures that `exp` will not be freed. Therefore, the reference count for
`exp` can drop to zero, which will trigger a refcount use-after-free
warning when `exp_get` is called. To resolve this issue, use
`cache_get_rcu` to ensure that `exp` remains active.

------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 3 PID: 819 at lib/refcount.c:25
refcount_warn_saturate+0xb1/0x120
CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
RIP: 0010:refcount_warn_saturate+0xb1/0x120
...
Call Trace:
 <TASK>
 e_show+0x20b/0x230 [nfsd]
 seq_read_iter+0x589/0x770
 seq_read+0x1e5/0x270
 vfs_read+0x125/0x530
 ksys_read+0xc1/0x160
 do_syscall_64+0x5f/0x170
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Fixes: bf18f163e89c ("NFSD: Using exp_get for export getting")
Cc: stable@vger.kernel.org # 4.20+
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-17 13:24:24 +01:00
..
acl.h NFSD: add posix ACLs to struct nfsd_attrs 2024-11-19 12:28:04 +01:00
auth.c
auth.h
blocklayout.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
blocklayoutxdr.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
blocklayoutxdr.h
cache.h Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
current_stateid.h
export.c nfsd: make sure exp active before svc_export_show 2024-12-17 13:24:24 +01:00
export.h Revert "NFSD: Fix frame size warning in svc_export_parse()" 2024-11-24 00:23:45 +01:00
fault_inject.c
filecache.c Revert "nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire" 2024-11-24 00:23:21 +01:00
filecache.h NFSD: Convert filecache to rhltable 2024-11-19 12:28:32 +01:00
flexfilelayout.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
flexfilelayoutxdr.c
flexfilelayoutxdr.h
idmap.h
Kconfig nfsd: allow disabling NFSv2 at compile time 2024-11-19 12:28:26 +01:00
lockd.c Keep read and write fds with each nlm_file 2024-11-19 12:27:44 +01:00
Makefile nfsd: allow disabling NFSv2 at compile time 2024-11-19 12:28:26 +01:00
netns.h NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
nfs2acl.c NFSD: Finish converting the NFSv2 GETACL result encoder 2024-11-19 12:28:26 +01:00
nfs3acl.c NFSD: Finish converting the NFSv3 GETACL result encoder 2024-11-19 12:28:26 +01:00
nfs3proc.c NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection 2024-11-19 12:28:26 +01:00
nfs3xdr.c NFSD: Clean up WRITE arg decoders 2024-11-19 12:28:23 +01:00
nfs4acl.c NFSD: add posix ACLs to struct nfsd_attrs 2024-11-19 12:28:04 +01:00
nfs4callback.c NFSD: Prevent a potential integer overflow 2024-12-17 13:24:20 +01:00
nfs4idmap.c Revert "nfsd: call cache_put if xdr_reserve_space returns NULL" 2024-11-24 00:23:20 +01:00
nfs4layouts.c NFSD: Add tracepoints to report NFSv4 callback completions 2024-11-19 12:28:22 +01:00
nfs4proc.c NFSD: Fix nfsd4_shutdown_copy() 2024-12-17 13:24:13 +01:00
nfs4recover.c NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() 2024-12-17 13:24:13 +01:00
nfs4state.c NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
nfs4xdr.c Revert "NFSD: Fix NFSv4's PUTPUBFH operation" 2024-11-24 00:23:02 +01:00
nfscache.c Revert "NFSD: Refactor nfsd_reply_cache_free_locked()" 2024-11-24 00:23:45 +01:00
nfsctl.c Revert "nfsd: expose /proc/net/sunrpc/nfsd in net namespaces" 2024-11-24 00:23:44 +01:00
nfsd.h Revert "nfsd: remove nfsd_stats, make th_cnt a global counter" 2024-11-24 00:23:43 +01:00
nfsfh.c Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
nfsfh.h NFSD: Use const pointers as parameters to fh_ helpers 2024-11-19 12:28:27 +01:00
nfsproc.c NFSD: Use set_bit(RQ_DROPME) 2024-11-19 12:28:29 +01:00
nfssvc.c Revert "NFSD: simplify error paths in nfsd_svc()" 2024-11-24 00:23:45 +01:00
nfsxdr.c NFSD: Clean up WRITE arg decoders 2024-11-19 12:28:23 +01:00
pnfs.h
state.h NFSD: add delegation reaper to react to low memory condition 2024-11-19 12:28:29 +01:00
stats.c Revert "NFSD: Rewrite synopsis of nfsd_percpu_counters_init()" 2024-11-24 00:23:45 +01:00
stats.h Revert "NFSD: Rewrite synopsis of nfsd_percpu_counters_init()" 2024-11-24 00:23:45 +01:00
trace.c
trace.h Revert "NFSD: Replace nfsd_prune_bucket()" 2024-11-24 00:23:45 +01:00
vfs.c Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
vfs.h NFSD: Pass the target nfsd_file to nfsd_commit() 2024-11-19 12:28:26 +01:00
xdr.h SUNRPC: Change return value type of .pc_encode 2024-11-19 12:27:48 +01:00
xdr3.h SUNRPC: Change return value type of .pc_encode 2024-11-19 12:27:48 +01:00
xdr4.h NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
xdr4cb.h NFSD: add support for sending CB_RECALL_ANY 2024-11-19 12:28:29 +01:00