Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bc87baee authored by Mike Christie's avatar Mike Christie Committed by Greg Kroah-Hartman
Browse files

configfs: fix registered group removal 



[ Upstream commit cc57c07343bd071cdf1915a91a24ab7d40c9b590 ]

This patch fixes a bug where configfs_register_group had added
a group in a tree, and userspace has done a rmdir on a dir somewhere
above that group and we hit a kernel crash. The problem is configfs_rmdir
will detach everything under it and unlink groups on the default_groups
list. It will not unlink groups added with configfs_register_group so when
configfs_unregister_group is called to drop its references to the group/items
we crash when we try to access the freed dentrys.

The patch just adds a check for if a rmdir has been done above
us and if so just does the unlink part of unregistration.

Sorry if you are getting this multiple times. I thouhgt I sent
this to some of you and lkml, but I do not see it.

Signed-off-by: default avatarMike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent c2bd54bc

fs/configfs/dir.c

+11 −0
Original line number Diff line number Diff line
@@ -1777,6 +1777,16 @@ void configfs_unregister_group(struct config_group *group) 
	struct dentry *dentry = group->cg_item.ci_dentry;

	struct dentry *parent = group->cg_item.ci_parent->ci_dentry;



	mutex_lock(&subsys->su_mutex);

	if (!group->cg_item.ci_parent->ci_group) {

		/*

		 * The parent has already been unlinked and detached

		 * due to a rmdir.

		 */

		goto unlink_group;

	}

	mutex_unlock(&subsys->su_mutex);



	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);

	spin_lock(&configfs_dirent_lock);

	configfs_detach_prep(dentry, NULL);
@@ -1791,6 +1801,7 @@ void configfs_unregister_group(struct config_group *group) 
	dput(dentry);



	mutex_lock(&subsys->su_mutex);

unlink_group:

	unlink_group(group);

	mutex_unlock(&subsys->su_mutex);

}