From: Greg Kroah-Hartman Date: Fri, 13 May 2022 14:03:44 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.9.314~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03590165c23d0fe95b900f0c8ec882af0c08d728;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: vfs-fix-memory-leak-caused-by-concurrently-mounting-fs-with-subtype.patch --- diff --git a/queue-4.14/series b/queue-4.14/series index 5d8e51a1ef6..ebcf6053704 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -11,3 +11,4 @@ alsa-pcm-fix-races-among-concurrent-read-write-and-buffer-changes.patch alsa-pcm-fix-races-among-concurrent-prepare-and-hw_params-hw_free-calls.patch alsa-pcm-fix-races-among-concurrent-prealloc-proc-writes.patch alsa-pcm-fix-potential-ab-ba-lock-with-buffer_mutex-and-mmap_lock.patch +vfs-fix-memory-leak-caused-by-concurrently-mounting-fs-with-subtype.patch diff --git a/queue-4.14/vfs-fix-memory-leak-caused-by-concurrently-mounting-fs-with-subtype.patch b/queue-4.14/vfs-fix-memory-leak-caused-by-concurrently-mounting-fs-with-subtype.patch new file mode 100644 index 00000000000..364a141148c --- /dev/null +++ b/queue-4.14/vfs-fix-memory-leak-caused-by-concurrently-mounting-fs-with-subtype.patch @@ -0,0 +1,80 @@ +From chenxiaosong2@huawei.com Fri May 13 16:02:28 2022 +From: ChenXiaoSong +Date: Tue, 2 Nov 2021 22:22:06 +0800 +Subject: VFS: Fix memory leak caused by concurrently mounting fs with subtype +To: , , +Cc: , , , , , , +Message-ID: <20211102142206.3972465-1-chenxiaosong2@huawei.com> + +From: ChenXiaoSong + +If two processes mount same superblock, memory leak occurs: + +CPU0 | CPU1 +do_new_mount | do_new_mount + fs_set_subtype | fs_set_subtype + kstrdup | + | kstrdup + memrory leak | + +The following reproducer triggers the problem: + +1. shell command: mount -t ntfs /dev/sda1 /mnt & +2. c program: mount("/dev/sda1", "/mnt", "fuseblk", 0, "...") + +with kmemleak report being along the lines of + +unreferenced object 0xffff888235f1a5c0 (size 8): + comm "mount.ntfs", pid 2860, jiffies 4295757824 (age 43.423s) + hex dump (first 8 bytes): + 00 a5 f1 35 82 88 ff ff ...5.... + backtrace: + [<00000000656e30cc>] __kmalloc_track_caller+0x16e/0x430 + [<000000008e591727>] kstrdup+0x3e/0x90 + [<000000008430d12b>] do_mount.cold+0x7b/0xd9 + [<0000000078d639cd>] ksys_mount+0xb2/0x150 + [<000000006015988d>] __x64_sys_mount+0x29/0x40 + [<00000000e0a7c118>] do_syscall_64+0xc1/0x1d0 + [<00000000bcea7df5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 + [<00000000803a4067>] 0xffffffffffffffff + +Linus's tree already have refactoring patchset [1], one of them can fix this bug: + c30da2e981a7 ("fuse: convert to use the new mount API") +After refactoring, init super_block->s_subtype in fuse_fill_super. + +Since we did not merge the refactoring patchset in this branch, I create this patch. +This patch fix this by adding a write lock while calling fs_set_subtype. + +[1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20190903113640.7984-3-mszeredi@redhat.com/ + +Fixes: 79c0b2df79eb ("add filesystem subtype support") +Cc: David Howells +Cc: +Signed-off-by: ChenXiaoSong +Signed-off-by: Greg Kroah-Hartman +--- +v1: Can not mount sshfs ([PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency) +v2: Use write lock while writing superblock ([PATCH 4.19,v2] VFS: Fix fuseblk memory leak caused by mount concurrency) +v3: Update commit message + + fs/namespace.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -2570,9 +2570,12 @@ static int do_new_mount(struct path *pat + return -ENODEV; + + mnt = vfs_kern_mount(type, sb_flags, name, data); +- if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) && +- !mnt->mnt_sb->s_subtype) +- mnt = fs_set_subtype(mnt, fstype); ++ if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE)) { ++ down_write(&mnt->mnt_sb->s_umount); ++ if (!mnt->mnt_sb->s_subtype) ++ mnt = fs_set_subtype(mnt, fstype); ++ up_write(&mnt->mnt_sb->s_umount); ++ } + + put_filesystem(type); + if (IS_ERR(mnt))