iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Jens Axboe d1b69aabcd io_uring: use current task creds instead of allocating a new one 
commit 0b8c0ec7eedcd8f9f1a1f238d87f9b512b09e71a upstream.

syzbot reports:

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9217 Comm: io_uring-sq Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:creds_are_invalid kernel/cred.c:792 [inline]
RIP: 0010:__validate_creds include/linux/cred.h:187 [inline]
RIP: 0010:override_creds+0x9f/0x170 kernel/cred.c:550
Code: ac 25 00 81 fb 64 65 73 43 0f 85 a3 37 00 00 e8 17 ab 25 00 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e 96 00 00 00 41 8b 5c 24 10 bf
RSP: 0018:ffff88809c45fda0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000043736564 RCX: ffffffff814f3318
RDX: 0000000000000002 RSI: ffffffff814f3329 RDI: 0000000000000010
RBP: ffff88809c45fdb8 R08: ffff8880a3aac240 R09: ffffed1014755849
R10: ffffed1014755848 R11: ffff8880a3aac247 R12: 0000000000000000
R13: ffff888098ab1600 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd51c40664 CR3: 0000000092641000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  io_sq_thread+0x1c7/0xa20 fs/io_uring.c:3274
  kthread+0x361/0x430 kernel/kthread.c:255
  ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace f2e1a4307fbe2245 ]---
RIP: 0010:creds_are_invalid kernel/cred.c:792 [inline]
RIP: 0010:__validate_creds include/linux/cred.h:187 [inline]
RIP: 0010:override_creds+0x9f/0x170 kernel/cred.c:550
Code: ac 25 00 81 fb 64 65 73 43 0f 85 a3 37 00 00 e8 17 ab 25 00 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e 96 00 00 00 41 8b 5c 24 10 bf
RSP: 0018:ffff88809c45fda0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000043736564 RCX: ffffffff814f3318
RDX: 0000000000000002 RSI: ffffffff814f3329 RDI: 0000000000000010
RBP: ffff88809c45fdb8 R08: ffff8880a3aac240 R09: ffffed1014755849
R10: ffffed1014755848 R11: ffff8880a3aac247 R12: 0000000000000000
R13: ffff888098ab1600 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd51c40664 CR3: 0000000092641000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

which is caused by slab fault injection triggering a failure in
prepare_creds(). We don't actually need to create a copy of the creds
as we're not modifying it, we just need a reference on the current task
creds. This avoids the failure case as well, and propagates the const
throughout the stack.

Fixes: 181e448d8709 ("io_uring: async workers should inherit the user creds")
Reported-by: syzbot+5320383e16029ba057ff@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
[ only use the io_uring.c portion of the patch - gregkh]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-09 10:20:00 +01:00
..
9p
9p pull request for inclusion in 5.4
2019-09-27 15:10:34 -07:00
adfs
Merge branch 'work.adfs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 11:33:22 -07:00
affs
fs: affs: Initialize filesystem timestamp ranges
2019-08-30 07:27:18 -07:00
afs
afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
2020-01-09 10:19:48 +01:00
autofs
autofs: fix a leak in autofs_expire_indirect()
2019-10-25 00:03:11 -04:00
befs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
bfs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
btrfs
Btrfs: fix infinite loop during nocow writeback due to race
2020-01-09 10:19:58 +01:00
cachefiles
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
ceph
ceph: fix compat_ioctl for ceph_dir_operations
2019-12-17 19:55:31 +01:00
cifs
cifs: move cifsFileInfo_put logic into a work-queue
2020-01-04 19:18:26 +01:00
coda
y2038: add inode timestamp clamping
2019-09-19 09:42:37 -07:00
configfs
configfs: calculate the depth of parent item
2019-11-06 18:36:01 +01:00
cramfs
cramfs: fix usage on non-MTD device
2019-11-23 21:44:49 -05:00
crypto
fscrypt: require that key be added when setting a v2 encryption policy
2019-08-12 19:18:50 -07:00
debugfs
Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2019-09-28 08:14:15 -07:00
devpts
devpts_pty_kill(): don't bother with d_delete()
2019-09-03 09:30:56 -04:00
dlm
dlm for 5.3
2019-07-12 17:37:53 -07:00
ecryptfs
ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
2019-11-10 11:57:45 -05:00
efivarfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
efs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
erofs
erofs: zero out when listxattr is called with no xattr
2019-12-17 19:56:23 +01:00
exportfs
exportfs_decode_fh(): negative pinned may become positive without the parent locked
2019-11-10 11:56:05 -05:00
ext2
ext2: check err when partial != NULL
2019-12-17 19:56:43 +01:00
ext4
ext4: iomap that extends beyond EOF should be marked dirty
2020-01-04 19:17:13 +01:00
f2fs
f2fs: Fix deadlock in f2fs_gc() context during atomic files handling
2020-01-04 19:18:18 +01:00
fat
fat: delete an unnecessary check before brelse()
2019-09-25 17:51:40 -07:00
freevxfs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
fscache
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
2019-07-10 18:43:43 -07:00
fuse
fuse: verify attributes
2019-12-13 08:42:31 +01:00
gfs2
gfs2: fix glock reference problem in gfs2_trans_remove_revoke
2019-12-21 11:04:34 +01:00
hfs
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
hfsplus
fs/hfsplus/xattr.c: replace strncpy with memcpy
2019-07-16 19:23:23 -07:00
hostfs
This pull request contains the following changes for UML:
2019-05-12 17:52:13 -04:00
hpfs
fs: hpfs: Initialize filesystem timestamp ranges
2019-08-30 08:11:25 -07:00
hugetlbfs
mm/hugetlbfs: fix for_each_hstate() loop in init_hugetlbfs_fs()
2020-01-04 19:19:19 +01:00
iomap
iomap: fix return value of iomap_dio_bio_actor on 32bit systems
2020-01-04 19:17:31 +01:00
isofs
y2038: add inode timestamp clamping
2019-09-19 09:42:37 -07:00
jbd2
jbd2: Fix statistics for the number of logged blocks
2020-01-04 19:17:14 +01:00
jffs2
Revert "jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()"
2019-12-04 22:31:06 +01:00
jfs
y2038: add inode timestamp clamping
2019-09-19 09:42:37 -07:00
kernfs
kernfs: fix ino wrap-around detection
2019-12-13 08:42:53 +01:00
lockd
lockd: Make two symbols static
2019-07-03 17:52:09 -04:00
minix
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
nfs
NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
2019-11-01 11:03:56 -04:00
nfs_common
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
nfsd
nfsd: restore NFSv3 ACL support
2019-12-13 08:42:52 +01:00
nilfs2
vfs: create a generic checking and prep function for FS_IOC_SETFLAGS
2019-07-01 08:25:34 -07:00
nls
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
notify
Highlights:
2019-09-27 17:00:27 -07:00
ntfs
ntfs: remove (un)?likely() from IS_ERR() conditions
2019-09-26 10:10:44 -07:00
ocfs2
ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less
2020-01-09 10:19:57 +01:00
omfs
fs: omfs: Initialize filesystem timestamp ranges
2019-08-30 08:11:25 -07:00
openpromfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
orangefs
Orangefs: a fix and a cleanup
2019-09-19 10:21:35 -07:00
overlayfs
ovl: relax WARN_ON() on rename to self
2019-12-17 19:56:11 +01:00
proc
proc/meminfo: fix output alignment
2019-10-19 06:32:32 -04:00
pstore
pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
2020-01-09 10:19:57 +01:00
qnx4
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
qnx6
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
quota
fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
2020-01-04 19:17:25 +01:00
ramfs
vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API
2019-09-12 21:05:34 -04:00
reiserfs
reiserfs: fix extended attributes on the root directory
2019-12-17 19:56:44 +01:00
romfs
Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-19 10:06:57 -07:00
squashfs
Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-19 10:06:57 -07:00
sysfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
sysv
fs: sysv: Initialize filesystem timestamp ranges
2019-08-30 07:27:18 -07:00
tracefs
tracing: Do not create tracefs files if tracefs lockdown is in effect
2019-10-12 20:49:07 -04:00
ubifs
This pull request contains the following changes for UBI, UBIFS and JFFS2:
2019-09-21 11:10:16 -07:00
udf
fs-udf: Delete an unnecessary check before brelse()
2019-09-04 18:19:43 +02:00
ufs
y2038: add inode timestamp clamping
2019-09-19 09:42:37 -07:00
unicode
unicode: make array 'token' static const, makes object smaller
2019-09-17 11:48:24 -04:00
verity
fs-verity: support builtin file signatures
2019-08-12 19:33:50 -07:00
xfs
xfs: fix mount failure crash on invalid iclog memory access
2020-01-04 19:18:43 +01:00
aio.c
aio: Fix io_pgetevents() struct __compat_aio_sigset layout
2019-10-21 19:12:19 -04:00
anon_inodes.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
attr.c
timestamp_truncate: Replace users of timespec64_trunc
2019-08-30 07:27:17 -07:00
bad_inode.c
binfmt_aout.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
binfmt_elf_fdpic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
binfmt_elf.c
elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings
2019-10-06 13:53:27 -07:00
binfmt_em86.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
binfmt_flat.c
fs/binfmt_flat.c: remove set but not used variable 'inode'
2019-07-16 19:23:22 -07:00
binfmt_misc.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
binfmt_script.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
block_dev.c
bdev: Refresh bdev size for disks without partitioning
2019-12-13 08:43:19 +01:00
buffer.c
block: add bio_truncate to fix guard_bio_eod
2020-01-09 10:19:54 +01:00
char_dev.c
chardev: set variable ret to -EBUSY before checking minor range overlap
2019-05-24 20:50:36 +02:00
compat_binfmt_elf.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 193
2019-05-30 11:29:21 -07:00
compat_ioctl.c
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
2019-07-30 14:42:13 -07:00
compat.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
coredump.c
coredump: split pipe command whitespace before expanding template
2019-08-03 07:02:01 -07:00
d_path.c
[PATCH] fix d_absolute_path() interplay with fsmount()
2019-08-30 19:31:09 -04:00
dax.c
fs/dax: Fix pmd vs pte conflict detection
2019-10-22 22:53:02 -07:00
dcache.c
Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-20 09:15:51 -07:00
dcookies.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
direct-io.c
fs/direct-io.c: fix kernel-doc warning
2019-10-14 15:04:01 -07:00
drop_caches.c
eventfd.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
eventpoll.c
PM / wakeup: Show wakeup sources stats in sysfs
2019-08-21 00:20:40 +02:00
exec.c
exit/exec: Seperate mm_release()
2019-11-29 10:10:10 +01:00
fcntl.c
fs: mark expected switch fall-throughs
2019-04-08 18:21:02 -05:00
fhandle.c
fs/handle.c - fix up kerneldoc
2019-08-07 21:51:47 -04:00
file_table.c
vfs: Export flush_delayed_fput for use by knfsd.
2019-08-19 11:00:39 -04:00
file.c
filesystems.c
fs_context.c
vfs: subtype handling moved to fuse
2019-09-06 21:28:49 +02:00
fs_parser.c
vfs: Make fs_parse() handle fs_param_is_fd-type params better
2019-09-12 21:06:14 -04:00
fs_pin.c
switch the remnants of releasing the mountpoint away from fs_pin
2019-07-16 22:52:37 -04:00
fs_struct.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
fs_types.c
fs-writeback.c
cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead
2019-11-08 13:37:24 -07:00
fsopen.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
inode.c
mm,thp: avoid writes to file with THP in pagecache
2019-09-24 15:54:11 -07:00
internal.h
Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-20 09:15:51 -07:00
io_uring.c
io_uring: use current task creds instead of allocating a new one
2020-01-09 10:20:00 +01:00
ioctl.c
compat_ioctl: add compat_ptr_ioctl()
2019-12-17 19:55:30 +01:00
Kconfig
fs-verity for 5.4
2019-09-18 16:59:14 -07:00
Kconfig.binfmt
binfmt_flat: make support for old format binaries optional
2019-06-24 09:16:47 +10:00
libfs.c
fs/libfs.c: fix kernel-doc warning
2019-10-14 15:04:01 -07:00
locks.c
locks: print unsigned ino in /proc/locks
2020-01-09 10:19:57 +01:00
Makefile
fs-verity for 5.4
2019-09-18 16:59:14 -07:00
mbcache.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
mount.h
switch the remnants of releasing the mountpoint away from fs_pin
2019-07-16 22:52:37 -04:00
mpage.c
blkcg, writeback: Rename wbc_account_io() to wbc_account_cgroup_owner()
2019-07-10 09:00:57 -06:00
namei.c
fs/namei.c: keep track of nd->root refcount status
2019-09-03 09:30:45 -04:00
namespace.c
fs/namespace.c: fix use-after-free of mount in mnt_warn_timestamp_expiry()
2019-10-16 23:15:09 -04:00
no-block.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
nsfs.c
vfs: Convert nsfs to use the new mount API
2019-05-25 18:00:06 -04:00
open.c
fs: remove unlikely() from WARN_ON() condition
2019-09-26 10:10:30 -07:00
pipe.c
vfs: Convert pipe to use the new mount API
2019-05-25 18:00:07 -04:00
pnode.c
fs/namespace: fix unprivileged mount propagation
2019-06-17 17:36:09 -04:00
pnode.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 209
2019-05-30 11:29:53 -07:00
posix_acl.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
proc_namespace.c
vfs: subtype handling moved to fuse
2019-09-06 21:28:49 +02:00
read_write.c
vfs: fix page locking deadlocks when deduping files
2019-08-16 18:43:24 -07:00
readdir.c
filldir[64]: remove WARN_ON_ONCE() for bad directory entries
2019-10-18 18:41:16 -04:00
select.c
fs/select.c: use struct_size() in kmalloc()
2019-07-16 19:23:25 -07:00
seq_file.c
seq_file: fix problem when seeking mid-record
2019-08-13 16:06:52 -07:00
signalfd.c
fs: mark expected switch fall-throughs
2019-04-08 18:21:02 -05:00
splice.c
splice: only read in as much information as there is pipe buffer space
2019-12-17 19:56:52 +01:00
stack.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
stat.c
statfs.c
vfs: Fix EOVERFLOW testing in put_compat_statfs64
2019-10-03 14:21:35 -07:00
super.c
Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-10-10 08:16:44 -07:00
sync.c
fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback
2019-05-14 09:47:50 -07:00
timerfd.c
timerfd: Prepare for PREEMPT_RT
2019-08-01 20:51:23 +02:00
userfaultfd.c
userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
2020-01-04 19:18:32 +01:00
utimes.c
utimes: Clamp the timestamps before update
2019-08-30 07:27:17 -07:00
xattr.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00