OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/fs
History
Alexander Potapenko 1468c6f455 mm: fs: initialize fsdata passed to write_begin/write_end interface 
Functions implementing the a_ops->write_end() interface accept the `void
*fsdata` parameter that is supposed to be initialized by the corresponding
a_ops->write_begin() (which accepts `void **fsdata`).

However not all a_ops->write_begin() implementations initialize `fsdata`
unconditionally, so it may get passed uninitialized to a_ops->write_end(),
resulting in undefined behavior.

Fix this by initializing fsdata with NULL before the call to
write_begin(), rather than doing so in all possible a_ops implementations.

This patch covers only the following cases found by running x86 KMSAN
under syzkaller:

 - generic_perform_write()
 - cont_expand_zero() and generic_cont_expand_simple()
 - page_symlink()

Other cases of passing uninitialized fsdata may persist in the codebase.

Link: https://lkml.kernel.org/r/20220915150417.722975-43-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Marco Elver <elver@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 		2022-10-03 14:03:25 -07:00
..
9p
adfs
affs affs: use memcpy_to_page and remove replace kmap_atomic() 2022-08-01 19:53:31 +02:00
afs afs: Enable multipage folio support 2022-08-13 17:20:51 -07:00
autofs
befs befs: Convert befs_symlink_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
bfs
btrfs btrfs: convert process_page_range() to use filemap_get_folios_contig() 2022-09-11 20:26:03 -07:00
cachefiles
ceph We have a good pile of various fixes and cleanups from Xiubo, Jeff, 2022-08-11 12:41:07 -07:00
cifs cifs: Add helper function to check smb1+ server 2022-08-24 22:30:09 -05:00
coda coda: Convert coda_symlink_filler() to use a folio 2022-08-02 12:34:03 -04:00
configfs
cramfs cramfs: read_mapping_page() is synchronous 2022-08-02 12:34:02 -04:00
crypto We have a good pile of various fixes and cleanups from Xiubo, Jeff, 2022-08-11 12:41:07 -07:00
debugfs
devpts
dlm fs: dlm: move kref_put assert for lkb structs 2022-08-01 09:31:46 -05:00
ecryptfs
efivarfs
efs
erofs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
exfat exfat: Drop superfluous new line for error messages 2022-08-01 10:14:07 +09:00
exportfs
ext2 ext2: replace bh_submit_read() helper with bh_read() 2022-09-11 20:26:08 -07:00
ext4 - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
f2fs f2fs-for-6.0 2022-08-08 11:18:31 -07:00
fat Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
freevxfs freevxfs: Convert vxfs_immed_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
fscache fscache: add tracepoint when failing cookie 2022-08-09 14:13:59 +01:00
fuse mm: multi-gen LRU: groundwork 2022-09-26 19:46:09 -07:00
gfs2 gfs2: replace ll_rw_block() 2022-09-11 20:26:06 -07:00
hfs
hfsplus Folio changes for 6.0 2022-08-03 10:35:43 -07:00
hostfs hostfs: Handle page write errors correctly 2022-08-02 12:34:02 -04:00
hpfs
hugetlbfs hugetlb: clean up code checking for fault/truncation races 2022-10-03 14:03:17 -07:00
iomap New code for 6.0: 2022-08-11 13:11:49 -07:00
isofs isofs: replace ll_rw_block() 2022-09-11 20:26:06 -07:00
jbd2 jbd2: replace ll_rw_block() 2022-09-11 20:26:06 -07:00
jffs2
jfs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
kernfs kernfs: Fix typo 'the the' in comment 2022-07-28 10:57:25 +02:00
ksmbd ksmbd: don't remove dos attribute xattr on O_TRUNC open 2022-08-15 21:07:01 -05:00
lockd lockd: detect and reject lock arguments that overflow 2022-08-04 10:28:48 -04:00
minix
netfs
nfs NFS client bugfixes for Linux 6.0 2022-08-22 11:40:01 -07:00
nfs_common
nfsd NFSD 6.0 Release Notes 2022-08-09 14:56:49 -07:00
nilfs2 nilfs2: convert nilfs_find_uncommited_extent() to use filemap_get_folios_contig() 2022-09-11 20:26:03 -07:00
nls
notify fsnotify: Fix comment typo 2022-07-26 13:38:47 +02:00
ntfs ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() 2022-09-11 16:22:29 -07:00
ntfs3 ntfs3: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
ocfs2 ocfs2: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
omfs
openpromfs
orangefs
overlayfs acl: handle idmapped mounts for idmapped filesystems 2022-08-17 11:23:31 +02:00
proc ksm: count allocated ksm rmap_items for each process 2022-09-26 19:46:29 -07:00
pstore EFI updates for v5.20 2022-08-03 14:38:02 -07:00
qnx4
qnx6
quota - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
ramfs ramfs: convert ramfs_nommu_get_unmapped_area() to use filemap_get_folios_contig() 2022-09-11 20:26:03 -07:00
reiserfs reiserfs: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
romfs
smbfs_common
squashfs squashfs: don't call kmalloc in decompressors 2022-08-28 14:02:45 -07:00
sysfs
sysv
tracefs
ubifs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
udf udf: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
ufs ufs: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
unicode
vboxsf
verity
xfs xfs: fix SB_BORN check in xfs_dax_notify_failure() 2022-09-11 16:22:29 -07:00
zonefs New code for 6.0: 2022-08-11 13:11:49 -07:00
Kconfig hugetlb: make hugetlb depends on SYSFS or SYSCTL 2022-09-11 20:26:10 -07:00
Kconfig.binfmt
Makefile
aio.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
anon_inodes.c
attr.c vfs: Check the truncate maximum size in inode_newsize_ok() 2022-08-08 10:39:29 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c
binfmt_elf_fdpic.c
binfmt_elf_test.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-10-03 14:03:25 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: remove vma linked list walk 2022-09-26 19:46:20 -07:00
d_path.c
dax.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
dcache.c dcache: move the DCACHE_OP_COMPARE case out of the __d_lookup_rcu loop 2022-08-17 14:33:03 -07:00
direct-io.c iov_iter: advancing variants of iov_iter_get_pages{,_alloc}() 2022-08-08 22:37:22 -04:00
drop_caches.c
eventfd.c
eventpoll.c
exec.c exec: use VMA iterator instead of linked list 2022-09-26 19:46:21 -07:00
fcntl.c
fhandle.c
file.c
file_table.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
filesystems.c
fs-writeback.c writeback: avoid use-after-free after removing device 2022-08-28 14:02:43 -07:00
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c fs: __file_remove_privs(): restore call to inode_has_no_xattr() 2022-08-18 09:39:33 +02:00
internal.h
ioctl.c
kernel_read_file.c
libfs.c
locks.c locks: Fix dropped call to ->fl_release_private() 2022-08-17 15:08:58 -04:00
mbcache.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
mount.h
mpage.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
namei.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-10-03 14:03:25 -07:00
namespace.c fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts 2022-08-17 11:27:11 +02:00
no-block.c
nsfs.c
open.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
pipe.c
pnode.c
pnode.h
posix_acl.c tmpfs: add support for an i_version counter 2022-10-03 14:03:06 -07:00
proc_namespace.c
read_write.c switch new_sync_{read,write}() to ITER_UBUF 2022-08-08 22:37:15 -04:00
readdir.c
remap_range.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
select.c
seq_file.c
signalfd.c
splice.c iter_to_pipe(): switch to advancing variant of iov_iter_get_pages() 2022-08-08 22:37:23 -04:00
stack.c
stat.c
statfs.c
super.c fuse update for 6.0 2022-08-08 11:10:02 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c userfaultfd: use maple tree iterator to iterate VMAs 2022-09-26 19:46:21 -07:00
utimes.c
xattr.c