Message ID | 20230510204413.615426-2-cascardo@canonical.com |
---|---|
State | New |
Headers | show |
Series | shiftfs: fix locking in shiftfs_create_object() | expand |
Acked-by: Ian May <ian.may@canonical.com> On 2023-05-10 17:44:13 , Thadeu Lima de Souza Cascardo wrote: > From: Andrea Righi <andrea.righi@canonical.com> > > Make sure to always acquire the inode lock of loweri_dir_iop when > accessing its methods. > > This also prevents an lock unbalance when one of such methods is not > implemented. > > Signed-off-by: Andrea Righi <andrea.righi@canonical.com> > CVE-2023-2612 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > fs/shiftfs.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/shiftfs.c b/fs/shiftfs.c > index 2664e1fb65d30..e777d9f685938 100644 > --- a/fs/shiftfs.c > +++ b/fs/shiftfs.c > @@ -409,6 +409,8 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry, > const struct inode_operations *loweri_dir_iop = loweri_dir->i_op; > struct dentry *lowerd_link = NULL; > > + inode_lock_nested(loweri_dir, I_MUTEX_PARENT); > + > if (hardlink) { > loweri_iop_ptr = loweri_dir_iop->link; > } else { > @@ -434,8 +436,6 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry, > goto out_iput; > } > > - inode_lock_nested(loweri_dir, I_MUTEX_PARENT); > - > if (!hardlink) { > inode = new_inode(dir_sb); > if (!inode) { > -- > 2.39.2 > > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/fs/shiftfs.c b/fs/shiftfs.c index 2664e1fb65d30..e777d9f685938 100644 --- a/fs/shiftfs.c +++ b/fs/shiftfs.c @@ -409,6 +409,8 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry, const struct inode_operations *loweri_dir_iop = loweri_dir->i_op; struct dentry *lowerd_link = NULL; + inode_lock_nested(loweri_dir, I_MUTEX_PARENT); + if (hardlink) { loweri_iop_ptr = loweri_dir_iop->link; } else { @@ -434,8 +436,6 @@ static int shiftfs_create_object(struct inode *diri, struct dentry *dentry, goto out_iput; } - inode_lock_nested(loweri_dir, I_MUTEX_PARENT); - if (!hardlink) { inode = new_inode(dir_sb); if (!inode) {