From patchwork Sat Sep 9 03:16:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 137836 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ab0a:0:b0:3f2:4152:657d with SMTP id m10csp1212486vqo; Sat, 9 Sep 2023 09:28:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE7qzIa6FRn2QBk9Fh36oiYoiTa3LdKtZLxU8DeNzYfybXSMKmrRHAd6hco0t0o3pcP5se8 X-Received: by 2002:aa7:ce05:0:b0:523:3853:e01a with SMTP id d5-20020aa7ce05000000b005233853e01amr4072499edv.36.1694276894620; Sat, 09 Sep 2023 09:28:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694276894; cv=none; d=google.com; s=arc-20160816; b=zQQVHj8dgHpdA4py/33YCp2u8h+H1/LlhUD3yxezVC0d8ED1AtjQNMlauz7JGk8BFk 3lRaabC4B9bQM4aPH9f79JjLLS7cd6q8acn8skOMswKkhVHUPiijBJLmcf44ti7iUV+g 33a2PrHAA7KtUSoMtzkDB5XkF2sNrefNglii0+Busycnlzm0vRxq/OEwBr9zyFl36RSu HRJN17cXTGeo40jTXUwiExstS1u7vio9xDzUmzPlDIvVMHViI7WlL3voDc+gBdWiKV0V l4I9uFs48bjiAtwVBSeAgGCT2nXOi3wqRYYXrHlqDttqlxVnUgFmX7FSN6sczSiJisn/ ZxgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=ua4vyJG4jmQOuuVkZhh0dIuiaXGO2bF4w/mU2MPD3XQ=; fh=xHcg5TdCQP957WfgID2Hb2/KNvVNsnXknMVdAjWuH7Y=; b=sYbjajTFE5OoaAxErpjOkKnk9ci4KUu38z89o68kwVb4onqvODI1/3Q0c1zY+GXowM AnXXLsvtgeWtT3kt04pZgnjWslcLjlJsWPa95B8gU9Liy+2Y1kyEtM6kv3IIh3UrC9iU ez6ge1o75z5yCi7OS6LO3BSCyOUmLHadwD2xc4Dprltqsfi9fWbXC2yl3WLOxBNlyqwu cB6GcxsyQaqueuElE3VuqpN8UEG8IUxjNQf+5XcnJ/eizueoRlWx/A4DruBSsfc6gFUv 3Tx6Rbr7W9pb8XoTKpumKokCxlffBWMqLZ9dmcepPwpFsDAj9lERpyfdFHyYfsBRsI5r LayQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y14-20020a056402134e00b0052228b42848si3406393edw.60.2023.09.09.09.28.11; Sat, 09 Sep 2023 09:28:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235479AbjIIDXi (ORCPT + 11 others); Fri, 8 Sep 2023 23:23:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232042AbjIIDXf (ORCPT ); Fri, 8 Sep 2023 23:23:35 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4939E1FE5; Fri, 8 Sep 2023 20:23:30 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4D55C433CA; Sat, 9 Sep 2023 03:23:29 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qeoZY-000Ycx-1C; Fri, 08 Sep 2023 23:23:48 -0400 Message-ID: <20230909032348.185808168@goodmis.org> User-Agent: quilt/0.66 Date: Fri, 08 Sep 2023 23:16:16 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , stable@vger.kernel.org, Ajay Kaher , Ching-lin Yu , kernel test robot Subject: [for-linus][PATCH 01/15] tracefs: Add missing lockdown check to tracefs_create_dir() References: <20230909031615.047488015@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1776578088980202297 X-GMAIL-MSGID: 1776578088980202297 From: "Steven Rostedt (Google)" The function tracefs_create_dir() was missing a lockdown check and was called by the RV code. This gave an inconsistent behavior of this function returning success while other tracefs functions failed. This caused the inode being freed by the wrong kmem_cache. Link: https://lkml.kernel.org/r/20230905182711.692687042@goodmis.org Link: https://lore.kernel.org/all/202309050916.58201dc6-oliver.sang@intel.com/ Cc: stable@vger.kernel.org Cc: Masami Hiramatsu Cc: Mark Rutland Cc: Andrew Morton Cc: Ajay Kaher Cc: Ching-lin Yu Fixes: bf8e602186ec4 ("tracing: Do not create tracefs files if tracefs lockdown is in effect") Reported-by: kernel test robot Signed-off-by: Steven Rostedt (Google) --- fs/tracefs/inode.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index de5b72216b1a..3b8dd938b1c8 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -673,6 +673,9 @@ static struct dentry *__create_dir(const char *name, struct dentry *parent, */ struct dentry *tracefs_create_dir(const char *name, struct dentry *parent) { + if (security_locked_down(LOCKDOWN_TRACEFS)) + return NULL; + return __create_dir(name, parent, &simple_dir_inode_operations); }