提交 baf97eb4 编写于 作者: Z Zhihao Cheng 提交者: Zheng Zengkai

ubifs: Fix AA deadlock when setting xattr for encrypted file

hulk inclusion
category: bugfix
bugzilla: 187250, https://gitee.com/openeuler/kernel/issues/I5HSMS
CVE: NA

-------------------------------------------------

Following process:
vfs_setxattr(host)
  ubifs_xattr_set
    down_write(host_ui->xattr_sem)   <- lock first time
      create_xattr
        ubifs_new_inode(host)
          fscrypt_prepare_new_inode(host)
            fscrypt_policy_to_inherit(host)
              if (IS_ENCRYPTED(inode))
                fscrypt_require_key(host)
                  fscrypt_get_encryption_info(host)
                    ubifs_xattr_get(host)
                      down_read(host_ui->xattr_sem) <- AA deadlock

, which may trigger an AA deadlock problem:

[  102.620871] INFO: task setfattr:1599 blocked for more than 10 seconds.
[  102.625298]       Not tainted 5.19.0-rc7-00001-gb666b6823ce0-dirty #711
[  102.628732] task:setfattr        state:D stack:    0 pid: 1599
[  102.628749] Call Trace:
[  102.628753]  <TASK>
[  102.628776]  __schedule+0x482/0x1060
[  102.629964]  schedule+0x92/0x1a0
[  102.629976]  rwsem_down_read_slowpath+0x287/0x8c0
[  102.629996]  down_read+0x84/0x170
[  102.630585]  ubifs_xattr_get+0xd1/0x370 [ubifs]
[  102.630730]  ubifs_crypt_get_context+0x1f/0x30 [ubifs]
[  102.630791]  fscrypt_get_encryption_info+0x7d/0x1c0
[  102.630810]  fscrypt_policy_to_inherit+0x56/0xc0
[  102.630817]  fscrypt_prepare_new_inode+0x35/0x160
[  102.630830]  ubifs_new_inode+0xcc/0x4b0 [ubifs]
[  102.630873]  ubifs_xattr_set+0x591/0x9f0 [ubifs]
[  102.630961]  xattr_set+0x8c/0x3e0 [ubifs]
[  102.631003]  __vfs_setxattr+0x71/0xc0
[  102.631026]  vfs_setxattr+0x105/0x270
[  102.631034]  do_setxattr+0x6d/0x110
[  102.631041]  setxattr+0xa0/0xd0
[  102.631087]  __x64_sys_setxattr+0x2f/0x40

Fetch a reproducer in [Link].

Just like ext4 does, which skips encrypting for inode with
EXT4_EA_INODE_FL flag. Stop encypting xattr inode for ubifs.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216260
Fixes: f4e3634a ("ubifs: Fix races between xattr_{set|get} ...")
Fixes: d475a507 ("ubifs: Add skeleton for fscrypto")
Signed-off-by: NZhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: NZhang Yi <yi.zhang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 6658b33b
...@@ -68,13 +68,14 @@ static int inherit_flags(const struct inode *dir, umode_t mode) ...@@ -68,13 +68,14 @@ static int inherit_flags(const struct inode *dir, umode_t mode)
* @c: UBIFS file-system description object * @c: UBIFS file-system description object
* @dir: parent directory inode * @dir: parent directory inode
* @mode: inode mode flags * @mode: inode mode flags
* @is_xattr: whether the inode is xattr inode
* *
* This function finds an unused inode number, allocates new inode and * This function finds an unused inode number, allocates new inode and
* initializes it. Returns new inode in case of success and an error code in * initializes it. Returns new inode in case of success and an error code in
* case of failure. * case of failure.
*/ */
struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
umode_t mode) umode_t mode, bool is_xattr)
{ {
int err; int err;
struct inode *inode; struct inode *inode;
...@@ -99,10 +100,12 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, ...@@ -99,10 +100,12 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
current_time(inode); current_time(inode);
inode->i_mapping->nrpages = 0; inode->i_mapping->nrpages = 0;
err = fscrypt_prepare_new_inode(dir, inode, &encrypted); if (!is_xattr) {
if (err) { err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err); if (err) {
goto out_iput; ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
goto out_iput;
}
} }
switch (mode & S_IFMT) { switch (mode & S_IFMT) {
...@@ -308,7 +311,7 @@ static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode, ...@@ -308,7 +311,7 @@ static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
sz_change = CALC_DENT_SIZE(fname_len(&nm)); sz_change = CALC_DENT_SIZE(fname_len(&nm));
inode = ubifs_new_inode(c, dir, mode); inode = ubifs_new_inode(c, dir, mode, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_fname; goto out_fname;
...@@ -369,7 +372,7 @@ static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry) ...@@ -369,7 +372,7 @@ static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry)
if (err) if (err)
return ERR_PTR(err); return ERR_PTR(err);
inode = ubifs_new_inode(c, dir, mode); inode = ubifs_new_inode(c, dir, mode, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_free; goto out_free;
...@@ -461,7 +464,7 @@ static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry, ...@@ -461,7 +464,7 @@ static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
return err; return err;
} }
inode = ubifs_new_inode(c, dir, mode); inode = ubifs_new_inode(c, dir, mode, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_budg; goto out_budg;
...@@ -1002,7 +1005,7 @@ static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) ...@@ -1002,7 +1005,7 @@ static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
sz_change = CALC_DENT_SIZE(fname_len(&nm)); sz_change = CALC_DENT_SIZE(fname_len(&nm));
inode = ubifs_new_inode(c, dir, S_IFDIR | mode); inode = ubifs_new_inode(c, dir, S_IFDIR | mode, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_fname; goto out_fname;
...@@ -1089,7 +1092,7 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry, ...@@ -1089,7 +1092,7 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
sz_change = CALC_DENT_SIZE(fname_len(&nm)); sz_change = CALC_DENT_SIZE(fname_len(&nm));
inode = ubifs_new_inode(c, dir, mode); inode = ubifs_new_inode(c, dir, mode, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
kfree(dev); kfree(dev);
err = PTR_ERR(inode); err = PTR_ERR(inode);
...@@ -1171,7 +1174,7 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, ...@@ -1171,7 +1174,7 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
sz_change = CALC_DENT_SIZE(fname_len(&nm)); sz_change = CALC_DENT_SIZE(fname_len(&nm));
inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO); inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO, false);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_fname; goto out_fname;
......
...@@ -1996,7 +1996,7 @@ int ubifs_update_time(struct inode *inode, struct timespec64 *time, int flags); ...@@ -1996,7 +1996,7 @@ int ubifs_update_time(struct inode *inode, struct timespec64 *time, int flags);
/* dir.c */ /* dir.c */
struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
umode_t mode); umode_t mode, bool is_xattr);
int ubifs_getattr(const struct path *path, struct kstat *stat, int ubifs_getattr(const struct path *path, struct kstat *stat,
u32 request_mask, unsigned int flags); u32 request_mask, unsigned int flags);
int ubifs_check_dir_empty(struct inode *dir); int ubifs_check_dir_empty(struct inode *dir);
......
...@@ -110,7 +110,7 @@ static int create_xattr(struct ubifs_info *c, struct inode *host, ...@@ -110,7 +110,7 @@ static int create_xattr(struct ubifs_info *c, struct inode *host,
if (err) if (err)
return err; return err;
inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO); inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO, true);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
err = PTR_ERR(inode); err = PTR_ERR(inode);
goto out_budg; goto out_budg;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册