Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 03:43:03 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/fs
History
Zheng Liu 09a2084042 ext4: fix a BUG when opening a file with O_TMPFILE flag 
When we try to open a file with O_TMPFILE flag, we will trigger a bug.
The root cause is that in ext4_orphan_add() we check ->i_nlink == 0 and
this check always fails because we set ->i_nlink = 1 in
inode_init_always().  We can use the following program to trigger it:

int main(int argc, char *argv[])
{
	int fd;

	fd = open(argv[1], O_TMPFILE, 0666);
	if (fd < 0) {
		perror("open ");
		return -1;
	}
	close(fd);
	return 0;
}

The oops message looks like this:

kernel BUG at fs/ext4/namei.c:2572!
invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: dlci bridge stp hidp cmtp kernelcapi l2tp_ppp l2tp_netlink l2tp_core sctp libcrc32c rfcomm tun fuse nfnetli
nk can_raw ipt_ULOG can_bcm x25 scsi_transport_iscsi ipx p8023 p8022 appletalk phonet psnap vmw_vsock_vmci_transport af_key vmw_vmci rose vsock atm can netrom ax25 af_rxrpc ir
da pppoe pppox ppp_generic slhc bluetooth nfc rfkill rds caif_socket caif crc_ccitt af_802154 llc2 llc snd_hda_codec_realtek snd_hda_intel snd_hda_codec serio_raw snd_pcm pcsp
kr edac_core snd_page_alloc snd_timer snd soundcore r8169 mii sr_mod cdrom pata_atiixp radeon backlight drm_kms_helper ttm
CPU: 1 PID: 1812571 Comm: trinity-child2 Not tainted 3.11.0-rc1+ #12
Hardware name: Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H, BIOS F12a 04/23/2010
task: ffff88007dfe69a0 ti: ffff88010f7b6000 task.ti: ffff88010f7b6000
RIP: 0010:[<ffffffff8125ce69>]  [<ffffffff8125ce69>] ext4_orphan_add+0x299/0x2b0
RSP: 0018:ffff88010f7b7cf8  EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff8800966d3020 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88007dfe70b8 RDI: 0000000000000001
RBP: ffff88010f7b7d40 R08: ffff880126a3c4e0 R09: ffff88010f7b7ca0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801271fd668
R13: ffff8800966d2f78 R14: ffff88011d7089f0 R15: ffff88007dfe69a0
FS:  00007f70441a3740(0000) GS:ffff88012a800000(0000) knlGS:00000000f77c96c0
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000002834000 CR3: 0000000107964000 CR4: 00000000000007e0
DR0: 0000000000780000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Stack:
 0000000000002000 00000020810b6dde 0000000000000000 ffff88011d46db00
 ffff8800966d3020 ffff88011d7089f0 ffff88009c7f4c10 ffff88010f7b7f2c
 ffff88007dfe69a0 ffff88010f7b7da8 ffffffff8125cfac ffff880100000004
Call Trace:
 [<ffffffff8125cfac>] ext4_tmpfile+0x12c/0x180
 [<ffffffff811cba78>] path_openat+0x238/0x700
 [<ffffffff8100afc4>] ? native_sched_clock+0x24/0x80
 [<ffffffff811cc647>] do_filp_open+0x47/0xa0
 [<ffffffff811db73f>] ? __alloc_fd+0xaf/0x200
 [<ffffffff811ba2e4>] do_sys_open+0x124/0x210
 [<ffffffff81010725>] ? syscall_trace_enter+0x25/0x290
 [<ffffffff811ba3ee>] SyS_open+0x1e/0x20
 [<ffffffff816ca8d4>] tracesys+0xdd/0xe2
 [<ffffffff81001001>] ? start_thread_common.constprop.6+0x1/0xa0
Code: 04 00 00 00 89 04 24 31 c0 e8 c4 77 04 00 e9 43 fe ff ff 66 25 00 d0 66 3d 00 80 0f 84 0e fe ff ff 83 7b 48 00 0f 84 04 fe ff ff <0f> 0b 49 8b 8c 24 50 07 00 00 e9 88 fe ff ff 0f 1f 84 00 00 00

Here we couldn't call clear_nlink() directly because in d_tmpfile() we
will call inode_dec_link_count() to decrease ->i_nlink.  So this commit
tries to call d_tmpfile() before ext4_orphan_add() to fix this problem.

Change-Id: Ie8a8009970d1e38c6863d94296f2738918da5429
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Zheng Liu <wenqing.lz@taobao.com>
Tested-by: Darrick J. Wong <darrick.wong@oracle.com>
Tested-by: Dave Jones <davej@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
2018-12-03 11:52:38 +01:00
..
9p Merge tag 'LA.BR.1.3.6-03910-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2017-05-26 13:28:48 +02:00
adfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
affs This is the 3.10.84 stable release 2015-09-30 13:25:40 +05:30
afs aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
autofs4 move d_rcu from overlapping d_child to overlapping d_alias 2015-04-29 10:34:00 +02:00
befs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
bfs
btrfs Merge tag 'LA.BR.1.3.6-03910-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2017-05-26 13:28:48 +02:00
cachefiles lift sb_start_write() out of ->write() 2013-04-09 14:12:56 -04:00
ceph move d_rcu from overlapping d_child to overlapping d_alias 2015-04-29 10:34:00 +02:00
cifs This is the 3.10.102 stable release 2017-04-18 17:22:08 +02:00
coda This is the 3.10.84 stable release 2015-09-30 13:25:40 +05:30
configfs configfs: fix race between dentry put and lookup 2013-11-29 11:11:53 -08:00
cramfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
crypto fscrypt: catch up to v4.11-rc1 2017-03-09 11:48:12 -08:00
debugfs BACKPORT: dentry name snapshots 2017-12-22 20:25:56 +00:00
devpts This is the 3.10.98 stable release 2017-04-18 17:17:24 +02:00
dlm
ecryptfs fs: ecryptfs: Checkout to LA.BR.1.3.6-04510-8976.0 2018-02-06 13:12:17 +01:00
efivarfs efi: Make efivarfs entries immutable by default 2016-03-16 08:41:37 -07:00
efs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
exfat Import latest Samsung release 2017-04-18 03:43:52 +02:00
exofs ore: Fix wrong math in allocation of per device BIO 2014-02-13 13:48:00 -08:00
exportfs This is the 3.10.84 stable release 2015-09-30 13:25:40 +05:30
ext2 it's still short a few helpers, but infrastructure should be OK now... 2018-12-03 11:52:03 +01:00
ext3 ext3 ->tmpfile() support 2018-12-03 11:52:12 +01:00
ext4 ext4: fix a BUG when opening a file with O_TMPFILE flag 2018-12-03 11:52:38 +01:00
f2fs UPSTREAM: f2fs: sanity check segment count 2017-09-08 18:49:20 +00:00
fat Import latest Samsung release 2017-04-18 03:43:52 +02:00
freevxfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
fscache FS-Cache: Increase reference of parent after registering, netfs success 2016-02-19 14:22:41 -08:00
fuse fuse: Add support for d_canonical_path 2018-02-06 13:12:18 +01:00
gfs2 ANDROID: fix acl leaks 2017-04-28 21:43:17 -07:00
hfs Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
hfsplus Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
hostfs uml: fix hostfs mknod() 2016-03-03 15:06:23 -08:00
hpfs Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
hppfs hppfs: get rid of ->fsync() 2013-04-29 15:41:42 -04:00
hugetlbfs mm: larger stack guard gap, between vmas 2017-07-11 00:00:39 +00:00
isofs get_rock_ridge_filename(): handle malformed NM entries 2016-06-07 10:42:53 +02:00
jbd
jbd2 This is the 3.10.102 stable release 2017-04-18 17:22:08 +02:00
jffs2 Merge tag 'LA.BR.1.3.6-03910-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2017-05-26 13:28:48 +02:00
jfs ANDROID: fix acl leaks 2017-04-28 21:43:17 -07:00
lockd lockd: create NSM handles per net namespace 2016-03-03 15:06:20 -08:00
logfs
minix it's still short a few helpers, but infrastructure should be OK now... 2018-12-03 11:52:03 +01:00
ncpfs This is the 3.10.84 stable release 2015-09-30 13:25:40 +05:30
nfs This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
nfs_common
nfsd constify ->actor 2015-09-16 18:20:09 +05:30
nilfs2 This is the 3.10.84 stable release 2015-09-30 13:25:40 +05:30
nls
notify vfs: Add permission2 for filesystems with per mount permissions 2018-02-06 13:12:19 +01:00
ntfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
ocfs2 Merge tag 'LA.BR.1.3.6-03910-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2017-05-26 13:28:48 +02:00
omfs fs, omfs: add NULL terminator in the end up the token list 2015-06-05 23:19:54 -07:00
openpromfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
proc UPSTREAM: capabilities: ambient capabilities 2018-02-06 13:12:16 +01:00
pstore Import latest Samsung release 2017-04-18 03:43:52 +02:00
qnx4 fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
qnx6 fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
quota quota: provide interface for readding allocated space into reserved space 2015-01-29 17:40:57 -08:00
ramfs
reiserfs posix_acl: Clear SGID bit when setting file permissions 2017-04-28 00:00:11 -07:00
romfs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
sdcardfs ANDROID: sdcardfs: Protect set_top 2018-08-15 14:40:15 +02:00
sdfat Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
squashfs Squashfs: Add LZ4 compression configuration option 2015-09-16 18:20:12 +05:30
sysfs Import latest Samsung release 2017-04-18 03:43:52 +02:00
sysv This is the 3.10.97 stable release 2017-04-18 17:17:20 +02:00
ubifs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
udf This is the 3.10.98 stable release 2017-04-18 17:17:24 +02:00
ufs fs: push sync_filesystem() down to the file system's remount_fs() 2015-09-16 18:20:11 +05:30
xfs Merge tag 'LA.BR.1.3.6-03910-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2017-05-26 13:28:48 +02:00
yaffs2 fs: yaffs2: initialize delayed workqueue before using it 2013-11-26 23:29:26 -08:00
aio.c Merge tag 'LA.BR.1.3.6-03510-8976.0' into HEAD 2017-04-18 12:11:50 +02:00
anon_inodes.c get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero 2013-02-26 02:46:11 -05:00
attr.c vfs: Add setattr2 for filesystems with per mount permissions 2018-02-06 13:12:20 +01:00
bad_inode.c lseek: the "whence" argument is called "whence" 2012-12-17 17:15:12 -08:00
binfmt_aout.c mm: remove free_area_cache 2014-02-07 13:49:41 -08:00
binfmt_elf.c This is the 3.10.97 stable release 2017-04-18 17:17:20 +02:00
binfmt_elf_fdpic.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
binfmt_em86.c
binfmt_flat.c new helper: read_code() 2013-04-29 15:40:23 -04:00
binfmt_misc.c
binfmt_script.c exec: do not leave bprm->interp on stack 2012-12-20 17:40:19 -08:00
binfmt_som.c
bio-integrity.c bio-integrity: Fix bio_integrity_verify segment start bug 2014-03-23 21:38:21 -07:00
bio.c platform: msm: fix PFT when using direct-io 2014-06-23 21:38:40 +03:00
block_dev.c mm: vmscan: take page buffers dirty and locked state into account 2014-12-11 15:12:10 +05:30
buffer.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
char_dev.c char_dev: pin parent kobject 2012-10-22 08:50:37 +03:00
compat.c constify ->actor 2015-09-16 18:20:09 +05:30
compat_binfmt_elf.c binfmt_elf: add ELF_HWCAP2 to compat auxv entries 2015-03-19 14:52:32 -07:00
compat_ioctl.c fs: Add TTY PM IOCTLs to compat table 2014-07-30 10:25:00 -06:00
coredump.c vfs: Add setattr2 for filesystems with per mount permissions 2018-02-06 13:12:20 +01:00
coredump.h coredump: update coredump-related headers 2012-10-06 03:05:15 +09:00
dcache.c it's still short a few helpers, but infrastructure should be OK now... 2018-12-03 11:52:03 +01:00
dcookies.c fs/compat: fix lookup_dcookie() parameter handling 2014-02-13 13:48:00 -08:00
direct-io.c platform: msm: fix PFT when using direct-io 2014-06-23 21:38:40 +03:00
drop_caches.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
eventfd.c fs, eventfd: add procfs fdinfo helper 2012-12-17 17:15:27 -08:00
eventpoll.c Revert "epoll: use freezable blocking call" 2014-08-29 14:20:41 -07:00
exec.c vfs: Add permission2 for filesystems with per mount permissions 2018-02-06 13:12:19 +01:00
fcntl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
fhandle.c vfs: read file_handle only once in handle_to_path. 2015-07-22 07:25:30 -07:00
file.c Merge upstream linux-stable v3.10.36 into msm-3.10 2014-04-23 16:23:49 -07:00
file_table.c get rid of s_files and files_lock 2015-07-03 19:48:08 -07:00
filesystems.c
fs-writeback.c sync: don't block the flusher thread waiting on IO 2015-09-16 18:20:20 +05:30
fs_struct.c sdcardfs: override umask on mkdir and create 2018-02-06 13:12:18 +01:00
generic_acl.c tmpfs: clear S_ISGID when setting posix ACLs 2017-04-22 23:02:57 +02:00
inode.c allow the temp files created by open() to be linked to 2018-12-03 11:52:08 +01:00
internal.h vfs: Allow filesystems to access their private mount data 2018-02-06 13:12:19 +01:00
ioctl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
ioprio.c block: fix use-after-free in sys_ioprio_get() 2016-11-19 20:01:20 -08:00
Kconfig Initial port of sdcardfs 2018-02-06 13:12:17 +01:00
Kconfig.binfmt fs: make binfmt support for #! scripts modular and removable 2013-04-30 17:04:04 -07:00
libfs.c move d_rcu from overlapping d_child to overlapping d_alias 2015-04-29 10:34:00 +02:00
locks.c locks: fix unlock when fcntl_setlk races with a close 2016-03-09 15:31:53 -08:00
Makefile Initial port of sdcardfs 2018-02-06 13:12:17 +01:00
mbcache.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
mount.h vfs: Is mounted should be testing mnt_ns for NULL or error. 2014-02-06 11:08:16 -08:00
mpage.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
namei.c Safer ABI for O_TMPFILE 2018-12-03 11:52:36 +01:00
namespace.c vfs: Allow filesystems to access their private mount data 2018-02-06 13:12:19 +01:00
no-block.c
open.c allow O_TMPFILE to work with O_WRONLY 2018-12-03 11:52:37 +01:00
pipe.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
pnode.c ANDROID: mnt: remount should propagate to slaves of slaves 2018-02-06 13:12:20 +01:00
pnode.h ANDROID: mnt: remount should propagate to slaves of slaves 2018-02-06 13:12:20 +01:00
posix_acl.c posix_acl: Clear SGID bit when setting file permissions 2017-04-28 00:00:11 -07:00
proc_namespace.c vfs: Allow filesystems to access their private mount data 2018-02-06 13:12:19 +01:00
read_write.c fs: Workaround the compiler's bad optimization 2016-02-04 13:23:34 +05:30
readdir.c fs: readdir: Fix su hide patch for non-iterate filesystems 2017-07-14 21:04:43 +02:00
select.c select: use freezable blocking call 2013-07-01 15:45:28 -07:00
seq_file.c fs/seq_file: Use vmalloc by default for allocations > PAGE_SIZE 2014-09-23 10:37:58 -06:00
signalfd.c signalfd: fix information leak in signalfd_copyinfo 2015-08-16 20:51:42 -07:00
splice.c splice: handle zero nr_pages in splice_to_pipe() 2016-06-07 10:42:46 +02:00
stack.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
stat.c quota: provide interface for readding allocated space into reserved space 2015-01-29 17:40:57 -08:00
statfs.c vfs: allow O_PATH file descriptors for fstatfs() 2013-10-18 07:45:44 -07:00
super.c vfs: Allow filesystems to access their private mount data 2018-02-06 13:12:19 +01:00
sync.c Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
timerfd.c timerfd: Protect the might cancel mechanism proper 2017-11-08 05:33:07 -08:00
utimes.c vfs: Add setattr2 for filesystems with per mount permissions 2018-02-06 13:12:20 +01:00
xattr.c ANDROID: xattr: Pass EOPNOTSUPP to permission2 2018-08-15 14:40:12 +02:00
xattr_acl.c