From: Kees Cook
stable inclusion
from stable-5.10
category: feature
commit:7a0ad546847a23f92f5e227fa8e4578eaa3a8d0a
issue: #I4919J
--------------------------------
The "unlink" handling should perform list removal (which can also make
sure records don't get double-erased), and the "evict" handling should
be responsible only for memory freeing.
Link: https://lore.kernel.org/lkml/20200506152114.50375-8-keescook@chromium.org/
Signed-off-by: Kees Cook
(cherry picked from commit 7a0ad546847a23f92f5e227fa8e4578eaa3a8d0a)
Signed-off-by: roger
---
fs/pstore/inode.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index d5760195a0ad..7bec953e2dbc 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -189,10 +189,21 @@ static int pstore_unlink(struct inode *dir, struct dentry *dentry)
{
struct pstore_private *p = d_inode(dentry)->i_private;
struct pstore_record *record = p->record;
+ int rc = 0;
if (!record->psi->erase)
return -EPERM;
+ /* Make sure we can't race while removing this file. */
+ mutex_lock(&records_list_lock);
+ if (!list_empty(&p->list))
+ list_del_init(&p->list);
+ else
+ rc = -ENOENT;
+ mutex_unlock(&records_list_lock);
+ if (rc)
+ return rc;
+
mutex_lock(&record->psi->read_mutex);
record->psi->erase(record);
mutex_unlock(&record->psi->read_mutex);
@@ -205,12 +216,7 @@ static void pstore_evict_inode(struct inode *inode)
struct pstore_private *p = inode->i_private;
clear_inode(inode);
- if (p) {
- mutex_lock(&records_list_lock);
- list_del(&p->list);
- mutex_unlock(&records_list_lock);
- free_pstore_private(p);
- }
+ free_pstore_private(p);
}
static const struct inode_operations pstore_dir_inode_operations = {
@@ -430,6 +436,7 @@ static void pstore_kill_sb(struct super_block *sb)
{
kill_litter_super(sb);
pstore_sb = NULL;
+ INIT_LIST_HEAD(&records_list);
}
static struct file_system_type pstore_fs_type = {
--
2.17.1
