From: Diogo Jahchan Koike djahchankoike@gmail.com
mainline inclusion from mainline-v6.10-rc2 commit 589996bf8c459deb5bbc9747d8f1c51658608103 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRDE CVE: CVE-2024-50065
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the allocation to GFP_NOWAIT.
Reported-by: syzbot+7f71f79bbfb4427b00e1@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7f71f79bbfb4427b00e1 Fixes: d392e85fd1e8 ("fs/ntfs3: Fix the format of the "nocase" mount option") Signed-off-by: Diogo Jahchan Koike djahchankoike@gmail.com Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com Signed-off-by: Long Li leo.lilong@huawei.com --- fs/ntfs3/namei.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c index b5687d74b449..bcdc1ec90a96 100644 --- a/fs/ntfs3/namei.c +++ b/fs/ntfs3/namei.c @@ -501,7 +501,7 @@ static int ntfs_d_hash(const struct dentry *dentry, struct qstr *name) /* * Try slow way with current upcase table */ - uni = __getname(); + uni = kmem_cache_alloc(names_cachep, GFP_NOWAIT); if (!uni) return -ENOMEM;
@@ -523,7 +523,7 @@ static int ntfs_d_hash(const struct dentry *dentry, struct qstr *name) err = 0;
out: - __putname(uni); + kmem_cache_free(names_cachep, uni); return err; }