From: Zhihao Cheng chengzhihao1@huawei.com
maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9MWEQ CVE: NA
Reference: https://lore.kernel.org/lkml/20240410073751.2522830-8-chengzhihao1@huawei.co...
--------------------------------
Host inode and its' xattr will be written on disk after initializing security when creating symlink or dev, then the host inode and its dentry will be written again in ubifs_jnl_update. There is no need to write inode data in the security initialization pass, just move the ui->data initialization after initializing security.
Fixes: d7f0b70d30ff ("UBIFS: Add security.* XATTR support for the UBIFS") Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com Signed-off-by: ZhaoLong Wang wangzhaolong1@huawei.com --- fs/ubifs/dir.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 57d51efa33a9..3cb5ce49a232 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1096,16 +1096,18 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry, goto out_fname; }
+ err = ubifs_init_security(dir, inode, &dentry->d_name); + if (err) { + kfree(dev); + goto out_inode; + } + init_special_inode(inode, inode->i_mode, rdev); inode->i_size = ubifs_inode(inode)->ui_size = devlen; ui = ubifs_inode(inode); ui->data = dev; ui->data_len = devlen;
- err = ubifs_init_security(dir, inode, &dentry->d_name); - if (err) - goto out_inode; - mutex_lock(&dir_ui->ui_mutex); dir->i_size += sz_change; dir_ui->ui_size = dir->i_size; @@ -1177,6 +1179,10 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, goto out_fname; }
+ err = ubifs_init_security(dir, inode, &dentry->d_name); + if (err) + goto out_inode; + ui = ubifs_inode(inode); ui->data = kmalloc(disk_link.len, GFP_NOFS); if (!ui->data) { @@ -1202,10 +1208,6 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, ui->data_len = disk_link.len - 1; inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
- err = ubifs_init_security(dir, inode, &dentry->d_name); - if (err) - goto out_inode; - mutex_lock(&dir_ui->ui_mutex); dir->i_size += sz_change; dir_ui->ui_size = dir->i_size;