From: Jann Horn jannh@google.com
mainline inclusion from mainline-v6.3-rc1 commit 47d586913f2abec4d240bae33417f537fda987ec category: performance bugzilla: https://gitee.com/openeuler/kernel/issues/IA5PIS CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Currently, filp_close() and generic_shutdown_super() use printk() to log messages when bugs are detected. This is problematic because infrastructure like syzkaller has no idea that this message indicates a bug. In addition, some people explicitly want their kernels to BUG() when kernel data corruption has been detected (CONFIG_BUG_ON_DATA_CORRUPTION). And finally, when generic_shutdown_super() detects remaining inodes on a system without CONFIG_BUG_ON_DATA_CORRUPTION, it would be nice if later accesses to a busy inode would at least crash somewhat cleanly rather than walking through freed memory.
To address all three, use CHECK_DATA_CORRUPTION() when kernel bugs are detected.
Signed-off-by: Jann Horn jannh@google.com Reviewed-by: Christian Brauner (Microsoft) brauner@kernel.org Reviewed-by: Kees Cook keescook@chromium.org Signed-off-by: Christian Brauner (Microsoft) brauner@kernel.org
Conflicts: include/linux/poison.h Signed-off-by: liwei liwei728@huawei.com --- fs/open.c | 5 +++-- fs/super.c | 21 +++++++++++++++++---- include/linux/poison.h | 3 +++ 3 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/fs/open.c b/fs/open.c index 8092178ceab0..926fd0598935 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1285,8 +1285,9 @@ int filp_close(struct file *filp, fl_owner_t id) { int retval = 0;
- if (!file_count(filp)) { - printk(KERN_ERR "VFS: Close: file count is 0\n"); + if (CHECK_DATA_CORRUPTION(file_count(filp) == 0, + "VFS: Close: file count is 0 (f_op=%ps)", + filp->f_op)) { return 0; }
diff --git a/fs/super.c b/fs/super.c index db6345634f8b..db46a20da0c8 100644 --- a/fs/super.c +++ b/fs/super.c @@ -465,10 +465,23 @@ void generic_shutdown_super(struct super_block *sb) if (sop->put_super) sop->put_super(sb);
- if (!list_empty(&sb->s_inodes)) { - printk("VFS: Busy inodes after unmount of %s. " - "Self-destruct in 5 seconds. Have a nice day...\n", - sb->s_id); + if (CHECK_DATA_CORRUPTION(!list_empty(&sb->s_inodes), + "VFS: Busy inodes after unmount of %s (%s)", + sb->s_id, sb->s_type->name)) { + /* + * Adding a proper bailout path here would be hard, but + * we can at least make it more likely that a later + * iput_final() or such crashes cleanly. + */ + struct inode *inode; + + spin_lock(&sb->s_inode_list_lock); + list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { + inode->i_op = VFS_PTR_POISON; + inode->i_sb = VFS_PTR_POISON; + inode->i_mapping = VFS_PTR_POISON; + } + spin_unlock(&sb->s_inode_list_lock); } } spin_lock(&sb_lock); diff --git a/include/linux/poison.h b/include/linux/poison.h index 028133fb1405..a33190e56035 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h @@ -85,4 +85,7 @@ /********** net/core/page_pool.c **********/ #define PP_SIGNATURE (0x40 + POISON_POINTER_DELTA)
+/********** VFS **********/ +#define VFS_PTR_POISON ((void *)(0xF5 + POISON_POINTER_DELTA)) + #endif
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,转换为PR失败! 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/T... 失败原因:应用补丁/补丁集失败,Patch failed at 0001 fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected 建议解决方法:请查看失败原因, 确认补丁是否可以应用在当前期望分支的最新代码上
FeedBack: The patch(es) which you have sent to kernel@openeuler.org has been converted to PR failed! Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/T... Failed Reason: apply patch(es) failed, Patch failed at 0001 fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected Suggest Solution: please checkout if the failed patch(es) can work on the newest codes in expected branch