[0/2] tracefs: inode alloc/free related fixes

Message ID	20240807115143.45927-1-minipli@grsecurity.net (mailing list archive)
Headers	show Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5FC11E487C for <linux-trace-kernel@vger.kernel.org>; Wed, 7 Aug 2024 11:52:02 +0000 (UTC) From: Mathias Krause <minipli@grsecurity.net> To: Steven Rostedt <rostedt@goodmis.org>, Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathias Krause <minipli@grsecurity.net>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>, Ajay Kaher <ajay.kaher@broadcom.com>, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/2] tracefs: inode alloc/free related fixes Date: Wed, 7 Aug 2024 13:51:37 +0200 Message-ID: <20240807115143.45927-1-minipli@grsecurity.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	tracefs: inode alloc/free related fixes \| expand [0/2] tracefs: inode alloc/free related fixes [1/2] tracefs: Fix inode allocation [2/2] tracefs: Don't overlay 'struct inode'

Message ID

20240807115143.45927-1-minipli@grsecurity.net (mailing list archive)

Headers

From: Mathias Krause <minipli@grsecurity.net>
To: Steven Rostedt <rostedt@goodmis.org>,
	Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathias Krause <minipli@grsecurity.net>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Ajay Kaher <ajay.kaher@broadcom.com>,
	linux-trace-kernel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 0/2] tracefs: inode alloc/free related fixes
Date: Wed,  7 Aug 2024 13:51:37 +0200
Message-ID: <20240807115143.45927-1-minipli@grsecurity.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

tracefs: inode alloc/free related fixes | expand

Message

Mathias Krause Aug. 7, 2024, 11:51 a.m. UTC

Hi Steven,

We ran into yet another tracefs related bug but, fortunately, were able
to root cause it ourselves.

The problem only occurs when CONFIG_RANDSTRUCT is enabled and one gets
(un)lucky to hit a random seed that'll overlay the 'rcu' member of the
union with a list_head in 'vfs_inode' -- quite unlikely but, apparently,
we're exceptional "lucky" with our testing ;)

The first patch is more of an API correctness fix, to bring the tracefs
inode cache in line with all the other filesystems. The second patch
actually fixes the bug, which, I think, may also be the cause for what
Ilkka is seeing[1].

Please apply!

Thanks,
Mathias

[1] https://lore.kernel.org/all/CAE4VaREzY+a2PvQJYJbfh8DwB4OP7kucZG-e28H22xyWob1w_A@mail.gmail.com/

Mathias Krause (2):
  tracefs: Fix inode allocation
  tracefs: Don't overlay 'struct inode'

 fs/tracefs/inode.c    | 2 +-
 fs/tracefs/internal.h | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

Comments

Steven Rostedt Aug. 7, 2024, 1:34 p.m. UTC | #1

On Wed,  7 Aug 2024 13:51:37 +0200
Mathias Krause <minipli@grsecurity.net> wrote:

> Hi Steven,
> 
> We ran into yet another tracefs related bug but, fortunately, were able
> to root cause it ourselves.
> 
> The problem only occurs when CONFIG_RANDSTRUCT is enabled and one gets
> (un)lucky to hit a random seed that'll overlay the 'rcu' member of the
> union with a list_head in 'vfs_inode' -- quite unlikely but, apparently,
> we're exceptional "lucky" with our testing ;)
> 
> The first patch is more of an API correctness fix, to bring the tracefs
> inode cache in line with all the other filesystems. The second patch
> actually fixes the bug, which, I think, may also be the cause for what
> Ilkka is seeing[1].

Ah, that would explain it, and why I never triggered it.

> 
> Please apply!

I have an update though.

-- Steve

> 
> Thanks,
> Mathias
> 
> [1] https://lore.kernel.org/all/CAE4VaREzY+a2PvQJYJbfh8DwB4OP7kucZG-e28H22xyWob1w_A@mail.gmail.com/
> 
> Mathias Krause (2):
>   tracefs: Fix inode allocation
>   tracefs: Don't overlay 'struct inode'
> 
>  fs/tracefs/inode.c    | 2 +-
>  fs/tracefs/internal.h | 6 ++----
>  2 files changed, 3 insertions(+), 5 deletions(-)
>