[Cluster-devel] 回复: [PATCH v1] fs:dlm:Fix NULL pointer dereference bug in accept_from_sock()
Thank you. I see. I hadn't noticed what the add_sock() function did before, but now I understand that newcon->sock will not be a null pointer. -邮件原件- 发件人: Alexander Aring 发送时间: 2023年7月5日 0:22 收件人: 王明-软件底层技术部 抄送: Christine Caulfield ; David Teigland ; cluster-devel@redhat.com; linux-ker...@vger.kernel.org; opensource.kernel 主题: Re: [Cluster-devel] [PATCH v1] fs:dlm:Fix NULL pointer dereference bug in accept_from_sock() [你通常不会收到来自 aahri...@redhat.com 的电子邮件。请访问 https://aka.ms/LearnAboutSenderIdentification,以了解这一点为什么很重要] Hi, On Tue, Jul 4, 2023 at 6:56 AM Wang Ming wrote: > > newcon -> sock is NULL but dereferenced. > First check newcon. Whether sock is a null pointer. > If so, the subsequent operations are skipped. > If it is not empty, perform subsequent operations. > did you experience some null pointer dereference? If so, on which kernel was it? > Signed-off-by: Wang Ming > --- > fs/dlm/lowcomms.c | 9 ++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c index > 9f14ea9f6..ea18b9478 100644 > --- a/fs/dlm/lowcomms.c > +++ b/fs/dlm/lowcomms.c > @@ -1081,9 +1081,12 @@ static int accept_from_sock(void) > add_sock(newsock, newcon); > Here in add_sock() we assign newcon->sock = newsock. It cannot fail and newsock cannot be null, so holding the newcon->sock_lock write protected _should_ be safe that others don't manipulate newcon->sock. It should, that's why I am asking if you experienced some issue here? > /* check if we receved something while adding */ > - lock_sock(newcon->sock->sk); > - lowcomms_queue_rwork(newcon); > - release_sock(newcon->sock->sk); see above, newcon->sock should always be set at this point. > + if (newcon->sock) { > + lock_sock(newcon->sock->sk); > + lowcomms_queue_rwork(newcon); > + release_sock(newcon->sock->sk); > + } > + > } > up_write(>sock_lock); > srcu_read_unlock(_srcu, idx); - Alex
Re: [Cluster-devel] [GIT PULL] gfs2 fixes
The pull request you sent on Tue, 4 Jul 2023 14:51:11 +0200: > git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git > tags/gfs2-v6.4-rc5-fixes has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/94c76955e86a5a4f16a1d690b66dcc268c156e6a Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html
Re: [Cluster-devel] [PATCH v1] fs:dlm:Fix NULL pointer dereference bug in accept_from_sock()
Hi, On Tue, Jul 4, 2023 at 6:56 AM Wang Ming wrote: > > newcon -> sock is NULL but dereferenced. > First check newcon. Whether sock is a null pointer. > If so, the subsequent operations are skipped. > If it is not empty, perform subsequent operations. > did you experience some null pointer dereference? If so, on which kernel was it? > Signed-off-by: Wang Ming > --- > fs/dlm/lowcomms.c | 9 ++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c > index 9f14ea9f6..ea18b9478 100644 > --- a/fs/dlm/lowcomms.c > +++ b/fs/dlm/lowcomms.c > @@ -1081,9 +1081,12 @@ static int accept_from_sock(void) > add_sock(newsock, newcon); > Here in add_sock() we assign newcon->sock = newsock. It cannot fail and newsock cannot be null, so holding the newcon->sock_lock write protected _should_ be safe that others don't manipulate newcon->sock. It should, that's why I am asking if you experienced some issue here? > /* check if we receved something while adding */ > - lock_sock(newcon->sock->sk); > - lowcomms_queue_rwork(newcon); > - release_sock(newcon->sock->sk); see above, newcon->sock should always be set at this point. > + if (newcon->sock) { > + lock_sock(newcon->sock->sk); > + lowcomms_queue_rwork(newcon); > + release_sock(newcon->sock->sk); > + } > + > } > up_write(>sock_lock); > srcu_read_unlock(_srcu, idx); - Alex
[Cluster-devel] [GIT PULL] gfs2 fixes
Hi Linus, please consider pulling the following gfs2 fixes. Thanks a lot, Andreas The following changes since commit 0bdd0f0bf17c5aac16f348ee4b1ebf23d1ec1649: Merge tag 'gfs2-v6.4-rc4-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 (2023-06-06 05:49:06 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git tags/gfs2-v6.4-rc5-fixes for you to fetch changes up to 432928c9377959684c748a9bc6553ed2d3c2ea4f: gfs2: Add quota_change type (2023-07-03 22:30:48 +0200) gfs2 fixes - Move the freeze/thaw logic from glock callback context to process / worker thread context to prevent deadlocks. - Fix a quota reference couting bug in do_qc(). - Carry on deallocating inodes even when gfs2_rindex_update() fails. - Retry filesystem-internal reads when they are interruped by a signal. - Eliminate kmap_atomic() in favor of kmap_local_page() / memcpy_{from,to}_page(). - Get rid of noop_direct_IO. - And a few more minor fixes and cleanups. Andreas Gruenbacher (12): gfs2: retry interrupted internal reads gfs2: Rename remaining "transaction" glock references gfs2: Rename the {freeze,thaw}_super callbacks gfs2: Rename gfs2_freeze_lock{ => _shared } gfs2: Reconfiguring frozen filesystem already rejected gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} gfs2: Rework freeze / thaw logic gfs2: Replace sd_freeze_state with SDF_FROZEN flag gfs2: gfs2_freeze_lock_shared cleanup gfs: Get rid of unnucessary locking in inode_go_dump gfs2: Convert remaining kmap_atomic calls to kmap_local_page gfs2: Use memcpy_{from,to}_page where appropriate Bob Peterson (8): gfs2: simplify gdlm_put_lock with out_free label gfs2: fix minor comment typos gfs2: ignore rindex_update failure in dinode_dealloc gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold gfs2: Update rl_unlinked before releasing rgrp lock gfs2: Don't remember delete unless it's successful gfs2: Fix duplicate should_fault_in_pages() call gfs2: Add quota_change type Christoph Hellwig (1): gfs2: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method Deepak R Varma (1): gfs2: Replace deprecated kmap_atomic with kmap_local_page Tuo Li (1): gfs2: Fix possible data races in gfs2_show_options() fs/gfs2/aops.c | 19 +++-- fs/gfs2/bmap.c | 4 +- fs/gfs2/file.c | 5 +- fs/gfs2/glock.c | 4 +- fs/gfs2/glops.c | 69 ++--- fs/gfs2/incore.h | 12 +-- fs/gfs2/lock_dlm.c | 23 +++--- fs/gfs2/log.c| 11 +-- fs/gfs2/lops.c | 21 +++-- fs/gfs2/ops_fstype.c | 15 +--- fs/gfs2/quota.c | 26 --- fs/gfs2/recovery.c | 28 +++ fs/gfs2/rgrp.c | 2 +- fs/gfs2/super.c | 215 --- fs/gfs2/super.h | 1 + fs/gfs2/sys.c| 4 +- fs/gfs2/trans.c | 3 +- fs/gfs2/util.c | 49 fs/gfs2/util.h | 3 +- 19 files changed, 277 insertions(+), 237 deletions(-)
[Cluster-devel] [PATCH v1] fs:dlm:Fix NULL pointer dereference bug in accept_from_sock()
newcon -> sock is NULL but dereferenced. First check newcon. Whether sock is a null pointer. If so, the subsequent operations are skipped. If it is not empty, perform subsequent operations. Signed-off-by: Wang Ming --- fs/dlm/lowcomms.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c index 9f14ea9f6..ea18b9478 100644 --- a/fs/dlm/lowcomms.c +++ b/fs/dlm/lowcomms.c @@ -1081,9 +1081,12 @@ static int accept_from_sock(void) add_sock(newsock, newcon); /* check if we receved something while adding */ - lock_sock(newcon->sock->sk); - lowcomms_queue_rwork(newcon); - release_sock(newcon->sock->sk); + if (newcon->sock) { + lock_sock(newcon->sock->sk); + lowcomms_queue_rwork(newcon); + release_sock(newcon->sock->sk); + } + } up_write(>sock_lock); srcu_read_unlock(_srcu, idx); -- 2.25.1