Buildresult: linus/s390-defconfig/s390x-gcc12 built on Dec 22, 12:54

kisskb

Revisions | Branches | Compilers | Configs | Build Results | Build Failures |

Status:	OK
Date/Time:	Dec 22, 12:54
Duration:	0:09:35.522562
Builder:	blade4b
Revision:	afs: Fix use-after-free due to get/remove race in volume tree (`9a6b294ab496650e9f270123730df37030911b55)`
Target:	linus/s390-defconfig/s390x-gcc12
Branch:	linus
Compiler:	s390x-gcc12 (s390-linux-gcc (GCC) 12.2.0 / GNU ld (GNU Binutils) 2.39)
Config:	defconfig (download)
Log:	Download original Possible warnings (1) .config:3765:warning: override: reassigning to symbol DEBUG_INFO_BTF Full Log # git rev-parse -q --verify 9a6b294ab496650e9f270123730df37030911b55^{commit} 9a6b294ab496650e9f270123730df37030911b55 already have revision, skipping fetch # git checkout -q -f -B kisskb 9a6b294ab496650e9f270123730df37030911b55 # git clean -qxdf # < git log -1 # commit 9a6b294ab496650e9f270123730df37030911b55 # Author: David Howells <dhowells@redhat.com> # Date: Thu Dec 21 13:57:31 2023 +0000 # # afs: Fix use-after-free due to get/remove race in volume tree # # When an afs_volume struct is put, its refcount is reduced to 0 before # the cell->volume_lock is taken and the volume removed from the # cell->volumes tree. # # Unfortunately, this means that the lookup code can race and see a volume # with a zero ref in the tree, resulting in a use-after-free: # # refcount_t: addition on 0; use-after-free. # WARNING: CPU: 3 PID: 130782 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0xda # ... # RIP: 0010:refcount_warn_saturate+0x7a/0xda # ... # Call Trace: # afs_get_volume+0x3d/0x55 # afs_create_volume+0x126/0x1de # afs_validate_fc+0xfe/0x130 # afs_get_tree+0x20/0x2e5 # vfs_get_tree+0x1d/0xc9 # do_new_mount+0x13b/0x22e # do_mount+0x5d/0x8a # __do_sys_mount+0x100/0x12a # do_syscall_64+0x3a/0x94 # entry_SYSCALL_64_after_hwframe+0x62/0x6a # # Fix this by: # # (1) When putting, use a flag to indicate if the volume has been removed # from the tree and skip the rb_erase if it has. # # (2) When looking up, use a conditional ref increment and if it fails # because the refcount is 0, replace the node in the tree and set the # removal flag. # # Fixes: 20325960f875 ("afs: Reorganise volume and server trees to be rooted on the cell") # Signed-off-by: David Howells <dhowells@redhat.com> # Reviewed-by: Jeffrey Altman <jaltman@auristor.com> # cc: Marc Dionne <marc.dionne@auristor.com> # cc: linux-afs@lists.infradead.org # Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> # < /opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux-ld --version # < git log --format=%s --max-count=1 9a6b294ab496650e9f270123730df37030911b55 # make -s -j 24 ARCH=s390 O=/kisskb/build/linus_defconfig_s390x-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux- defconfig # Added to kconfig CONFIG_DEBUG_INFO_BTF=n # Added to kconfig # < make -s -j 24 ARCH=s390 O=/kisskb/build/linus_defconfig_s390x-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux- help # make -s -j 24 ARCH=s390 O=/kisskb/build/linus_defconfig_s390x-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux- olddefconfig .config:3765:warning: override: reassigning to symbol DEBUG_INFO_BTF # make -s -j 24 ARCH=s390 O=/kisskb/build/linus_defconfig_s390x-gcc12 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-12.2.0-nolibc/s390-linux/bin/s390-linux- Completed OK # rm -rf /kisskb/build/linus_defconfig_s390x-gcc12 # Build took: 0:09:35.522562

© Michael Ellerman 2006-2018.