diff options
author | Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> | 2009-11-17 17:40:26 -0500 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-12-11 14:24:53 -0500 |
commit | d3a3b0adad0865c12e39b712ca89efbd0a3a0dbc (patch) | |
tree | 31a8363a2e908d65514aa8f176ecfa7e57fc8f2a | |
parent | 18ef545e47c126abd87c013b762b5fbb574858ce (diff) |
debugfs: fix create mutex racy fops and private data
Setting fops and private data outside of the mutex at debugfs file
creation introduces a race where the files can be opened with the wrong
file operations and private data. It is easy to trigger with a process
waiting on file creation notification.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/debugfs/inode.c | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 0d23b52dd22c..b486169f42bf 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c | |||
@@ -32,7 +32,9 @@ static struct vfsmount *debugfs_mount; | |||
32 | static int debugfs_mount_count; | 32 | static int debugfs_mount_count; |
33 | static bool debugfs_registered; | 33 | static bool debugfs_registered; |
34 | 34 | ||
35 | static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t dev) | 35 | static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t dev, |
36 | void *data, const struct file_operations *fops) | ||
37 | |||
36 | { | 38 | { |
37 | struct inode *inode = new_inode(sb); | 39 | struct inode *inode = new_inode(sb); |
38 | 40 | ||
@@ -44,14 +46,18 @@ static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t d | |||
44 | init_special_inode(inode, mode, dev); | 46 | init_special_inode(inode, mode, dev); |
45 | break; | 47 | break; |
46 | case S_IFREG: | 48 | case S_IFREG: |
47 | inode->i_fop = &debugfs_file_operations; | 49 | inode->i_fop = fops ? fops : &debugfs_file_operations; |
50 | inode->i_private = data; | ||
48 | break; | 51 | break; |
49 | case S_IFLNK: | 52 | case S_IFLNK: |
50 | inode->i_op = &debugfs_link_operations; | 53 | inode->i_op = &debugfs_link_operations; |
54 | inode->i_fop = fops; | ||
55 | inode->i_private = data; | ||
51 | break; | 56 | break; |
52 | case S_IFDIR: | 57 | case S_IFDIR: |
53 | inode->i_op = &simple_dir_inode_operations; | 58 | inode->i_op = &simple_dir_inode_operations; |
54 | inode->i_fop = &simple_dir_operations; | 59 | inode->i_fop = fops ? fops : &simple_dir_operations; |
60 | inode->i_private = data; | ||
55 | 61 | ||
56 | /* directory inodes start off with i_nlink == 2 | 62 | /* directory inodes start off with i_nlink == 2 |
57 | * (for "." entry) */ | 63 | * (for "." entry) */ |
@@ -64,7 +70,8 @@ static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t d | |||
64 | 70 | ||
65 | /* SMP-safe */ | 71 | /* SMP-safe */ |
66 | static int debugfs_mknod(struct inode *dir, struct dentry *dentry, | 72 | static int debugfs_mknod(struct inode *dir, struct dentry *dentry, |
67 | int mode, dev_t dev) | 73 | int mode, dev_t dev, void *data, |
74 | const struct file_operations *fops) | ||
68 | { | 75 | { |
69 | struct inode *inode; | 76 | struct inode *inode; |
70 | int error = -EPERM; | 77 | int error = -EPERM; |
@@ -72,7 +79,7 @@ static int debugfs_mknod(struct inode *dir, struct dentry *dentry, | |||
72 | if (dentry->d_inode) | 79 | if (dentry->d_inode) |
73 | return -EEXIST; | 80 | return -EEXIST; |
74 | 81 | ||
75 | inode = debugfs_get_inode(dir->i_sb, mode, dev); | 82 | inode = debugfs_get_inode(dir->i_sb, mode, dev, data, fops); |
76 | if (inode) { | 83 | if (inode) { |
77 | d_instantiate(dentry, inode); | 84 | d_instantiate(dentry, inode); |
78 | dget(dentry); | 85 | dget(dentry); |
@@ -81,12 +88,13 @@ static int debugfs_mknod(struct inode *dir, struct dentry *dentry, | |||
81 | return error; | 88 | return error; |
82 | } | 89 | } |
83 | 90 | ||
84 | static int debugfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | 91 | static int debugfs_mkdir(struct inode *dir, struct dentry *dentry, int mode, |
92 | void *data, const struct file_operations *fops) | ||
85 | { | 93 | { |
86 | int res; | 94 | int res; |
87 | 95 | ||
88 | mode = (mode & (S_IRWXUGO | S_ISVTX)) | S_IFDIR; | 96 | mode = (mode & (S_IRWXUGO | S_ISVTX)) | S_IFDIR; |
89 | res = debugfs_mknod(dir, dentry, mode, 0); | 97 | res = debugfs_mknod(dir, dentry, mode, 0, data, fops); |
90 | if (!res) { | 98 | if (!res) { |
91 | inc_nlink(dir); | 99 | inc_nlink(dir); |
92 | fsnotify_mkdir(dir, dentry); | 100 | fsnotify_mkdir(dir, dentry); |
@@ -94,18 +102,20 @@ static int debugfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
94 | return res; | 102 | return res; |
95 | } | 103 | } |
96 | 104 | ||
97 | static int debugfs_link(struct inode *dir, struct dentry *dentry, int mode) | 105 | static int debugfs_link(struct inode *dir, struct dentry *dentry, int mode, |
106 | void *data, const struct file_operations *fops) | ||
98 | { | 107 | { |
99 | mode = (mode & S_IALLUGO) | S_IFLNK; | 108 | mode = (mode & S_IALLUGO) | S_IFLNK; |
100 | return debugfs_mknod(dir, dentry, mode, 0); | 109 | return debugfs_mknod(dir, dentry, mode, 0, data, fops); |
101 | } | 110 | } |
102 | 111 | ||
103 | static int debugfs_create(struct inode *dir, struct dentry *dentry, int mode) | 112 | static int debugfs_create(struct inode *dir, struct dentry *dentry, int mode, |
113 | void *data, const struct file_operations *fops) | ||
104 | { | 114 | { |
105 | int res; | 115 | int res; |
106 | 116 | ||
107 | mode = (mode & S_IALLUGO) | S_IFREG; | 117 | mode = (mode & S_IALLUGO) | S_IFREG; |
108 | res = debugfs_mknod(dir, dentry, mode, 0); | 118 | res = debugfs_mknod(dir, dentry, mode, 0, data, fops); |
109 | if (!res) | 119 | if (!res) |
110 | fsnotify_create(dir, dentry); | 120 | fsnotify_create(dir, dentry); |
111 | return res; | 121 | return res; |
@@ -139,7 +149,9 @@ static struct file_system_type debug_fs_type = { | |||
139 | 149 | ||
140 | static int debugfs_create_by_name(const char *name, mode_t mode, | 150 | static int debugfs_create_by_name(const char *name, mode_t mode, |
141 | struct dentry *parent, | 151 | struct dentry *parent, |
142 | struct dentry **dentry) | 152 | struct dentry **dentry, |
153 | void *data, | ||
154 | const struct file_operations *fops) | ||
143 | { | 155 | { |
144 | int error = 0; | 156 | int error = 0; |
145 | 157 | ||
@@ -164,13 +176,16 @@ static int debugfs_create_by_name(const char *name, mode_t mode, | |||
164 | if (!IS_ERR(*dentry)) { | 176 | if (!IS_ERR(*dentry)) { |
165 | switch (mode & S_IFMT) { | 177 | switch (mode & S_IFMT) { |
166 | case S_IFDIR: | 178 | case S_IFDIR: |
167 | error = debugfs_mkdir(parent->d_inode, *dentry, mode); | 179 | error = debugfs_mkdir(parent->d_inode, *dentry, mode, |
180 | data, fops); | ||
168 | break; | 181 | break; |
169 | case S_IFLNK: | 182 | case S_IFLNK: |
170 | error = debugfs_link(parent->d_inode, *dentry, mode); | 183 | error = debugfs_link(parent->d_inode, *dentry, mode, |
184 | data, fops); | ||
171 | break; | 185 | break; |
172 | default: | 186 | default: |
173 | error = debugfs_create(parent->d_inode, *dentry, mode); | 187 | error = debugfs_create(parent->d_inode, *dentry, mode, |
188 | data, fops); | ||
174 | break; | 189 | break; |
175 | } | 190 | } |
176 | dput(*dentry); | 191 | dput(*dentry); |
@@ -221,19 +236,13 @@ struct dentry *debugfs_create_file(const char *name, mode_t mode, | |||
221 | if (error) | 236 | if (error) |
222 | goto exit; | 237 | goto exit; |
223 | 238 | ||
224 | error = debugfs_create_by_name(name, mode, parent, &dentry); | 239 | error = debugfs_create_by_name(name, mode, parent, &dentry, |
240 | data, fops); | ||
225 | if (error) { | 241 | if (error) { |
226 | dentry = NULL; | 242 | dentry = NULL; |
227 | simple_release_fs(&debugfs_mount, &debugfs_mount_count); | 243 | simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
228 | goto exit; | 244 | goto exit; |
229 | } | 245 | } |
230 | |||
231 | if (dentry->d_inode) { | ||
232 | if (data) | ||
233 | dentry->d_inode->i_private = data; | ||
234 | if (fops) | ||
235 | dentry->d_inode->i_fop = fops; | ||
236 | } | ||
237 | exit: | 246 | exit: |
238 | return dentry; | 247 | return dentry; |
239 | } | 248 | } |