Skip to content

Commit f8de483

Browse files
dhowellsdhowells
committed
afs: Properly reset afs_vnode (inode) fields
When an AFS inode is allocated by afs_alloc_inode(), the allocated afs_vnode struct isn't necessarily reset from the last time it was used as an inode because the slab constructor is only invoked once when the memory is obtained from the page allocator. This means that information can leak from one inode to the next because we're not calling kmem_cache_zalloc(). Some of the information isn't reset, in particular the permit cache pointer. Bring the clearances up to date. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com>
1 parent 1bcab12 commit f8de483

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

fs/afs/internal.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -441,7 +441,10 @@ enum afs_lock_state {
441441
};
442442

443443
/*
444-
* AFS inode private data
444+
* AFS inode private data.
445+
*
446+
* Note that afs_alloc_inode() *must* reset anything that could incorrectly
447+
* leak from one inode to another.
445448
*/
446449
struct afs_vnode {
447450
struct inode vfs_inode; /* the VFS's inode record */

fs/afs/super.c

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -536,7 +536,9 @@ static void afs_kill_super(struct super_block *sb)
536536
}
537537

538538
/*
539-
* initialise an inode cache slab element prior to any use
539+
* Initialise an inode cache slab element prior to any use. Note that
540+
* afs_alloc_inode() *must* reset anything that could incorrectly leak from one
541+
* inode to another.
540542
*/
541543
static void afs_i_init_once(void *_vnode)
542544
{
@@ -568,11 +570,21 @@ static struct inode *afs_alloc_inode(struct super_block *sb)
568570

569571
atomic_inc(&afs_count_active_inodes);
570572

573+
/* Reset anything that shouldn't leak from one inode to the next. */
571574
memset(&vnode->fid, 0, sizeof(vnode->fid));
572575
memset(&vnode->status, 0, sizeof(vnode->status));
573576

574577
vnode->volume = NULL;
578+
vnode->lock_key = NULL;
579+
vnode->permit_cache = NULL;
580+
vnode->cb_interest = NULL;
581+
#ifdef CONFIG_AFS_FSCACHE
582+
vnode->cache = NULL;
583+
#endif
584+
575585
vnode->flags = 1 << AFS_VNODE_UNSET;
586+
vnode->cb_type = 0;
587+
vnode->lock_state = AFS_VNODE_LOCK_NONE;
576588

577589
_leave(" = %p", &vnode->vfs_inode);
578590
return &vnode->vfs_inode;

0 commit comments

Comments
 (0)