Merge tag 'trace-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

torvalds · torvalds · commit 360f0342b2e9 · 2024-01-03T11:45:15.000-08:00
Pull tracing fixes from Steven Rostedt:

 - Fix a NULL kernel dereference in set_gid() on tracefs mounting.

   When tracefs is mounted with "gid=1000", it will update the existing
   dentries to have the new gid. The tracefs_inode which is retrieved by
   a container_of(dentry-&gt;d_inode) has flags to see if the inode belongs
   to the eventfs system.

   The issue that was fixed was if getdents() was called on tracefs that
   was previously mounted, and was not closed. It will leave a "cursor
   dentry" in the subdirs list of the current dentries that set_gid()
   walks. On a remount of tracefs, the container_of(dentry-&gt;d_inode)
   will dereference a NULL pointer and cause a crash when referenced.

   Simply have a check for dentry-&gt;d_inode to see if it is NULL and if
   so, skip that entry.

 - Fix the bits of the eventfs_inode structure.

   The "is_events" bit was taken from the nr_entries field, but the
   nr_entries field wasn't updated to be 30 bits and was still 31.
   Including the "is_freed" bit this would use 33 bits which would make
   the structure use another integer for just one bit.

* tag 'trace-v6.7-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  eventfs: Fix bitwise fields for "is_events"
  tracefs: Check for dentry-&gt;d_inode exists in set_gid()
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
@@ -215,6 +215,10 @@ static void set_gid(struct dentry *parent, kgid_t gid)
 		struct dentry *dentry = list_entry(tmp, struct dentry, d_child);
 		next = tmp->next;
 
+		/* Note, getdents() can add a cursor dentry with no inode */
+		if (!dentry->d_inode)
+			continue;
+
 		spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
 
 		change_gid(dentry, gid);
diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h
@@ -63,7 +63,7 @@ struct eventfs_inode {
 	};
 	unsigned int			is_freed:1;
 	unsigned int			is_events:1;
-	unsigned int			nr_entries:31;
+	unsigned int			nr_entries:30;
 };
 
 static inline struct tracefs_inode *get_tracefs(const struct inode *inode)
