• Vegard Nossum's avatar
    uml: fix hostfs mknod() · cfcae394
    Vegard Nossum authored
    commit 9f2dfda2 upstream.
    
    An inverted return value check in hostfs_mknod() caused the function
    to return success after handling it as an error (and cleaning up).
    
    It resulted in the following segfault when trying to bind() a named
    unix socket:
    
      Pid: 198, comm: a.out Not tainted 4.4.0-rc4
      RIP: 0033:[<0000000061077df6>]
      RSP: 00000000daae5d60  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: 000000006092a460 RCX: 00000000dfc54208
      RDX: 0000000061073ef1 RSI: 0000000000000070 RDI: 00000000e027d600
      RBP: 00000000daae5de0 R08: 00000000da980ac0 R09: 0000000000000000
      R10: 0000000000000003 R11: 00007fb1ae08f72a R12: 0000000000000000
      R13: 000000006092a460 R14: 00000000daaa97c0 R15: 00000000daaa9a88
      Kernel panic - not syncing: Kernel mode fault at addr 0x40, ip 0x61077df6
      CPU: 0 PID: 198 Comm: a.out Not tainted 4.4.0-rc4 #1
      Stack:
       e027d620 dfc54208 0000006f da981398
       61bee000 0000c1ed daae5de0 0000006e
       e027d620 dfcd4208 00000005 6092a460
      Call Trace:
       [<60dedc67>] SyS_bind+0xf7/0x110
       [<600587be>] handle_syscall+0x7e/0x80
       [<60066ad7>] userspace+0x3e7/0x4e0
       [<6006321f>] ? save_registers+0x1f/0x40
       [<6006c88e>] ? arch_prctl+0x1be/0x1f0
       [<60054985>] fork_handler+0x85/0x90
    
    Let's also get rid of the "cosmic ray protection" while we're at it.
    
    Fixes: e9193059 "hostfs: fix races in dentry_name() and inode_name()"
    Signed-off-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
    Cc: Jeff Dike <jdike@addtoit.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    cfcae394
hostfs_kern.c 20.7 KB