pstore: Fix warning in pstore_kill_sb()

Tetsuo Handa · kees · commit 9c7d83ae6ba6 · 2021-02-23T09:27:20.000-08:00
syzbot is hitting WARN_ON(pstore_sb != sb) at pstore_kill_sb() [1], for the assumption that pstore_sb != NULL is wrong because pstore_fill_super() will not assign pstore_sb = sb when new_inode() for d_make_root() returned NULL (due to memory allocation fault injection). Since mount_single() calls pstore_kill_sb() when pstore_fill_super() failed, pstore_kill_sb() needs to be aware of such failure path. [1] https://syzkaller.appspot.com/bug?id=6abacb8da5137cb47a416f2bef95719ed60508a0 Reported-by: syzbot <syzbot+d0cf0ad6513e9a1da5df@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210214031307.57903-1-penguin-kernel@I-love.SAKURA.ne.jp
diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
@@ -467,7 +467,7 @@ static struct dentry *pstore_mount(struct file_system_type *fs_type,
 static void pstore_kill_sb(struct super_block *sb)
 {
 	mutex_lock(&pstore_sb_lock);
-	WARN_ON(pstore_sb != sb);
+	WARN_ON(pstore_sb && pstore_sb != sb);
 
 	kill_litter_super(sb);
 	pstore_sb = NULL;

Original file line number	Diff line number	Diff line change
`@@ -467,7 +467,7 @@ static struct dentry pstore_mount(struct file_system_type fs_type,`
`467`	`467`	`static void pstore_kill_sb(struct super_block *sb)`
`468`	`468`	`{`
`469`	`469`	`mutex_lock(&pstore_sb_lock);`
`470`		`- WARN_ON(pstore_sb != sb);`
	`470`	`+ WARN_ON(pstore_sb && pstore_sb != sb);`
`471`	`471`
`472`	`472`	`kill_litter_super(sb);`
`473`	`473`	`pstore_sb = NULL;`