125 lines
3.4 KiB
Diff
125 lines
3.4 KiB
Diff
From f226635eb71a0c5f680f89a64ec6332e5b2f8ee7 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
Date: Wed, 3 Jun 2026 15:22:00 +0200
|
|
Subject: [PATCH] fs: move kmem_cache_zalloc() into alloc_empty_file*() helpers
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-179443
|
|
CVE: CVE-2026-46054
|
|
Conflicts:
|
|
- only context fuzz
|
|
|
|
commit 8a05a8c31d06c5d0d67b273a4a00f87269adde82
|
|
Author: Amir Goldstein <amir73il@gmail.com>
|
|
Date: Thu Jun 15 14:22:27 2023 +0300
|
|
|
|
fs: move kmem_cache_zalloc() into alloc_empty_file*() helpers
|
|
|
|
Use a common helper init_file() instead of __alloc_file() for
|
|
alloc_empty_file*() helpers and improrve the documentation.
|
|
|
|
This is needed for a follow up patch that allocates a backing_file
|
|
container.
|
|
|
|
Suggested-by: Christoph Hellwig <hch@lst.de>
|
|
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
|
|
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
|
Message-Id: <20230615112229.2143178-4-amir73il@gmail.com>
|
|
Signed-off-by: Christian Brauner <brauner@kernel.org>
|
|
|
|
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
|
diff --git a/fs/file_table.c b/fs/file_table.c
|
|
index 845c741dc518..9fee3de138d6 100644
|
|
--- a/fs/file_table.c
|
|
+++ b/fs/file_table.c
|
|
@@ -131,20 +131,15 @@ static int __init init_fs_stat_sysctls(void)
|
|
fs_initcall(init_fs_stat_sysctls);
|
|
#endif
|
|
|
|
-static struct file *__alloc_file(int flags, const struct cred *cred)
|
|
+static int init_file(struct file *f, int flags, const struct cred *cred)
|
|
{
|
|
- struct file *f;
|
|
int error;
|
|
|
|
- f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL);
|
|
- if (unlikely(!f))
|
|
- return ERR_PTR(-ENOMEM);
|
|
-
|
|
f->f_cred = get_cred(cred);
|
|
error = security_file_alloc(f);
|
|
if (unlikely(error)) {
|
|
file_free_rcu(&f->f_u.fu_rcuhead);
|
|
- return ERR_PTR(error);
|
|
+ return error;
|
|
}
|
|
|
|
atomic_long_set(&f->f_count, 1);
|
|
@@ -155,7 +150,7 @@ static struct file *__alloc_file(int flags, const struct cred *cred)
|
|
f->f_mode = OPEN_FMODE(flags);
|
|
/* f->f_version: 0 */
|
|
|
|
- return f;
|
|
+ return 0;
|
|
}
|
|
|
|
/* Find an unused file structure and return a pointer to it.
|
|
@@ -172,6 +167,7 @@ struct file *alloc_empty_file(int flags, const struct cred *cred)
|
|
{
|
|
static long old_max;
|
|
struct file *f;
|
|
+ int error;
|
|
|
|
/*
|
|
* Privileged users can go above max_files
|
|
@@ -185,9 +181,15 @@ struct file *alloc_empty_file(int flags, const struct cred *cred)
|
|
goto over;
|
|
}
|
|
|
|
- f = __alloc_file(flags, cred);
|
|
- if (!IS_ERR(f))
|
|
- percpu_counter_inc(&nr_files);
|
|
+ f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL);
|
|
+ if (unlikely(!f))
|
|
+ return ERR_PTR(-ENOMEM);
|
|
+
|
|
+ error = init_file(f, flags, cred);
|
|
+ if (unlikely(error))
|
|
+ return ERR_PTR(error);
|
|
+
|
|
+ percpu_counter_inc(&nr_files);
|
|
|
|
return f;
|
|
|
|
@@ -203,14 +205,23 @@ struct file *alloc_empty_file(int flags, const struct cred *cred)
|
|
/*
|
|
* Variant of alloc_empty_file() that doesn't check and modify nr_files.
|
|
*
|
|
- * Should not be used unless there's a very good reason to do so.
|
|
+ * This is only for kernel internal use, and the allocate file must not be
|
|
+ * installed into file tables or such.
|
|
*/
|
|
struct file *alloc_empty_file_noaccount(int flags, const struct cred *cred)
|
|
{
|
|
- struct file *f = __alloc_file(flags, cred);
|
|
+ struct file *f;
|
|
+ int error;
|
|
+
|
|
+ f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL);
|
|
+ if (unlikely(!f))
|
|
+ return ERR_PTR(-ENOMEM);
|
|
+
|
|
+ error = init_file(f, flags, cred);
|
|
+ if (unlikely(error))
|
|
+ return ERR_PTR(error);
|
|
|
|
- if (!IS_ERR(f))
|
|
- f->f_mode |= FMODE_NOACCOUNT;
|
|
+ f->f_mode |= FMODE_NOACCOUNT;
|
|
|
|
return f;
|
|
}
|
|
--
|
|
2.50.1 (Apple Git-155)
|
|
|