ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure

Syz{bot,kaller} reports[0]:

  BUG: Dentry ffff888119d8a000{i=0,n=.index}  still in use (1) [unmount of ramfs ramfs]
  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 367 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
  Modules linked in:
  CPU: 0 PID: 367 Comm: syz-executor388 Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0
  Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
  RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
  Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 00 40 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 ae d9 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
  RSP: 0018:ffffc9000096f770 EFLAGS: 00010292
  RAX: 0000000000000055 RBX: ffffffff866af200 RCX: 1ad6b89836e5b500
  RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
  RBP: ffffc9000096f7a0 R08: ffffffff81545368 R09: 0000000000000003
  R10: fffff5200012de41 R11: 0000000000000004 R12: ffff888119d8a000
  R13: dffffc0000000000 R14: ffff88811d7373f8 R15: 0000000000000001
  FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007f01b7bddb68 CR3: 000000010c4f0000 CR4: 00000000003506b0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  Call Trace:
   d_walk+0x309/0x540 fs/dcache.c:1326
   do_one_tree fs/dcache.c:1623 [inline]
   shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
   generic_shutdown_super+0x66/0x2c0 fs/super.c:447
   kill_anon_super fs/super.c:1108 [inline]
   kill_litter_super+0x75/0xa0 fs/super.c:1117
   ramfs_kill_sb+0x44/0x50 fs/ramfs/inode.c:270
   deactivate_locked_super+0xb0/0x100 fs/super.c:335
   deactivate_super+0xa5/0xd0 fs/super.c:366
   cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
   __cleanup_mnt+0x19/0x20 fs/namespace.c:1125
   task_work_run+0x147/0x1b0 kernel/task_work.c:154
   exit_task_work include/linux/task_work.h:30 [inline]
   do_exit+0x70e/0x23a0 kernel/exit.c:813
   do_group_exit+0x16a/0x2d0 kernel/exit.c:910
   get_signal+0x133e/0x1f80 kernel/signal.c:2790
   arch_do_signal+0x8d/0x620 arch/x86/kernel/signal.c:805
   exit_to_user_mode_loop kernel/entry/common.c:161 [inline]
   exit_to_user_mode_prepare+0xaa/0xe0 kernel/entry/common.c:191
   syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
   do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
   entry_SYSCALL_64_after_hwframe+0x44/0xa9
  RIP: 0033:0x7f01b7b884f9
  Code: Unable to access opcode bytes at RIP 0x7f01b7b884cf.
  RSP: 002b:00007f01b7b19308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
  RAX: fffffffffffffe00 RBX: 00007f01b7c103f8 RCX: 00007f

Which was due to a missing dput() before returning from a vfs_mkdir() failure.

Bug: 203827798
Link: [0] https://syzkaller.appspot.com/bug?extid=81b5ca9b2848f4dad8fa
Reported-by: syzbot+81b5ca9b2848f4dad8fa@syzkaller.appspotmail.com
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: Iaef9aa0aecc964645aaca5fe8d79388ae28527bd
1 file changed
tree: 41fc83d35262637fc80f522aa97dd63ec54748c7
  1. android/
  2. arch/
  3. block/
  4. certs/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. build.config.aarch64
  31. build.config.allmodconfig
  32. build.config.allmodconfig.aarch64
  33. build.config.allmodconfig.arm
  34. build.config.allmodconfig.x86_64
  35. build.config.arm
  36. build.config.common
  37. build.config.db845c
  38. build.config.gki
  39. build.config.gki-debug.aarch64
  40. build.config.gki-debug.x86_64
  41. build.config.gki.aarch64
  42. build.config.gki.x86_64
  43. build.config.gki_kasan
  44. build.config.gki_kasan.aarch64
  45. build.config.gki_kasan.x86_64
  46. build.config.gki_kprobes
  47. build.config.gki_kprobes.aarch64
  48. build.config.gki_kprobes.x86_64
  49. build.config.hikey960
  50. build.config.x86_64
  51. COPYING
  52. CREDITS
  53. Kbuild
  54. Kconfig
  55. MAINTAINERS
  56. Makefile
  57. OWNERS
  58. README
  59. README.md
README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with kernel-team@android.com. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass script/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry-picked from ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
    - then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry-picked from c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry-picked from ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry-picked from c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [ Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
    - then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/20190619171517.GA17557@someone.com/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)