"value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode->i_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode->i_flags & S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn't put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n <TASK>\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: se corrige la p\u00e9rdida de dentry en cachefiles_open_file(). Una p\u00e9rdida de dentry puede producirse cuando una cookie de b\u00fasqueda y un cull son concurrentes: P1 | P2 ----------------------------------------------------------- cachefiles_lookup_cookie cachefiles_look_up_object lookup_one_positive_unlocked // obtener dentry cachefiles_cull inode->i_flags |= S_KERNEL_FILE; cachefiles_open_file cachefiles_mark_inode_in_use __cachefiles_mark_inode_in_use can_use = false if (!(inode->i_flags & S_KERNEL_FILE)) can_use = true return false return false // Devuelve un error pero no coloca dentry Despu\u00e9s de eso, se activar\u00e1 la siguiente ADVERTENCIA cuando se desmonte la carpeta del backend: ===================================================================== ERROR: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} todav\u00eda en uso (1) [desmontaje de ext4 sda] ADVERTENCIA: CPU: 4 PID: 359261 en fs/dcache.c:1767 umount_check+0x5d/0x70 CPU: 4 PID: 359261 Comm: umount No contaminado 6.6.0-dirty #25 RIP: 0010:umount_check+0x5d/0x70 Rastreo de llamadas: d_walk+0xda/0x2b0 do_one_tree+0x20/0x40 shrink_dcache_for_umount+0x2c/0x90 generic_shutdown_super+0x20/0x160 kill_block_super+0x1a/0x40 ext4_kill_sb+0x22/0x40 deactivate_locked_super+0x35/0x80 cleanup_mnt+0x104/0x160 ==================================================================== Independientemente de si cachefiles_open_file() devuelve verdadero o falso, el recuento de referencias obtenido por lookup_positive_unlocked() en cachefiles_look_up_object() debe liberarse. Por lo tanto, libere ese recuento de referencias en cachefiles_look_up_object() para solucionar el problema anterior y simplificar el c\u00f3digo."
