Merge tag 'v6.6-rc7.vfs.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull vfs fix from Christian Brauner: "An openat() call from io_uring triggering an audit call can apparently cause the refcount of struct filename to be incremented from multiple threads concurrently during async execution, triggering a refcount underflow and hitting a BUG_ON(). That bug has been lurking around since at least v5.16 apparently. Switch to an atomic counter to fix that. The underflow check is downgraded from a BUG_ON() to a WARN_ON_ONCE() but we could easily remove that check altogether tbh" * tag 'v6.6-rc7.vfs.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: audit,io_uring: io_uring openat triggers audit reference count underflow
author: Linus Torvalds <torvalds@linux-foundation.org> 2023-10-19 09:37:41 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2023-10-19 09:37:41 -0700
commit: ea1cc20cd4ce55dd920a87a317c43da03ccea192 (patch)
tree: 0c4d0adc1c19ffe73eec0f387fb0ab80d8e16eaf /include
parent: f69d00d12fcee9ce4b4f24bf609ad7398d10a576 (diff)
parent: 03adc61edad49e1bbecfb53f7ea5d78f398fe368 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b528f063e8ff..4a40823c3c67 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2403,7 +2403,7 @@ struct audit_names;
 struct filename {
 	const char		*name;	/* pointer to actual string */
 	const __user char	*uptr;	/* original userland pointer */
-	int			refcnt;
+	atomic_t		refcnt;
 	struct audit_names	*aname;
 	const char		iname[];
 };
author	Linus Torvalds <torvalds@linux-foundation.org>	2023-10-19 09:37:41 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2023-10-19 09:37:41 -0700
commit	ea1cc20cd4ce55dd920a87a317c43da03ccea192 (patch)
tree	0c4d0adc1c19ffe73eec0f387fb0ab80d8e16eaf /include
parent	f69d00d12fcee9ce4b4f24bf609ad7398d10a576 (diff)
parent	03adc61edad49e1bbecfb53f7ea5d78f398fe368 (diff)