mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs
History
Brian Foster e3b83d87c9 ext4: fix racy may inline data check in dio write 
commit ce56d21355 upstream.

syzbot reports that the following warning from ext4_iomap_begin()
triggers as of the commit referenced below:

        if (WARN_ON_ONCE(ext4_has_inline_data(inode)))
                return -ERANGE;

This occurs during a dio write, which is never expected to encounter
an inode with inline data. To enforce this behavior,
ext4_dio_write_iter() checks the current inline state of the inode
and clears the MAY_INLINE_DATA state flag to either fall back to
buffered writes, or enforce that any other writers in progress on
the inode are not allowed to create inline data.

The problem is that the check for existing inline data and the state
flag can span a lock cycle. For example, if the ilock is originally
locked shared and subsequently upgraded to exclusive, another writer
may have reacquired the lock and created inline data before the dio
write task acquires the lock and proceeds.

The commit referenced below loosens the lock requirements to allow
some forms of unaligned dio writes to occur under shared lock, but
AFAICT the inline data check was technically already racy for any
dio write that would have involved a lock cycle. Regardless, lift
clearing of the state bit to the same lock critical section that
checks for preexisting inline data on the inode to close the race.

Cc: stable@kernel.org
Reported-by: syzbot+307da6ca5cb0d01d581a@syzkaller.appspotmail.com
Fixes: 310ee0902b ("ext4: allow concurrent unaligned dio overwrites")
Signed-off-by: Brian Foster <bfoster@redhat.com>
Link: https://lore.kernel.org/r/20231002185020.531537-1-bfoster@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-11-28 17:15:17 +00:00
..
9p 9p: v9fs_listxattr: fix %s null argument warning 2023-11-28 17:14:50 +00:00
adfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
affs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
afs afs: Fix accidental truncation when storing data 2023-07-04 12:24:32 -07:00
autofs autofs: fix memory leak of waitqueues in autofs_catatonic_mode 2023-09-23 11:14:17 +02:00
befs befs: Replace all non-returning strlcpy with strscpy 2023-05-30 16:42:00 -07:00
bfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
btrfs btrfs: zoned: wait for data BG to be finished on direct IO allocation 2023-11-28 17:15:11 +00:00
cachefiles v6.5/vfs.file 2023-06-26 10:14:36 -07:00
ceph ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock 2023-11-08 14:09:03 +01:00
coda vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
configfs fs: consolidate duplicate dt_type helpers 2023-04-03 09:23:54 +02:00
cramfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
crypto fscrypt: Replace 1-element array with flexible array 2023-05-23 19:46:09 -07:00
debugfs debugfs: Correct the 'debugfs_create_str' docs 2023-05-31 19:02:14 +01:00
devpts devpts: simplify two-level sysctl registration for pty_kern_table 2023-03-13 12:36:34 +01:00
dlm dlm: fix no ack after final message 2023-11-20 11:57:09 +01:00
ecryptfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
efivarfs efivarfs: fix statfs() on efivarfs 2023-09-23 11:14:32 +02:00
efs
erofs erofs: fix erofs_insert_workgroup() lockref usage 2023-11-20 11:57:11 +01:00
exfat exfat: support handle zero-size directory 2023-11-28 17:14:49 +00:00
exportfs vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
ext2 ext2: fix datatype of block number in ext2_xattr_set2() 2023-09-23 11:14:26 +02:00
ext4 ext4: fix racy may inline data check in dio write 2023-11-28 17:15:17 +00:00
f2fs f2fs: split initial and dynamic conditions for extent_cache 2023-11-28 17:15:13 +00:00
fat splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
freevxfs
fscache
fuse fuse: nlookup missing decrement in fuse_direntplus_link 2023-09-19 12:30:23 +02:00
gfs2 gfs2: don't withdraw if init_threads() got interrupted 2023-11-28 17:15:13 +00:00
hfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
hfsplus splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
hostfs Landlock updates for v6.5-rc1 2023-06-27 17:10:27 -07:00
hpfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
hugetlbfs hugetlb: revert use of page_cache_next_miss() 2023-06-23 16:59:32 -07:00
iomap iomap: Fix possible overflow condition in iomap_write_delalloc_scan 2023-09-23 11:14:17 +02:00
isofs
jbd2 jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev 2023-11-28 17:15:07 +00:00
jffs2 for-6.5/splice-2023-06-23 2023-06-26 11:52:12 -07:00
jfs jfs: fix array-index-out-of-bounds in diAlloc 2023-11-28 17:14:47 +00:00
kernfs kernfs: fix missing kernfs_iattr_rwsem locking 2023-09-19 12:30:09 +02:00
lockd fs: lockd: avoid possible wrong NULL parameter 2023-09-13 09:53:33 +02:00
minix splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
netfs netfs: Only call folio_start_fscache() one time for each folio 2023-10-06 13:15:45 +02:00
nfs NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO 2023-11-28 17:14:53 +00:00
nfs_common NFSv4.2: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:52 -07:00
nfsd NFSD: Update nfsd_cache_append() to use xdr_stream 2023-11-28 17:15:14 +00:00
nilfs2 nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() 2023-10-06 13:16:21 +02:00
nls fs/nls: make load_nls() take a const parameter 2023-07-25 00:30:02 -05:00
notify fanotify: limit reporting of event with non-decodeable file handles 2023-10-25 12:16:23 +02:00
ntfs vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
ntfs3 fs/ntfs3: Avoid possible memory leak 2023-11-08 14:08:59 +01:00
ocfs2 fs: ocfs2: namei: check return value of ocfs2_add_entry() 2023-09-13 09:53:08 +02:00
omfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
openpromfs
orangefs orangefs: Provide a splice-read wrapper 2023-05-24 08:42:16 -06:00
overlayfs ima: detect changes to the backing overlay file 2023-11-28 17:15:06 +00:00
proc watchdog: move softlockup_panic back to early_param 2023-11-28 17:15:01 +00:00
pstore pstore/platform: Add check for kstrdup 2023-11-20 11:56:44 +01:00
qnx4 qnx4: credit contributors in CREDITS 2023-03-14 12:56:30 -06:00
qnx6 qnx6: credit contributor and mark filesystem orphan 2023-03-14 12:56:30 -06:00
quota quota: explicitly forbid quota files from being encrypted 2023-11-28 17:15:07 +00:00
ramfs - Yosry Ahmed brought back some cgroup v1 stats in OOM logs. 2023-06-28 10:28:11 -07:00
reiserfs reiserfs: Check the return value from __getblk() 2023-09-13 09:52:57 +02:00
romfs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
smb cifs: Fix encryption of cleared, but unset rq_iter data buffers 2023-11-28 17:15:11 +00:00
squashfs squashfs: fix cache race with migration 2023-07-08 09:29:30 -07:00
sysfs sysfs: Skip empty folders creation 2023-06-15 13:37:53 +02:00
sysv for-6.5/splice-2023-06-23 2023-06-26 11:52:12 -07:00
tracefs tracefs: Add missing lockdown check to tracefs_create_dir() 2023-09-23 11:14:37 +02:00
ubifs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
udf \n 2023-06-29 13:39:51 -07:00
ufs splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
unicode unicode: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:54 -07:00
vboxsf hardening fixes for v6.5-rc6 2023-08-08 14:59:49 -07:00
verity fsverity: skip PKCS#7 parser when keyring is empty 2023-09-13 09:53:55 +02:00
xfs xfs: recovery should not clear di_flushiter unconditionally 2023-11-28 17:15:11 +00:00
zonefs zonefs: fix synchronous direct writes to sequential files 2023-08-10 12:59:47 +09:00
Kconfig smb: move client and server files to common directory fs/smb 2023-05-24 16:29:21 -05:00
Kconfig.binfmt
Makefile for-6.5/block-2023-06-23 2023-06-26 12:47:20 -07:00
aio.c fs/aio: Stop allocating aio rings from HIGHMEM 2023-06-15 09:22:23 +02:00
anon_inodes.c
attr.c attr: block mode changes of symlinks 2023-09-23 11:14:34 +02:00
bad_inode.c
binfmt_elf.c Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: fix personality for ELF-FDPIC 2023-10-06 13:16:29 +02:00
binfmt_elf_test.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c \n 2023-06-29 13:39:51 -07:00
char_dev.c vfs: Replace all non-returning strlcpy with strscpy 2023-05-15 09:42:01 +02:00
compat_binfmt_elf.c
coredump.c v6.5/vfs.misc 2023-06-26 09:50:21 -07:00
d_path.c fs: d_path: include internal.h 2023-05-17 09:16:59 +02:00
dax.c dax: enable dax fault handler to report VM_FAULT_HWPOISON 2023-06-26 07:54:23 -06:00
dcache.c
direct-io.c - Yosry Ahmed brought back some cgroup v1 stats in OOM logs. 2023-06-28 10:28:11 -07:00
drop_caches.c
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-09-13 09:52:58 +02:00
eventpoll.c v6.5/vfs.misc 2023-06-26 09:50:21 -07:00
exec.c \n 2023-06-29 13:31:44 -07:00
fcntl.c
fhandle.c fsnotify: move fsnotify_open() hook into do_dentry_open() 2023-06-12 10:43:45 +02:00
file.c fs: Fix kernel-doc warnings 2023-10-19 23:11:08 +02:00
file_table.c fs: move cleanup from init_file() into its callers 2023-07-02 13:15:49 +02:00
filesystems.c
fs-writeback.c writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs 2023-11-20 11:56:43 +01:00
fs_context.c fs: factor out vfs_parse_monolithic_sep() helper 2023-10-19 23:11:08 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c fs: add ctime accessors infrastructure 2023-11-28 17:15:10 +00:00
internal.h v6.5/vfs.file 2023-06-26 10:14:36 -07:00
ioctl.c fs: Fix kernel-doc warnings 2023-10-19 23:11:08 +02:00
kernel_read_file.c fs: Fix kernel-doc warnings 2023-10-19 23:11:08 +02:00
libfs.c direct_write_fallback(): on error revert the ->ki_pos update from buffered write 2023-10-06 13:16:01 +02:00
locks.c locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock 2023-09-23 11:14:17 +02:00
mbcache.c
mnt_idmapping.c
mount.h
mpage.c mpage: use folios in bio end_io handler 2023-04-18 16:30:02 -07:00
namei.c audit,io_uring: io_uring openat triggers audit reference count underflow 2023-10-25 12:16:11 +02:00
namespace.c v6.5/vfs.mount 2023-06-26 10:27:04 -07:00
nsfs.c kill the last remaining user of proc_ns_fget() 2023-04-20 22:55:35 -04:00
open.c fs: Fix kernel-doc warnings 2023-10-19 23:11:08 +02:00
pipe.c pipe: check for IOCB_NOWAIT alongside O_NONBLOCK 2023-05-12 17:17:27 +02:00
pnode.c fs: allow to mount beneath top mount 2023-05-19 04:30:22 +02:00
pnode.h fs: allow to mount beneath top mount 2023-05-19 04:30:22 +02:00
posix_acl.c acl: don't depend on IOP_XATTR 2023-03-06 09:59:20 +01:00
proc_namespace.c tty, proc, kernfs, random: Use copy_splice_read() 2023-05-24 08:42:16 -06:00
read_write.c splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
readdir.c vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
remap_range.c fs: use UB-safe check for signed addition overflow in remap_verify_area 2023-05-24 11:03:59 +02:00
select.c
seq_file.c
signalfd.c
splice.c splice: fsnotify_access(in), fsnotify_modify(out) on success in tee 2023-09-13 09:52:58 +02:00
stack.c
stat.c
statfs.c statfs: enforce statfs[64] structure initialization 2023-05-17 15:20:17 +02:00
super.c \n 2023-06-29 13:39:51 -07:00
sync.c
sysctls.c sysctl: Refactor base paths registrations 2023-05-23 21:43:26 -07:00
timerfd.c
userfaultfd.c Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes. 2023-06-23 16:58:19 -07:00
utimes.c
xattr.c fs: don't call posix_acl_listxattr in generic_listxattr 2023-05-17 15:25:20 +02:00