linux-stable/fs/ext4
zhangyi (F) 7727ae5297 ext4: fix potential use after free after remounting with noblock_validity
Remount process will release system zone which was allocated before if
"noblock_validity" is specified. If we mount an ext4 file system to two
mountpoints with default mount options, and then remount one of them
with "noblock_validity", it may trigger a use after free problem when
someone accessing the other one.

 # mount /dev/sda foo
 # mount /dev/sda bar

User access mountpoint "foo"   |   Remount mountpoint "bar"
                               |
ext4_map_blocks()              |   ext4_remount()
check_block_validity()         |   ext4_setup_system_zone()
ext4_data_block_valid()        |   ext4_release_system_zone()
                               |   free system_blks rb nodes
access system_blks rb nodes    |
trigger use after free         |

This problem can also be reproduced by one mountpint, At the same time,
add_system_zone() can get called during remount as well so there can be
racing ext4_data_block_valid() reading the rbtree at the same time.

This patch add RCU to protect system zone from releasing or building
when doing a remount which inverse current "noblock_validity" mount
option. It assign the rbtree after the whole tree was complete and
do actual freeing after rcu grace period, avoid any intermediate state.

Reported-by: syzbot+1e470567330b7ad711d5@syzkaller.appspotmail.com
Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
2019-08-28 11:13:24 -04:00
..
acl.c ext4: compare old and new mode before setting update_mode flag 2018-12-10 00:22:38 -05:00
acl.h
balloc.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
bitmap.c
block_validity.c ext4: fix potential use after free after remounting with noblock_validity 2019-08-28 11:13:24 -04:00
dir.c ext4: rename "dirent_csum" functions to use "dirblock" 2019-06-21 15:49:26 -04:00
ext4.h ext4: fix potential use after free after remounting with noblock_validity 2019-08-28 11:13:24 -04:00
ext4_extents.h ext4: adjust reserved cluster count when removing extents 2018-10-01 14:25:08 -04:00
ext4_jbd2.c ext4: shutdown should not prevent get_write_access 2018-02-18 22:07:36 -05:00
ext4_jbd2.h ext4: use jbd2_inode dirty range scoping 2019-06-20 17:26:26 -04:00
extents.c ext4: fix warning inside ext4_convert_unwritten_extents_endio 2019-08-22 22:53:46 -04:00
extents_status.c ext4: rework reserved cluster accounting when invalidating pages 2019-08-22 23:22:14 -04:00
extents_status.h ext4: rework reserved cluster accounting when invalidating pages 2019-08-22 23:22:14 -04:00
file.c ext4: remove unnecessary error check 2019-08-11 16:28:41 -04:00
fsmap.c ext4: fix miscellaneous sparse warnings 2019-05-12 04:49:47 -04:00
fsmap.h
fsync.c Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" 2019-01-31 23:41:11 -05:00
hash.c ext4: Support case-insensitive file name lookups 2019-04-25 14:12:08 -04:00
ialloc.c ext4: Support case-insensitive file name lookups 2019-04-25 14:12:08 -04:00
indirect.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
inline.c ext4: set error return correctly when ext4_htree_store_dirent fails 2019-08-12 14:29:38 -04:00
inode.c ext4: fix punch hole for inline_data file systems 2019-08-23 22:38:00 -04:00
ioctl.c ext4: add new ioctl EXT4_IOC_GET_ES_CACHE 2019-08-11 16:32:41 -04:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile
mballoc.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
mballoc.h
migrate.c ext4: clean up indentation issues, remove extraneous tabs 2018-12-04 00:16:44 -05:00
mmp.c ext4: don't mark mmp buffer head dirty 2018-09-15 17:11:25 -04:00
move_extent.c ext4: use jbd2_inode dirty range scoping 2019-06-20 17:26:26 -04:00
namei.c ext4: fix coverity warning on error path of filename setup 2019-07-02 17:56:12 -04:00
page-io.c for-linus-20190715 2019-07-15 21:20:52 -07:00
readpage.c Clean up fscrypt's dcache revalidation support, and other 2019-05-07 21:28:04 -07:00
resize.c Add as a feature case-insensitive directories (the casefold feature) 2019-05-07 21:12:44 -07:00
super.c Some bug fixes, and an update to the URL's for the final version of 2019-05-19 11:43:16 -07:00
symlink.c
sysfs.c ext4: replace ktype default_attrs with default_groups 2019-07-02 17:38:55 -04:00
truncate.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
xattr.c ext4: ignore e_value_offs for xattrs with value-in-ea-inode 2019-04-10 00:37:36 -04:00
xattr.h ext4: add extra checks to ext4_xattr_block_get() 2018-03-30 20:04:11 -04:00
xattr_security.c ext4: use XATTR_CREATE in ext4_initxattrs() 2018-05-10 11:52:14 -04:00
xattr_trusted.c
xattr_user.c