linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00

History

Dave Wysochanski b5b52de321 fscache: Fix oops due to race with cookie_lru and use_cookie If a cookie expires from the LRU and the LRU_DISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscache_use_cookie and begin to use it. When the cookie_worker finally runs, it will see the LRU_DISCARD flag set, transition the cookie->state to LRU_DISCARDING, which will then withdraw the cookie. Once the cookie is withdrawn the object is removed the below oops will occur because the object associated with the cookie is now NULL. Fix the oops by clearing the LRU_DISCARD bit if another thread uses the cookie before the cookie_worker runs. BUG: kernel NULL pointer dereference, address: 0000000000000008 ... CPU: 31 PID: 44773 Comm: kworker/u130:1 Tainted: G E 6.0.0-5.dneg.x86_64 #1 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: events_unbound netfs_rreq_write_to_cache_work [netfs] RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles] ... Call Trace: netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs] process_one_work+0x217/0x3e0 worker_thread+0x4a/0x3b0 kthread+0xd6/0x100 Fixes: `12bb21a29c` ("fscache: Implement cookie user counting and resource pinning") Reported-by: Daire Byrne <daire.byrne@gmail.com> Signed-off-by: Dave Wysochanski <dwysocha@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Daire Byrne <daire@dneg.com> Link: https://lore.kernel.org/r/20221117115023.1350181-1-dwysocha@redhat.com/ # v1 Link: https://lore.kernel.org/r/20221117142915.1366990-1-dwysocha@redhat.com/ # v2 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2022-12-07 11:49:18 -08:00
..
9p
adfs
affs
afs	afs: Fix server->active leak in afs_put_server	2022-11-30 10:02:37 -08:00
autofs
befs
bfs
btrfs	for-6.1-rc6-tag	2022-11-25 13:24:05 -08:00
cachefiles
ceph	ceph: fix NULL pointer dereference for req->r_session	2022-11-14 10:29:05 +01:00
cifs	cifs: fix missing unlock in cifs_file_copychunk_range()	2022-11-21 10:27:03 -06:00
coda
configfs
cramfs
crypto	fscrypt: fix keyring memory leak on mount failure	2022-10-19 20:54:43 -07:00
debugfs
devpts
dlm
ecryptfs
efivarfs	efi: efivars: Fix variable writes without query_variable_store()	2022-10-21 11:09:40 +02:00
efs
erofs	Changes since last update:	2022-11-15 10:30:34 -08:00
exfat
exportfs
ext2
ext4	ext4: fix use-after-free in ext4_ext_shift_extents	2022-11-07 12:53:43 -05:00
f2fs	Random number generator fixes for Linux 6.1-rc1.	2022-10-16 15:27:07 -07:00
fat
freevxfs
fscache	fscache: Fix oops due to race with cookie_lru and use_cookie	2022-12-07 11:49:18 -08:00
fuse	fuse: lock inode unconditionally in fuse_fallocate()	2022-11-23 09:10:42 +01:00
gfs2
hfs
hfsplus
hostfs
hpfs
hugetlbfs	hugetlbfs: don't delete error page from pagecache	2022-11-08 15:57:22 -08:00
iomap
isofs	- hfs and hfsplus kmap API modernization from Fabio Francesco	2022-10-12 11:00:22 -07:00
jbd2
jffs2
jfs
kernfs	kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id()	2022-11-10 19:03:42 +01:00
ksmbd	vfs: fix copy_file_range() averts filesystem freeze protection	2022-11-25 00:52:28 -05:00
lockd
minix
netfs	netfs: Fix dodgy maths	2022-11-15 16:56:07 +00:00
nfs	nfs4: Fix kmemleak when allocate slot failed	2022-10-27 15:52:11 -04:00
nfs_common
nfsd	Amir's copy_file_range() fix	2022-11-27 12:40:06 -08:00
nilfs2	nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()	2022-11-30 14:49:40 -08:00
nls
notify
ntfs	- hfs and hfsplus kmap API modernization from Fabio Francesco	2022-10-12 11:00:22 -07:00
ntfs3
ocfs2	ocfs2: clear dinode links count in case of error	2022-10-20 21:27:22 -07:00
omfs
openpromfs
orangefs	Orangefs: change iterate to iterate_shared	2022-10-13 09:56:14 -07:00
overlayfs
proc	proc/meminfo: fix spacing in SecPageTables	2022-11-22 18:50:44 -08:00
pstore
qnx4
qnx6
quota
ramfs
reiserfs	- hfs and hfsplus kmap API modernization from Fabio Francesco	2022-10-12 11:00:22 -07:00
romfs
smbfs_common
squashfs	squashfs: fix buffer release race condition in readahead code	2022-10-28 13:37:21 -07:00
sysfs
sysv
tracefs
ubifs	Random number generator fixes for Linux 6.1-rc1.	2022-10-16 15:27:07 -07:00
udf	udf: Fix a slab-out-of-bounds write bug in udf_find_entry()	2022-11-09 12:24:42 +01:00
ufs
unicode
vboxsf
verity
xfs	xfs: rename XFS_REFC_COW_START to _COWFLAG	2022-10-31 08:58:22 -07:00
zonefs	zonefs: Fix active zone accounting	2022-11-25 17:01:22 +09:00
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_elf.c	fs/binfmt_elf: Fix memory leak in load_elf_binary()	2022-10-25 15:11:21 -07:00
binfmt_elf_fdpic.c
binfmt_elf_test.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c	- hfs and hfsplus kmap API modernization from Fabio Francesco	2022-10-12 11:00:22 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c
dcache.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c	23 hotfixes.	2022-10-29 17:49:33 -07:00
fcntl.c
fhandle.c
file.c	fs: use acquire ordering in __fget_light()	2022-10-31 15:30:11 -04:00
file_table.c
filesystems.c
fs-writeback.c	fs: do not update freeing inode i_io_list	2022-11-22 17:00:00 -05:00
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c
internal.h
ioctl.c
Kconfig
Kconfig.binfmt
kernel_read_file.c
libfs.c
locks.c
Makefile
mbcache.c
mount.h
mpage.c
namei.c	vfs: vfs_tmpfile: ensure O_EXCL flag is enforced	2022-11-19 02:22:11 -05:00
namespace.c
no-block.c
nsfs.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c	vfs: fix copy_file_range() averts filesystem freeze protection	2022-11-25 00:52:28 -05:00
readdir.c
remap_range.c
select.c
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c	fscrypt: fix keyring memory leak on mount failure	2022-10-19 20:54:43 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c	fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()	2022-11-07 12:58:26 -08:00
utimes.c
xattr.c