mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 06:10:56 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs
History
Filipe Manana a0cc006f42 btrfs: zoned: fix use-after-free due to race with dev replace 
commit 0090d6e1b2 upstream.

While loading a zone's info during creation of a block group, we can race
with a device replace operation and then trigger a use-after-free on the
device that was just replaced (source device of the replace operation).

This happens because at btrfs_load_zone_info() we extract a device from
the chunk map into a local variable and then use the device while not
under the protection of the device replace rwsem. So if there's a device
replace operation happening when we extract the device and that device
is the source of the replace operation, we will trigger a use-after-free
if before we finish using the device the replace operation finishes and
frees the device.

Fix this by enlarging the critical section under the protection of the
device replace rwsem so that all uses of the device are done inside the
critical section.

CC: stable@vger.kernel.org # 6.1.x: 15c12fcc50: btrfs: zoned: introduce a zone_info struct in btrfs_load_block_group_zone_info
CC: stable@vger.kernel.org # 6.1.x: 09a46725cc: btrfs: zoned: factor out per-zone logic from btrfs_load_block_group_zone_info
CC: stable@vger.kernel.org # 6.1.x: 9e0e3e74dc: btrfs: zoned: factor out single bg handling from btrfs_load_block_group_zone_info
CC: stable@vger.kernel.org # 6.1.x: 87463f7e02: btrfs: zoned: factor out DUP bg handling from btrfs_load_block_group_zone_info
CC: stable@vger.kernel.org # 6.1.x
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-21 14:40:37 +02:00
..
9p 9p: add missing locking around taking dentry fid list 2024-06-16 13:51:01 +02:00
adfs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
affs affs: remove SLAB_MEM_SPREAD flag usage 2024-02-26 11:36:28 +01:00
afs afs: Don't cross .backup mountpoint from backup volume 2024-06-16 13:50:54 +02:00
autofs
bcachefs bcachefs: Add missing sched_annotate_sleep() in bch2_journal_flush_seq_async() 2024-05-07 11:02:37 -04:00
befs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
bfs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
btrfs btrfs: zoned: fix use-after-free due to race with dev replace 2024-06-21 14:40:37 +02:00
cachefiles cachefiles: flush all requests after setting CACHEFILES_DEAD 2024-06-21 14:40:16 +02:00
ceph ceph: switch to use cap_delay_lock for the unlink delay list 2024-04-11 22:56:28 +02:00
coda mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
configfs
cramfs fs,block: yield devices early 2024-03-27 13:17:15 +01:00
crypto fscrypt updates for 6.9 2024-03-12 13:17:36 -07:00
debugfs
devpts
dlm dlm: fix user space lock decision to copy lvb 2024-05-30 09:44:15 +02:00
ecryptfs ecryptfs: Fix buffer size for tag 66 packet 2024-05-30 09:44:04 +02:00
efivarfs
efs
erofs erofs: avoid allocating DEFLATE streams before mounting 2024-06-16 13:50:54 +02:00
exfat exfat: zero the reserved fields of file and stream extension dentries 2024-04-25 21:59:59 +09:00
exportfs
ext2 \n 2024-03-13 14:30:58 -07:00
ext4 ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() 2024-06-16 13:51:10 +02:00
f2fs f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() 2024-06-16 13:50:54 +02:00
fat - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
freevxfs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
fuse fuse: clear FR_SENT when re-adding requests into pending list 2024-06-12 11:39:21 +02:00
gfs2 gfs2: do_xmote fixes 2024-05-30 09:44:24 +02:00
hfs hfs: really remove hfs_writepage 2023-12-29 11:58:34 -08:00
hfsplus
hostfs
hpfs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
hugetlbfs
iomap iomap: fault in smaller chunks for non-large folio mappings 2024-06-16 13:51:04 +02:00
isofs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
jbd2
jffs2 jffs2: prevent xattr node from overflowing the eraseblock 2024-05-30 09:44:06 +02:00
jfs jfs: xattr: fix buffer overflow for invalid xattr 2024-06-21 14:40:13 +02:00
kernfs kernfs: annotate different lockdep class for of->mutex of writable files 2024-04-14 06:55:46 -04:00
lockd NFSD 6.9 Release Notes 2024-03-12 14:27:37 -07:00
minix minix: remove SLAB_MEM_SPREAD flag usage 2024-02-27 11:21:32 +01:00
netfs netfs: Fix setting of BDP_ASYNC from iocb flags 2024-06-12 11:39:44 +02:00
nfs NFS: add barriers when testing for NFS_FSDATA_BLOCKED 2024-06-21 14:40:17 +02:00
nfs_common NFSv4.2: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:52 -07:00
nfsd knfsd: LOOKUP can return an illegal error value 2024-06-21 14:40:33 +02:00
nilfs2 nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors 2024-06-16 13:51:15 +02:00
nls
notify
ntfs3 fs/ntfs3: Use variable length array instead of fixed size 2024-06-12 11:39:29 +02:00
ocfs2 ocfs2: fix races between hole punching and AIO+DIO 2024-06-21 14:40:34 +02:00
omfs omfs: convert to new timestamp accessors 2023-10-18 14:08:25 +02:00
openpromfs openpromfs: finish conversion to the new mount API 2024-05-30 09:44:03 +02:00
orangefs Julia Lawall reported this null pointer dereference, this should fix it. 2024-02-14 15:57:53 -05:00
overlayfs ovl: remove upper umask handling from ovl_create_upper() 2024-06-12 11:39:15 +02:00
proc fs/proc: fix softlockup in __read_vmcore 2024-06-21 14:40:33 +02:00
pstore pstore/zone: Don't clear memory twice 2024-03-09 12:33:22 -08:00
qnx4 mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
qnx6
quota mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
ramfs
reiserfs fs,block: yield devices early 2024-03-27 13:17:15 +01:00
romfs fs,block: yield devices early 2024-03-27 13:17:15 +01:00
smb ksmbd: fix missing use of get_write in in smb2_set_ea() 2024-06-21 14:40:26 +02:00
squashfs Squashfs: check the inode number is not the invalid value of zero 2024-04-16 15:39:50 -07:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-04-11 15:16:48 +02:00
sysv sysv: remove SLAB_MEM_SPREAD flag usage 2024-02-27 11:21:31 +01:00
tracefs eventfs: Update all the eventfs_inodes from the events descriptor 2024-06-21 14:40:11 +02:00
ubifs This pull request contains updates for UBI and UBIFS: 2024-03-21 15:09:29 -07:00
udf udf: Convert udf_expand_file_adinicb() to use a folio 2024-06-12 11:39:14 +02:00
ufs mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
unicode unicode: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:54 -07:00
vboxsf vboxsf: explicitly deny setlease attempts 2024-04-03 16:06:39 +02:00
verity fsverity: use register_sysctl_init() to avoid kmemleak warning 2024-06-16 13:50:56 +02:00
xfs Bug fixes for 6.9-rc3: 2024-04-06 09:14:18 -07:00
zonefs zonefs: Use str_plural() to fix Coccinelle warning 2024-04-10 07:23:47 +09:00
aio.c aio: Fix null ptr deref in aio_complete() wakeup 2024-04-05 11:20:28 +02:00
anon_inodes.c
attr.c lsm/stable-6.9 PR 20240312 2024-03-12 20:03:34 -07:00
backing-file.c
bad_inode.c
binfmt_elf.c
binfmt_elf_fdpic.c binfmt: replace deprecated strncpy 2024-03-21 20:20:52 -07:00
binfmt_elf_test.c
binfmt_flat.c binfmt_flat: Remove shared library support 2022-04-22 10:57:18 -07:00
binfmt_misc.c
binfmt_script.c Merge branch 'akpm' (patches from Andrew) 2020-06-04 19:18:29 -07:00
buffer.c
char_dev.c
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c
dcache.c
direct-io.c
drop_caches.c
eventfd.c eventfd: strictly check the count parameter of eventfd_write to avoid inputting illegal strings 2024-02-08 10:12:26 +01:00
eventpoll.c epoll: be better about file lifetimes 2024-05-05 14:00:48 -07:00
exec.c mm/ksm: fix ksm exec support for prctl 2024-05-30 09:44:56 +02:00
fcntl.c
fhandle.c
file.c
file_table.c lsm/stable-6.9 PR 20240312 2024-03-12 20:03:34 -07:00
filesystems.c
fs-writeback.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c bcachefs updates for 6.9 2024-03-15 09:00:09 -07:00
internal.h pidfs: remove config option 2024-03-13 12:53:53 -07:00
ioctl.c fs: Return ENOTTY directly if FS_IOC_GETUUID or FS_IOC_GETFSSYSFSPATH fail 2024-04-09 12:03:49 +02:00
Kconfig - Sumanth Korikkar has taught s390 to allocate hotplug-time page frames 2024-03-14 17:43:30 -07:00
Kconfig.binfmt
kernel_read_file.c
libfs.c shmem: Fix shmem_rename2() 2024-05-30 09:44:06 +02:00
locks.c
Makefile
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c security: Place security_path_post_mknod() where the original IMA call was 2024-04-03 10:21:32 -07:00
namespace.c
nsfs.c pidfs: remove config option 2024-03-13 12:53:53 -07:00
open.c lsm/stable-6.9 PR 20240312 2024-03-12 20:03:34 -07:00
pidfs.c pidfs: remove config option 2024-03-13 12:53:53 -07:00
pipe.c
pnode.c
pnode.h
posix_acl.c lsm/stable-6.9 PR 20240312 2024-03-12 20:03:34 -07:00
proc_namespace.c
read_write.c fsnotify: optionally pass access range in file permission hooks 2023-12-12 16:20:02 +01:00
readdir.c
remap_range.c remap_range: merge do_clone_file_range() into vfs_clone_file_range() 2024-02-06 17:07:21 +01:00
select.c
seq_file.c
signalfd.c
splice.c fs: use splice_copy_file_range() inline helper 2023-12-12 16:20:02 +01:00
stack.c
stat.c vfs-6.8.mount 2024-01-08 10:57:34 -08:00
statfs.c
super.c fs,block: yield devices early 2024-03-27 13:17:15 +01:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c mm/userfaultfd: reset ptes when close() for wr-protected ones 2024-05-05 17:28:04 -07:00
utimes.c
xattr.c