mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs
History
Jan Kara c6fac5cf5a ext4: fix race when reusing xattr blocks 
[ Upstream commit 65f8b80053 ]

When ext4_xattr_block_set() decides to remove xattr block the following
race can happen:

CPU1                                    CPU2
ext4_xattr_block_set()                  ext4_xattr_release_block()
  new_bh = ext4_xattr_block_cache_find()

                                          lock_buffer(bh);
                                          ref = le32_to_cpu(BHDR(bh)->h_refcount);
                                          if (ref == 1) {
                                            ...
                                            mb_cache_entry_delete();
                                            unlock_buffer(bh);
                                            ext4_free_blocks();
                                              ...
                                              ext4_forget(..., bh, ...);
                                                jbd2_journal_revoke(..., bh);

  ext4_journal_get_write_access(..., new_bh, ...)
    do_get_write_access()
      jbd2_journal_cancel_revoke(..., new_bh);

Later the code in ext4_xattr_block_set() finds out the block got freed
and cancels reusal of the block but the revoke stays canceled and so in
case of block reuse and journal replay the filesystem can get corrupted.
If the race works out slightly differently, we can also hit assertions
in the jbd2 code.

Fix the problem by making sure that once matching mbcache entry is
found, code dropping the last xattr block reference (or trying to modify
xattr block in place) waits until the mbcache entry reference is
dropped. This way code trying to reuse xattr block is protected from
someone trying to drop the last reference to xattr block.

Reported-and-tested-by: Ritesh Harjani <ritesh.list@gmail.com>
CC: stable@vger.kernel.org
Fixes: 82939d7999 ("ext4: convert to mbcache2")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220712105436.32204-5-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-08-17 14:42:32 +02:00
..
9p 9p: fix EBADF errors in cached mode 2022-06-29 09:04:26 +02:00
adfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
affs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
afs netfs: do not unlock and put the folio twice 2022-07-22 10:21:42 +02:00
autofs
befs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
bfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
btrfs btrfs: zoned: wait until zone is finished when allocation didn't progress 2022-08-17 14:42:27 +02:00
cachefiles cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr 2022-04-08 23:32:40 +01:00
ceph netfs: do not unlock and put the folio twice 2022-07-22 10:21:42 +02:00
cifs SMB3: fix lease break timeout when multiple deferred close handles for the same file. 2022-08-17 14:42:19 +02:00
coda Folio changes for 5.18 2022-03-22 17:03:12 -07:00
configfs configfs: fix a race in configfs_{,un}register_subsystem() 2022-02-22 18:30:28 +01:00
cramfs
crypto fs: Remove ->readpages address space operation 2022-04-01 13:45:33 -04:00
debugfs debugfs: Document that debugfs_create functions need not be error checked 2022-02-25 11:56:13 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-01-24 14:17:02 +01:00
dlm dlm: fix pending remove if msg allocation fails 2022-07-29 17:28:15 +02:00
ecryptfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
efivarfs
efs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
erofs erofs: avoid consecutive detection for Highmem memory 2022-08-17 14:40:38 +02:00
exfat exfat: use updated exfat_chain directly during renaming 2022-07-29 17:28:16 +02:00
exportfs exportfs: support idmapped mounts 2022-06-09 10:30:56 +02:00
ext2 ext2: Add more validity checks for inode counts 2022-08-17 14:40:21 +02:00
ext4 ext4: fix race when reusing xattr blocks 2022-08-17 14:42:32 +02:00
f2fs f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED 2022-08-17 14:42:16 +02:00
fat fat: add ratelimit to fat*_ent_bread() 2022-06-09 10:29:49 +02:00
freevxfs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
fscache fscache: Fix if condition in fscache_wait_on_volume_collision() 2022-07-12 16:42:17 +02:00
fuse fuse: Remove the control interface for virtio-fs 2022-08-17 14:42:09 +02:00
gfs2 gfs2: use i_lock spin_lock for inode qadata 2022-06-09 10:29:47 +02:00
hfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
hfsplus Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
hostfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
hpfs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
hugetlbfs hugetlbfs: fix hugetlbfs_statfs() locking 2022-06-09 10:30:31 +02:00
iomap iomap: iomap_write_failed fix 2022-06-09 10:30:08 +02:00
isofs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
jbd2 jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted 2022-08-17 14:41:57 +02:00
jffs2 jffs2: fix memory leak in jffs2_do_fill_super 2022-06-14 18:44:55 +02:00
jfs fs: jfs: fix possible NULL pointer dereference in dbFree() 2022-06-09 10:29:49 +02:00
kernfs kernfs: fix potential NULL dereference in __kernfs_remove 2022-08-17 14:41:42 +02:00
ksmbd ksmbd: prevent out of bound read for SMB2_WRITE 2022-08-17 14:42:30 +02:00
lockd lockd: detect and reject lock arguments that overflow 2022-08-17 14:40:04 +02:00
minix Merge branch 'akpm' (patches from Andrew) 2022-03-24 14:14:07 -07:00
netfs netfs: do not unlock and put the folio twice 2022-07-22 10:21:42 +02:00
nfs pNFS/flexfiles: Report RDMA connection errors to the server 2022-08-17 14:40:02 +02:00
nfs_common
nfsd nfsd: eliminate the NFSD_FILE_BREAK_* flags 2022-08-17 14:40:02 +02:00
nilfs2 nilfs2: fix incorrect masking of permission flags for symlinks 2022-07-22 10:21:21 +02:00
nls
notify fanotify: refine the validation checks on non-dir inode mask 2022-07-07 17:54:57 +02:00
ntfs ntfs: fix use-after-free in ntfs_ucsncmp() 2022-08-03 12:05:16 +02:00
ntfs3 fs/ntfs3: Fix invalid free in log_replay 2022-06-09 10:30:56 +02:00
ocfs2 Revert "ocfs2: mount shared volume without ha stack" 2022-08-03 12:05:16 +02:00
omfs fs: Convert __set_page_dirty_buffers to block_dirty_folio 2022-03-16 13:37:04 -04:00
openpromfs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
orangefs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
overlayfs ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() 2022-08-17 14:40:09 +02:00
proc proc: fix a dentry lock race between release_task and lookup 2022-08-17 14:42:07 +02:00
pstore pstore: Don't use semaphores in always-atomic-context code 2022-03-15 11:08:23 -07:00
qnx4 fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
qnx6 fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
quota quota: Prevent memory allocation recursion while holding dq_lock 2022-06-22 14:27:51 +02:00
ramfs
reiserfs \n 2022-03-25 17:38:15 -07:00
romfs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
smbfs_common smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common 2022-03-31 09:38:53 -05:00
squashfs Merge branch 'akpm' (patches from Andrew) 2022-03-22 16:11:53 -07:00
sysfs kobject: kobj_type: remove default_attrs 2022-04-05 15:39:19 +02:00
sysv Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
tracefs tracefs: Set the group ownership in apply_options() not parse_options() 2022-02-25 21:05:04 -05:00
ubifs This pull request contains fixes for JFFS2, UBI and UBIFS 2022-03-31 16:09:41 -07:00
udf udf: Avoid using stale lengthOfImpUse 2022-05-10 13:30:32 +02:00
ufs Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
unicode kbuild: unify cmd_copy and cmd_shipped 2022-02-14 10:37:32 +09:00
vboxsf Filesystem folio changes for 5.18 2022-03-22 18:26:56 -07:00
verity fs: Remove ->readpages address space operation 2022-04-01 13:45:33 -04:00
xfs xfs: reorder iunlink remove operation in xfs_ifree 2022-04-21 08:45:16 +10:00
zonefs block: add a bdev_max_zone_append_sectors helper 2022-08-17 14:42:25 +02:00
Kconfig Folio changes for 5.18 2022-03-22 17:03:12 -07:00
Kconfig.binfmt execve updates for v5.18-rc1 2022-03-21 19:16:02 -07:00
Makefile io_uring: move to separate directory 2022-08-17 14:40:41 +02:00
aio.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
anon_inodes.c
attr.c vfs: Check the truncate maximum size in inode_newsize_ok() 2022-08-17 14:40:08 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c revert "fs/binfmt_elf: use PT_LOAD p_align values for static PIE" 2022-04-15 14:49:56 -07:00
binfmt_elf_fdpic.c coredump: Snapshot the vmas in do_coredump 2022-03-08 12:55:29 -06:00
binfmt_elf_test.c binfmt_elf: Introduce KUnit test 2022-03-03 20:38:56 -08:00
binfmt_flat.c binfmt_flat: do not stop relocating GOT entries prematurely on riscv 2022-06-09 10:29:26 +02:00
binfmt_misc.c Fix regression due to "fs: move binfmt_misc sysctl to its own file" 2022-02-09 09:50:02 -08:00
binfmt_script.c
buffer.c filemap: Remove AOP_FLAG_CONT_EXPAND 2022-04-01 14:40:44 -04:00
char_dev.c
compat_binfmt_elf.c binfmt_elf: Introduce KUnit test 2022-03-03 20:38:56 -08:00
coredump.c ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
d_path.c
dax.c dax: fix cache flush on PMD-mapped pages 2022-06-09 10:30:28 +02:00
dcache.c mm: dcache: use kmem_cache_alloc_lru() to allocate dentry 2022-03-22 15:57:03 -07:00
direct-io.c block: remove the per-bio/request write hint 2022-03-07 12:45:57 -07:00
drop_caches.c
eventfd.c
eventpoll.c epoll: autoremove wakers even more aggressively 2022-08-17 14:40:20 +02:00
exec.c posix-cpu-timers: Cleanup CPU timers before freeing them during exec 2022-08-17 14:42:19 +02:00
fcntl.c fs: remove fs.f_write_hint 2022-03-08 17:55:03 -07:00
fhandle.c
file.c fs: fix fd table size alignment properly 2022-03-29 23:29:18 -07:00
file_table.c SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() 2022-04-07 16:19:47 -04:00
filesystems.c
fs-writeback.c writeback: Fix inode->i_io_list not be protected by inode->i_lock error 2022-06-14 18:45:18 +02:00
fs_context.c vfs: fs_context: fix up param length parsing in legacy_parse_param 2022-01-18 09:23:19 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c writeback: Fix inode->i_io_list not be protected by inode->i_lock error 2022-06-14 18:45:18 +02:00
internal.h Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
ioctl.c Fixes for 5.18-rc1: 2022-04-01 19:35:56 -07:00
kernel_read_file.c
libfs.c fs: Convert __set_page_dirty_no_writeback to noop_dirty_folio 2022-03-16 13:37:05 -04:00
locks.c fs: move locking sysctls where they are used 2022-01-22 08:33:36 +02:00
mbcache.c mbcache: add functions to delete entry if unused 2022-08-17 14:40:17 +02:00
mount.h
mpage.c for-5.18/alloc-cleanups-2022-03-25 2022-03-26 11:59:30 -07:00
namei.c __follow_mount_rcu(): verify that mount_lock remains unchanged 2022-08-17 14:42:20 +02:00
namespace.c fs: hold writers when changing mount's idmapping 2022-06-09 10:29:42 +02:00
no-block.c
nsfs.c
open.c fs: remove fs.f_write_hint 2022-03-08 17:55:03 -07:00
pipe.c pipe: Fix missing lock in pipe_resize_ring() 2022-06-06 08:48:53 +02:00
pnode.c
pnode.h
posix_acl.c fs: fix acl translation 2022-04-19 10:19:02 -07:00
proc_namespace.c
read_write.c fs: sendfile handles O_NONBLOCK of out_fd 2022-08-03 12:05:16 +02:00
readdir.c
remap_range.c fs/remap: constrain dedupe of EOF blocks 2022-07-22 10:21:21 +02:00
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-11 09:03:05 -08:00
seq_file.c rxrpc: Fix locking issue 2022-06-09 10:30:19 +02:00
signalfd.c Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2022-01-17 05:49:30 +02:00
splice.c fs: check FMODE_LSEEK to control internal pipe splicing 2022-08-17 14:41:05 +02:00
stack.c
stat.c stat: fix inconsistency between struct stat and struct compat_stat 2022-04-12 13:35:08 -10:00
statfs.c
super.c vfs: make freeze_super abort when sync_filesystem returns error 2022-01-30 08:59:47 -08:00
sync.c vfs: make sync_filesystem return errors from ->sync_fs 2022-01-30 08:59:47 -08:00
sysctls.c fs: move namespace sysctls and declare fs base directory 2022-01-22 08:33:36 +02:00
timerfd.c
userfaultfd.c userfaultfd: provide properly masked address for huge-pages 2022-08-03 12:05:16 +02:00
utimes.c
xattr.c fs: fix acl translation 2022-04-19 10:19:02 -07:00