lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190315031723.GB11334@mit.edu>
Date:   Thu, 14 Mar 2019 23:17:23 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Jiufei Xue <jiufei.xue@...ux.alibaba.com>
Cc:     linux-ext4@...r.kernel.org, joseph.qi@...ux.alibaba.com
Subject: Re: [PATCH] ext4: fix NULL pointer dereference while journal is
 aborted

On Mon, Mar 11, 2019 at 02:35:28PM +0800, Jiufei Xue wrote:
> We see the following NULL pointer dereference while running xfstests
> generic/475:
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> PGD 8000000c84bad067 P4D 8000000c84bad067 PUD c84e62067 PMD 0
> Oops: 0000 [#1] SMP PTI
> CPU: 7 PID: 9886 Comm: fsstress Kdump: loaded Not tainted 5.0.0-rc8 #10
> RIP: 0010:ext4_do_update_inode+0x4ec/0x760
> ...
> Call Trace:
> ? jbd2_journal_get_write_access+0x42/0x50
> ? __ext4_journal_get_write_access+0x2c/0x70
> ? ext4_truncate+0x186/0x3f0
> ext4_mark_iloc_dirty+0x61/0x80
> ext4_mark_inode_dirty+0x62/0x1b0
> ext4_truncate+0x186/0x3f0
> ? unmap_mapping_pages+0x56/0x100
> ext4_setattr+0x817/0x8b0
> notify_change+0x1df/0x430
> do_truncate+0x5e/0x90
> ? generic_permission+0x12b/0x1a0
> 
> This is triggered because the NULL pointer handle->h_transaction was
> dereferenced in function ext4_update_inode_fsync_trans().
> I found that the h_transaction was set to NULL in jbd2__journal_restart
> but failed to attached to a new transaction while the journal is aborted.
> 
> Fix this by checking the handle before updating the inode.
> 
> Signed-off-by: Jiufei Xue <jiufei.xue@...ux.alibaba.com>

Thanks, applied.

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ