| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Mar 2019 23:17:23 -0400 From: "Theodore Ts'o" <tytso@....edu> To: Jiufei Xue <jiufei.xue@...ux.alibaba.com> Cc: linux-ext4@...r.kernel.org, joseph.qi@...ux.alibaba.com Subject: Re: [PATCH] ext4: fix NULL pointer dereference while journal is aborted On Mon, Mar 11, 2019 at 02:35:28PM +0800, Jiufei Xue wrote: > We see the following NULL pointer dereference while running xfstests > generic/475: > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 > PGD 8000000c84bad067 P4D 8000000c84bad067 PUD c84e62067 PMD 0 > Oops: 0000 [#1] SMP PTI > CPU: 7 PID: 9886 Comm: fsstress Kdump: loaded Not tainted 5.0.0-rc8 #10 > RIP: 0010:ext4_do_update_inode+0x4ec/0x760 > ... > Call Trace: > ? jbd2_journal_get_write_access+0x42/0x50 > ? __ext4_journal_get_write_access+0x2c/0x70 > ? ext4_truncate+0x186/0x3f0 > ext4_mark_iloc_dirty+0x61/0x80 > ext4_mark_inode_dirty+0x62/0x1b0 > ext4_truncate+0x186/0x3f0 > ? unmap_mapping_pages+0x56/0x100 > ext4_setattr+0x817/0x8b0 > notify_change+0x1df/0x430 > do_truncate+0x5e/0x90 > ? generic_permission+0x12b/0x1a0 > > This is triggered because the NULL pointer handle->h_transaction was > dereferenced in function ext4_update_inode_fsync_trans(). > I found that the h_transaction was set to NULL in jbd2__journal_restart > but failed to attached to a new transaction while the journal is aborted. > > Fix this by checking the handle before updating the inode. > > Signed-off-by: Jiufei Xue <jiufei.xue@...ux.alibaba.com> Thanks, applied. - Ted
Powered by blists - more mailing lists