lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Mar 2019 18:05:27 +0800 From: Jiufei Xue <jiufei.xue@...ux.alibaba.com> To: Jan Kara <jack@...e.cz> Cc: linux-ext4@...r.kernel.org, tytso@....edu, renzhen@...ux.alibaba.com Subject: Re: [PATCH] jbd2: check superblock mapped prior to committing Hi Jan, On 2019/3/28 下午5:59, Jan Kara wrote: > On Thu 28-03-19 17:18:14, Jiufei Xue wrote: >> We hit a BUG at fs/buffer.c:3057 if we detached the nbd device >> before unmounting ext4 filesystem. >> >> The typical chain of events leading to the BUG: >> jbd2_write_superblock >> submit_bh >> submit_bh_wbc >> BUG_ON(!buffer_mapped(bh)); >> >> The block device is removed and all the pages are invalidated. JBD2 >> was trying to write journal superblock to the block device which is >> no longer present. >> >> Fix this by checking the journal superblock's buffer head prior to >> submitting. >> >> Cc: stable@...nel.org >> Reported-by: Eric Ren <renzhen@...ux.alibaba.com> >> Signed-off-by: Jiufei Xue <jiufei.xue@...ux.alibaba.com> >> --- >> fs/jbd2/journal.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c >> index 382c030cc78b..90fd3ed0a232 100644 >> --- a/fs/jbd2/journal.c >> +++ b/fs/jbd2/journal.c >> @@ -1350,6 +1350,9 @@ static int jbd2_write_superblock(journal_t *journal, int write_flags) >> journal_superblock_t *sb = journal->j_superblock; >> int ret; >> > Can you add a comment here like: > > /* Buffer got discarded which means block device got invalidated */ > > to explain what's going on? Thanks! Otherwise the patch looks good to me so > you can add: > > Reviewed-by: Jan Kara <jack@...e.cz> > Thank you for your suggestion, I will add the comment and send version 2 soon. Thanks, Jiufei > Honza > >> + if (!buffer_mapped(bh)) >> + return -EIO; >> + > > >> trace_jbd2_write_superblock(journal, write_flags); >> if (!(journal->j_flags & JBD2_BARRIER)) >> write_flags &= ~(REQ_FUA | REQ_PREFLUSH); >> -- >> 2.19.1.856.g8858448bb >>
Powered by blists - more mailing lists