lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Nov 2019 11:24:48 +0800 From: "zhangyi (F)" <yi.zhang@...wei.com> To: Jan Kara <jack@...e.cz> CC: <linux-ext4@...r.kernel.org>, <jack@...e.com>, <tytso@....edu>, <adilger.kernel@...ger.ca>, <liangyun2@...wei.com> Subject: Re: [PATCH] ext4, jbd2: ensure panic when there is no need to record errno in the jbd2 sb On 2019/11/29 22:46, Jan Kara wrote: > On Tue 26-11-19 22:45:37, zhangyi (F) wrote: >> JBD2_REC_ERR flag used to indicate the errno has been updated when jbd2 >> aborted, and then __ext4_abort() and ext4_handle_error() can invoke >> panic if ERRORS_PANIC is specified. But there is one exception, if jbd2 >> thread failed to submit commit record, it abort journal through >> invoking __jbd2_journal_abort_hard() without set this flag, so we can >> no longer panic. Fix this by set such flag even if there is no need to >> record errno in the jbd2 super block. >> >> Fixes: 4327ba52afd03 ("ext4, jbd2: ensure entering into panic after recording an error in superblock") >> Signed-off-by: zhangyi (F) <yi.zhang@...wei.com> >> Cc: <stable@...r.kernel.org> > > Thanks for the patch. This indeed looks like a bug. I was trying hard to > understand why are we actually using __jbd2_journal_abort_hard() in > fs/jbd2/commit.c in the first place. And after some digging, I think it is > an oversight and we should just use jbd2_journal_abort(). The calls have been > introduced by commit 818d276ceb83a "ext4: Add the journal checksum > feature". Before that commit, we were just using jbd2_journal_abort() when > writing commit block failed. And when we use jbd2_journal_abort() from > everywhere, that will also deal with the problem you've found. > > Also as a nice cleanup we could then just drop __jbd2_journal_abort_hard(), > __jbd2_journal_abort_soft() and have all the functionality in a single > function jbd2_journal_abort(). > Indeed, it seems that we also need to record the errno if we failed to submit commit block, I will remove __jbd2_journal_abort_hard() and combine them in my next iteration. Thanks, Yi.
Powered by blists - more mailing lists