| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Apr 2020 22:28:42 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Ext4 Developers List <linux-ext4@...r.kernel.org>
Cc: "Theodore Ts'o" <tytso@....edu>
Subject: [PATCH] ext4: fix BUG_ON in fs/ext4/page_io.c:ext4_release_io_end()
The function ext4_release_io_end() can be called by
ext4_put_io_end_defer() with the EXT4_IO_UNWRITTEN flag set and
io_end->size is 0. In that case, it's safe to release the io_end
structure, since if io_end->size is zero, there is no unwritten region
to release.
This can be reproduced using generic/300, although not very reliably,
and almost never using a freshly rebooted kernel.
Google-Bug-Id: 15054006
Signed-off-by: "Theodore Ts'o" <tytso@....edu>
---
fs/ext4/page-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index de6fe969f773..15125e5b4827 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -153,7 +153,7 @@ static void ext4_release_io_end(ext4_io_end_t *io_end)
struct bio *bio, *next_bio;
BUG_ON(!list_empty(&io_end->list));
- BUG_ON(io_end->flag & EXT4_IO_END_UNWRITTEN);
+ BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
WARN_ON(io_end->handle);
for (bio = io_end->bio; bio; bio = next_bio) {
--
2.24.1
Powered by blists - more mailing lists