lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2020 10:57:44 -0400 From: "Theodore Y. Ts'o" <tytso@....edu> To: Jan Kara <jack@...e.cz> Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org, Eric Sandeen <sandeen@...deen.net> Subject: Re: [PATCH 3/3] ext4: Avoid freeing inodes on dirty list On Tue, Apr 21, 2020 at 10:54:45AM +0200, Jan Kara wrote: > When we are evicting inode with journalled data, we may race with > transaction commit in the following way: > > CPU0 CPU1 > jbd2_journal_commit_transaction() evict(inode) > inode_io_list_del() > inode_wait_for_writeback() > process BJ_Forget list > __jbd2_journal_insert_checkpoint() > __jbd2_journal_refile_buffer() > __jbd2_journal_unfile_buffer() > if (test_clear_buffer_jbddirty(bh)) > mark_buffer_dirty(bh) > __mark_inode_dirty(inode) > ext4_evict_inode(inode) > frees the inode > > This results in use-after-free issues in the writeback code (or > the assertion added in the previous commit triggering). > > Fix the problem by removing inode from writeback lists once all the page > cache is evicted and so inode cannot be added to writeback lists again. > > Signed-off-by: Jan Kara <jack@...e.cz> Applied, thanks. - Ted
Powered by blists - more mailing lists