| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2020 10:57:44 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Jan Kara <jack@...e.cz>
Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Eric Sandeen <sandeen@...deen.net>
Subject: Re: [PATCH 3/3] ext4: Avoid freeing inodes on dirty list
On Tue, Apr 21, 2020 at 10:54:45AM +0200, Jan Kara wrote:
> When we are evicting inode with journalled data, we may race with
> transaction commit in the following way:
>
> CPU0 CPU1
> jbd2_journal_commit_transaction() evict(inode)
> inode_io_list_del()
> inode_wait_for_writeback()
> process BJ_Forget list
> __jbd2_journal_insert_checkpoint()
> __jbd2_journal_refile_buffer()
> __jbd2_journal_unfile_buffer()
> if (test_clear_buffer_jbddirty(bh))
> mark_buffer_dirty(bh)
> __mark_inode_dirty(inode)
> ext4_evict_inode(inode)
> frees the inode
>
> This results in use-after-free issues in the writeback code (or
> the assertion added in the previous commit triggering).
>
> Fix the problem by removing inode from writeback lists once all the page
> cache is evicted and so inode cannot be added to writeback lists again.
>
> Signed-off-by: Jan Kara <jack@...e.cz>
Applied, thanks.
- Ted
Powered by blists - more mailing lists