lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Mar 2021 20:09:10 +0800 From: Zhang Yi <yi.zhang@...wei.com> To: <linux-ext4@...r.kernel.org> CC: <tytso@....edu>, <adilger.kernel@...ger.ca>, <jack@...e.cz>, <yi.zhang@...wei.com> Subject: [PATCH v2] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() When CONFIG_QUOTA is enabled and if we later fail to finish mounting the filesystem due to some error after ext4_orphan_cleanup(), we may hit use after free issues. The problem is that ext4_orphan_cleanup() sets SB_ACTIVE flag and so inodes processed during the orphan cleanup are put to the superblock's LRU list instead of being immediately destroyed. However the path handling error recovery after failed ->fill_super() call does not destroy inodes attached to the superblock and so they are left active in memory while the superblock is freed. Originally, SB_ACTIVE setting was added so that updated quota information is not destroyed when we drop quota inode references after orphan cleanup. However VFS does not purge dirty inode pages without SB_ACTIVE flag for many years already. So just remove the hack with setting SB_ACTIVE flag from ext4_orphan_cleanup(). Signed-off-by: Zhang Yi <yi.zhang@...wei.com> Tested-by: Jan Kara <jack@...e.cz> Reviewed-by: Jan Kara <jack@...e.cz> --- Changes since v1: - Rephrase the changelog as Jan suggested. fs/ext4/super.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index b9693680463a..2a33c53b57d8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3023,9 +3023,6 @@ static void ext4_orphan_cleanup(struct super_block *sb, sb->s_flags &= ~SB_RDONLY; } #ifdef CONFIG_QUOTA - /* Needed for iput() to work correctly and not trash data */ - sb->s_flags |= SB_ACTIVE; - /* * Turn on quotas which were not enabled for read-only mounts if * filesystem has quota feature, so that they are updated correctly. -- 2.25.4
Powered by blists - more mailing lists