lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 31 Mar 2021 20:09:10 +0800
From:   Zhang Yi <yi.zhang@...wei.com>
To:     <linux-ext4@...r.kernel.org>
CC:     <tytso@....edu>, <adilger.kernel@...ger.ca>, <jack@...e.cz>,
        <yi.zhang@...wei.com>
Subject: [PATCH v2] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()

When CONFIG_QUOTA is enabled and if we later fail to finish mounting the
filesystem due to some error after ext4_orphan_cleanup(), we may hit use
after free issues. The problem is that ext4_orphan_cleanup() sets
SB_ACTIVE flag and so inodes processed during the orphan cleanup are put
to the superblock's LRU list instead of being immediately destroyed.
However the path handling error recovery after failed ->fill_super()
call does not destroy inodes attached to the superblock and so they are
left active in memory while the superblock is freed.

Originally, SB_ACTIVE setting was added so that updated quota
information is not destroyed when we drop quota inode references after
orphan cleanup. However VFS does not purge dirty inode pages without
SB_ACTIVE flag for many years already. So just remove the hack with
setting SB_ACTIVE flag from ext4_orphan_cleanup().

Signed-off-by: Zhang Yi <yi.zhang@...wei.com>
Tested-by: Jan Kara <jack@...e.cz>
Reviewed-by: Jan Kara <jack@...e.cz>
---
Changes since v1:
 - Rephrase the changelog as Jan suggested.

 fs/ext4/super.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index b9693680463a..2a33c53b57d8 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3023,9 +3023,6 @@ static void ext4_orphan_cleanup(struct super_block *sb,
 		sb->s_flags &= ~SB_RDONLY;
 	}
 #ifdef CONFIG_QUOTA
-	/* Needed for iput() to work correctly and not trash data */
-	sb->s_flags |= SB_ACTIVE;
-
 	/*
 	 * Turn on quotas which were not enabled for read-only mounts if
 	 * filesystem has quota feature, so that they are updated correctly.
-- 
2.25.4

Powered by blists - more mailing lists