lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 10 Jun 2021 19:24:32 +0800
From:   Zhang Yi <>
To:     <>, <>,
        <>, <>
CC:     <>, <>,
        <>, <>
Subject: [RFC PATCH v4 0/8] ext4, jbd2: fix 3 issues about bdev_try_to_free_page()

This patchset fix a potential filesystem inconsistency problem and two
use-after-free problems about bdev_try_to_free_page().

Patch 1-4: Fix a potential filesystem inconsistency problem caused by
           freeing buffers and doing umount concurrently, and also do
           some cleanup.
Patch 5-8: Add a shrinker to release journal_head of checkpoint buffers
           and remove the buggy bdev_try_to_free_page() at all.

Changes since v3:
 - Patch 2: Fix one spelling mistake.
 - Patch 3: Drop unnecessary 'result' check codes.
 - Patch 5, declare static for jbd2_journal_shrink_[scan|count](),
   and use percpu_counter_read_positive() to calculate the number of
   shrinkable journal heads.
 - Add 'Reviewed-by' tag from Jan besides the fifth patch.

Hi Jan,
I modify the fifth patch as Dave suggested, please give a look at this
patch again.



Changes since v2:
 - Fix some comments and spelling mistakes on patch 2 and 3.
 - Give up the solution of add refcount on super_block and fix the
   use-after-free issue in bdev_try_to_free_page(), switch to introduce
   a shrinker to free checkpoint buffers' journal_head and remove the
   whole callback at all.

Changes since v1:
 - Do not use j_checkpoint_mutex to fix the filesystem inconsistency
   problem, introduce a new mark instead.
 - Fix superblock use-after-free issue in blkdev_releasepage().
 - Avoid race between bdev_try_to_free_page() and ext4_put_super().

Zhang Yi (8):
  jbd2: remove the out label in __jbd2_journal_remove_checkpoint()
  jbd2: ensure abort the journal if detect IO error when writing
    original buffer back
  jbd2: don't abort the journal when freeing buffers
  jbd2: remove redundant buffer io error checks
  jbd2,ext4: add a shrinker to release checkpointed buffers
  jbd2: simplify journal_clean_one_cp_list()
  ext4: remove bdev_try_to_free_page() callback
  fs: remove bdev_try_to_free_page callback

 fs/block_dev.c              |  15 ---
 fs/ext4/super.c             |  29 ++---
 fs/jbd2/checkpoint.c        | 206 +++++++++++++++++++++++++++++-------
 fs/jbd2/journal.c           | 101 ++++++++++++++++++
 fs/jbd2/transaction.c       |  17 ---
 include/linux/fs.h          |   1 -
 include/linux/jbd2.h        |  37 +++++++
 include/trace/events/jbd2.h | 101 ++++++++++++++++++
 8 files changed, 414 insertions(+), 93 deletions(-)


Powered by blists - more mailing lists