| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Dec 2021 20:12:47 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Lukas Czerner <lczerner@...hat.com>
Cc: linux-ext4@...r.kernel.org, kernel test robot <lkp@...el.com>
Subject: Re: [tytso-ext4:dev] BUILD REGRESSION
cc5fef71a1c741473eebb1aa6f7056ceb49bc33d
On Sat, Dec 25, 2021 at 11:27:04PM +0800, kernel test robot wrote:
> tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
> branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d ext4: replace snprintf in show functions with sysfs_emit
>
> Error/Warning reports:
>
> https://lore.kernel.org/linux-ext4/202112101722.3Kpomg0h-lkp@intel.com
>
> possible Error/Warning in current branch (please contact us if interested):
>
> fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639
The Intel test robot mis-identified the commit which introduced this
problem (it looks like the first commit with the problem is commit
e6e268cb6822 ("ext4: move quota configuration out of
handle_mount_opt()"), but it caused me to take a closer look, and this
looks... wrong.
>From ext4_apply_quota_options() in fs/extr4/super.c:
qname = ctx->s_qf_names[i]; /* May be NULL */
ctx->s_qf_names[i] = NULL;
kfree(sbi->s_qf_names[i]);
rcu_assign_pointer(sbi->s_qf_names[i], qname);
set_opt(sb, QUOTA);
sbi->s_qf_names[i] is an RCU protected pointer, which is used via
rcu_derference(). So how can it be safe to kfree() the pointer;
should that be kfree_rcu() at the very least?
Lukas, can you take a look and let me know? Thanks!
- Ted
Powered by blists - more mailing lists