lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 26 Dec 2021 20:12:47 -0500
From:   "Theodore Ts'o" <>
To:     Lukas Czerner <>
Cc:, kernel test robot <>
Subject: Re: [tytso-ext4:dev] BUILD REGRESSION

On Sat, Dec 25, 2021 at 11:27:04PM +0800, kernel test robot wrote:
> tree/branch: dev
> branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d  ext4: replace snprintf in show functions with sysfs_emit
> Error/Warning reports:
> possible Error/Warning in current branch (please contact us if interested):
> fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639

The Intel test robot mis-identified the commit which introduced this
problem (it looks like the first commit with the problem is commit
e6e268cb6822 ("ext4: move quota configuration out of
handle_mount_opt()"), but it caused me to take a closer look, and this
looks... wrong.

>From ext4_apply_quota_options() in fs/extr4/super.c:

			qname = ctx->s_qf_names[i]; /* May be NULL */
			ctx->s_qf_names[i] = NULL;
			rcu_assign_pointer(sbi->s_qf_names[i], qname);
			set_opt(sb, QUOTA);

sbi->s_qf_names[i] is an RCU protected pointer, which is used via
rcu_derference().  So how can it be safe to kfree() the pointer;
should that be kfree_rcu() at the very least?

Lukas, can you take a look and let me know?   Thanks!

       	       	      	       	      - Ted

Powered by blists - more mailing lists