lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 27 Dec 2021 10:16:24 -0500
From:   "Theodore Ts'o" <>
To:, Zhang Yi <>
Cc:     "Theodore Ts'o" <>,,,
Subject: Re: [PATCH] ext4: fix an use-after-free issue about data=journal writeback mode

On Sat, 25 Dec 2021 17:09:37 +0800, Zhang Yi wrote:
> Our syzkaller report an use-after-free issue that accessing the freed
> buffer_head on the writeback page in __ext4_journalled_writepage(). The
> problem is that if there was a truncate racing with the data=journalled
> writeback procedure, the writeback length could become zero and
> bget_one() refuse to get buffer_head's refcount, then the truncate
> procedure release buffer once we drop page lock, finally, the last
> ext4_walk_page_buffers() trigger the use-after-free problem.
> [...]

Nice catch.   Applied, thanks!

[1/1] ext4: fix an use-after-free issue about data=journal writeback mode
      commit: 856dd2096e2a01f6eb2c9d60f6e0cd587aa273a8

Best regards,
Theodore Ts'o <>

Powered by blists - more mailing lists