lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Apr 2022 15:24:51 +0530 From: Ritesh Harjani <ritesh.list@...il.com> To: anserper@...ru Cc: linux-ext4@...r.kernel.org, Andrew Perepechko <andrew.perepechko@....com> Subject: Re: [PATCH v3] ext4: truncate during setxattr leads to kernel panic On 22/04/02 11:40AM, anserper@...ru wrote: > From: Andrew Perepechko <andrew.perepechko@....com> > > When changing a large xattr value to a different large xattr value, > the old xattr inode is freed. Truncate during the final iput causes > current transaction restart. Eventually, parent inode bh is marked > dirty and kernel panic happens when jbd2 figures out that this bh > belongs to the committed transaction. > > A possible fix is to call this final iput in a separate thread. > This way, setxattr transactions will never be split into two. > Since the setxattr code adds xattr inodes with nlink=0 into the > orphan list, old xattr inodes will be properly cleaned up in > any case. Ok, I think there is a lot happening in above description. I think part of the problem I am unable to understand it easily is because I haven't spend much time with xattr code. But I think below 2 requests will be good to have - 1. Do we have the call stack for this problem handy. I think it will be good to mention it in the commit message itself. It is sometimes easy to look at the call stack if someone else encounters a similar problem. That also gives more idea about where the problem is occuring. 2. Do we have a easy reproducer for this problem? I think it will be a good addition to fstests given that this adds another context in calling iput on old_ea_inode. > > Signed-off-by: Andrew Perepechko <andrew.perepechko@....com> > HPE-bug-id: LUS-10534 ^^^ I think above can be dropped. Any fixes tag instead? -ritesh
Powered by blists - more mailing lists