lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Sep 2022 16:36:26 +0200 From: Jan Kara <jack@...e.cz> To: Ye Bin <yebin10@...wei.com> Cc: tytso@....edu, adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, jack@...e.cz Subject: Re: [PATCH -next 1/2] jbd2: fix potential buffer head reference count leak On Wed 14-09-22 18:08:11, Ye Bin wrote: > As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without > update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head > from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to > buffer head buffer head reference count leak. > To solve above issue, update 'journal->j_fc_off' before return -EIO. > > Signed-off-by: Ye Bin <yebin10@...wei.com> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@...e.cz> Honza > --- > fs/jbd2/journal.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c > index 140b070471c0..1c833d8cb0fe 100644 > --- a/fs/jbd2/journal.c > +++ b/fs/jbd2/journal.c > @@ -925,8 +925,14 @@ int jbd2_fc_wait_bufs(journal_t *journal, int num_blks) > wait_on_buffer(bh); > put_bh(bh); > journal->j_fc_wbuf[i] = NULL; > - if (unlikely(!buffer_uptodate(bh))) > + /* > + * Update j_fc_off so jbd2_fc_release_bufs can release remain > + * buffer head. > + */ > + if (unlikely(!buffer_uptodate(bh))) { > + journal->j_fc_off = i; > return -EIO; > + } > } > > return 0; > -- > 2.31.1 > -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists