| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Sep 2022 16:36:26 +0200
From: Jan Kara <jack@...e.cz>
To: Ye Bin <yebin10@...wei.com>
Cc: tytso@....edu, adilger.kernel@...ger.ca,
linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
jack@...e.cz
Subject: Re: [PATCH -next 1/2] jbd2: fix potential buffer head reference
count leak
On Wed 14-09-22 18:08:11, Ye Bin wrote:
> As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without
> update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head
> from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to
> buffer head buffer head reference count leak.
> To solve above issue, update 'journal->j_fc_off' before return -EIO.
>
> Signed-off-by: Ye Bin <yebin10@...wei.com>
Looks good. Feel free to add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
> ---
> fs/jbd2/journal.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
> index 140b070471c0..1c833d8cb0fe 100644
> --- a/fs/jbd2/journal.c
> +++ b/fs/jbd2/journal.c
> @@ -925,8 +925,14 @@ int jbd2_fc_wait_bufs(journal_t *journal, int num_blks)
> wait_on_buffer(bh);
> put_bh(bh);
> journal->j_fc_wbuf[i] = NULL;
> - if (unlikely(!buffer_uptodate(bh)))
> + /*
> + * Update j_fc_off so jbd2_fc_release_bufs can release remain
> + * buffer head.
> + */
> + if (unlikely(!buffer_uptodate(bh))) {
> + journal->j_fc_off = i;
> return -EIO;
> + }
> }
>
> return 0;
> --
> 2.31.1
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists