| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZAeOFzbhCNvskQ6b@gmail.com>
Date: Tue, 7 Mar 2023 19:18:47 +0000
From: Eric Biggers <ebiggers@...nel.org>
To: Dan Carpenter <error27@...il.com>
Cc: jack@...e.cz, linux-ext4@...r.kernel.org
Subject: Re: [bug report] ext4: Fix possible corruption when moving a
directory
On Tue, Mar 07, 2023 at 06:56:28PM +0300, Dan Carpenter wrote:
> Hello Jan Kara,
>
> The patch 0813299c586b: "ext4: Fix possible corruption when moving a
> directory" from Jan 26, 2023, leads to the following Smatch static
> checker warning:
>
> fs/ext4/namei.c:4017 ext4_rename()
> error: double unlocked '&old.inode->i_rwsem' (orig line 3882)
>
[...]
> 3875 /*
> 3876 * We need to protect against old.inode directory getting
> 3877 * converted from inline directory format into a normal one.
> 3878 */
> 3879 inode_lock_nested(old.inode, I_MUTEX_NONDIR2);
> 3880 retval = ext4_rename_dir_prepare(handle, &old);
> 3881 if (retval) {
> 3882 inode_unlock(old.inode);
>
> The issue here is that ext4_rename_dir_prepare() sets old.dir_bh and
> then returns -EFSCORRUPTED. It results in an unlock here and then again
> after the goto.
That analysis looks correct. FYI, I think this is the same as the syzbot report
"[ext4?] WARNING: bad unlock balance in ext4_rename2"
(https://lore.kernel.org/linux-ext4/000000000000435c6905f639ae8e@google.com).
- Eric
Powered by blists - more mailing lists