| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Mar 2023 11:42:34 +0100
From: Jan Kara <jack@...e.cz>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Dan Carpenter <error27@...il.com>, jack@...e.cz,
linux-ext4@...r.kernel.org
Subject: Re: [bug report] ext4: Fix possible corruption when moving a
directory
On Tue 07-03-23 19:18:47, Eric Biggers wrote:
> On Tue, Mar 07, 2023 at 06:56:28PM +0300, Dan Carpenter wrote:
> > Hello Jan Kara,
> >
> > The patch 0813299c586b: "ext4: Fix possible corruption when moving a
> > directory" from Jan 26, 2023, leads to the following Smatch static
> > checker warning:
> >
> > fs/ext4/namei.c:4017 ext4_rename()
> > error: double unlocked '&old.inode->i_rwsem' (orig line 3882)
> >
> [...]
> > 3875 /*
> > 3876 * We need to protect against old.inode directory getting
> > 3877 * converted from inline directory format into a normal one.
> > 3878 */
> > 3879 inode_lock_nested(old.inode, I_MUTEX_NONDIR2);
> > 3880 retval = ext4_rename_dir_prepare(handle, &old);
> > 3881 if (retval) {
> > 3882 inode_unlock(old.inode);
> >
> > The issue here is that ext4_rename_dir_prepare() sets old.dir_bh and
> > then returns -EFSCORRUPTED. It results in an unlock here and then again
> > after the goto.
>
> That analysis looks correct. FYI, I think this is the same as the syzbot report
> "[ext4?] WARNING: bad unlock balance in ext4_rename2"
> (https://lore.kernel.org/linux-ext4/000000000000435c6905f639ae8e@google.com).
Good spotting! This should be fixed (along with the lock ordering problem)
by 3c92792da8506 ("ext4: Fix deadlock during directory rename") Ted has
just merged couple hours ago.
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists