| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f7dbbe6c-3341-4709-868c-9e8fabdb9af6@huawei.com>
Date: Mon, 31 Mar 2025 09:51:54 +0800
From: Baokun Li <libaokun1@...wei.com>
To: Penglei Jiang <superman.xpt@...il.com>
CC: <tytso@....edu>, <adilger.kernel@...ger.ca>, <linux-ext4@...r.kernel.org>,
<linux-kernel@...r.kernel.or>,
<syzbot+d14b2bea87fe2aaffa3b@...kaller.appspotmail.com>, Yang Erkun
<yangerkun@...wei.com>
Subject: Re: [PATCH] ext4: Fix the issue of missing lock in ext4_page_mkwrite
Hi Penglei,
On 2025/3/30 15:55, Penglei Jiang wrote:
> In ext4_page_mkwrite, it calls ext4_convert_inline_data, but it does
> not use inode_lock to hold i_rwsem.
>
> Fixes: 7b4cc9787fe35 ("ext4: evict inline data when writing to memory map")
> Reported-by: syzbot+d14b2bea87fe2aaffa3b@...kaller.appspotmail.com
> Closes: https://lore.kernel.org/all/67e57c6c.050a0220.2f068f.0037.GAE@google.com
> Signed-off-by: Penglei Jiang <superman.xpt@...il.com>
> ---
> fs/ext4/inode.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index bcb96caf77c0..4e726c86377a 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -6203,6 +6203,8 @@ vm_fault_t ext4_page_mkwrite(struct vm_fault *vmf)
> sb_start_pagefault(inode->i_sb);
> file_update_time(vma->vm_file);
>
> + inode_lock(inode);
> +
> filemap_invalidate_lock_shared(mapping);
>
> err = ext4_convert_inline_data(inode);
We cannot directly add inode_lock here, otherwise it may cause ABBA
deadlock. The inline data conversion here does lack inode_lock, but
there is no good way to fix it now. For details, please see:
https://lore.kernel.org/all/d704ce55-321a-9c1d-1f8b-3360a0fdf978@huawei.com/
> @@ -6308,6 +6310,7 @@ vm_fault_t ext4_page_mkwrite(struct vm_fault *vmf)
> ret = vmf_fs_error(err);
> out:
> filemap_invalidate_unlock_shared(mapping);
> + inode_unlock(inode);
> sb_end_pagefault(inode->i_sb);
> return ret;
> out_error:
Powered by blists - more mailing lists