lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Aug 2007 11:22:56 -0400
From:	Josef Bacik <jbacik@...hat.com>
To:	linux-ext4@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH] fix panic in jbd by adding locks

Hello,

It is possible to panic the box by a race condition that exists in the
journalling code where we do not take the j_revoke_lock when traversing the
journal's revoked record list.  This patch has been tested and we haven't seen
the issue yet, its a rather straightforward and correct (at least I think so :)
fix.  Thank you,

Signed-off-by: Josef Bacik <jbacik@...hat.com>


diff --git a/fs/jbd/revoke.c b/fs/jbd/revoke.c
index 62e13c8..317f598 100644
--- a/fs/jbd/revoke.c
+++ b/fs/jbd/revoke.c
@@ -518,6 +518,7 @@ void journal_write_revoke_records(journal_t *journal,
 	for (i = 0; i < revoke->hash_size; i++) {
 		hash_list = &revoke->hash_table[i];
 
+		spin_lock(&journal->j_revoke_lock);
 		while (!list_empty(hash_list)) {
 			record = (struct jbd_revoke_record_s *)
 				hash_list->next;
@@ -528,6 +529,7 @@ void journal_write_revoke_records(journal_t *journal,
 			list_del(&record->hash);
 			kmem_cache_free(revoke_record_cache, record);
 		}
+		spin_unlock(&journal->j_revoke_lock);
 	}
 	if (descriptor)
 		flush_descriptor(journal, descriptor, offset);
@@ -694,10 +696,12 @@ void journal_clear_revoke(journal_t *journal)
 
 	for (i = 0; i < revoke->hash_size; i++) {
 		hash_list = &revoke->hash_table[i];
+		spin_lock(&journal->j_revoke_lock);
 		while (!list_empty(hash_list)) {
 			record = (struct jbd_revoke_record_s*) hash_list->next;
 			list_del(&record->hash);
 			kmem_cache_free(revoke_record_cache, record);
 		}
+		spin_unlock(&journal->j_revoke_lock);
 	}
 }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ