| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190220102133.7878-3-houtao1@huawei.com>
Date: Wed, 20 Feb 2019 18:21:33 +0800
From: Hou Tao <houtao1@...wei.com>
To: <linux-mtd@...ts.infradead.org>
CC: David Woodhouse <dwmw2@...radead.org>,
Richard Weinberger <richard@....at>,
<linux-kernel@...r.kernel.org>, <houtao1@...wei.com>
Subject: [PATCH 2/2] jffs2: handle INO_STATE_CLEARING in jffs2_do_read_inode()
For inode that fails to be created midway, GC procedure may
try to GC its dnode, and in the following case BUG() will be
triggered:
CPU 0 CPU 1
in jffs2_do_create() in jffs2_garbage_collect_pass()
jffs2_write_dnode succeed
// for dirent
jffs2_reserve_space fail
inum = ic->ino
nlink = ic->pino_nlink (> 0)
iget_failed
make_bad_inode
remove_inode_hash
iput
jffs2_evict_inode
jffs2_do_clear_inode
jffs2_set_inocache_state(INO_STATE_CLEARING)
jffs2_gc_fetch_inode
jffs2_iget
// a new inode is created because
// the old inode had been unhashed
iget_locked
jffs2_do_read_inode
jffs2_get_ino_cache
// assert BUG()
f->inocache->state = INO_STATE_CLEARING
Fix it by waiting for its state changes to INO_STATE_CHECKEDABSENT.
Fixes: 67e345d17ff8 ("[JFFS2] Prevent ino cache removal for inodes in use")
Cc: stable@...r.kernel.org
Signed-off-by: Hou Tao <houtao1@...wei.com>
---
fs/jffs2/readinode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 389ea53ea487..0bae0583106e 100644
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -1328,6 +1328,7 @@ int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
case INO_STATE_CHECKING:
case INO_STATE_GC:
+ case INO_STATE_CLEARING:
/* If it's in either of these states, we need
to wait for whoever's got it to finish and
put it back. */
--
2.16.2.dirty
Powered by blists - more mailing lists