| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200628070057.820213-1-ebiggers@kernel.org>
Date: Sun, 28 Jun 2020 00:00:57 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: reiserfs-devel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
syzbot+187510916eb6a14598f7@...kaller.appspotmail.com
Subject: [PATCH] reiserfs: only call unlock_new_inode() if I_NEW
From: Eric Biggers <ebiggers@...gle.com>
unlock_new_inode() is only meant to be called after a new inode has
already been inserted into the hash table. But reiserfs_new_inode() can
call it even before it has inserted the inode, triggering the WARNING in
unlock_new_inode(). Fix this by only calling unlock_new_inode() if the
inode has the I_NEW flag set, indicating that it's in the table.
This addresses the syzbot report "WARNING in unlock_new_inode"
(https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7).
Reported-by: syzbot+187510916eb6a14598f7@...kaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
fs/reiserfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index 1509775da040..e3af44c61524 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -2163,7 +2163,8 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th,
out_inserted_sd:
clear_nlink(inode);
th->t_trans_id = 0; /* so the caller can't use this handle later */
- unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
+ if (inode->i_state & I_NEW)
+ unlock_new_inode(inode);
iput(inode);
return err;
}
--
2.27.0
Powered by blists - more mailing lists