lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Nov 2020 14:04:46 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Bob Peterson <rpeterso@...hat.com>, Andreas Gruenbacher <agruenba@...hat.com>, Sasha Levin <sashal@...nel.org> Subject: [PATCH 5.4 056/151] gfs2: Add missing truncate_inode_pages_final for sd_aspace From: Bob Peterson <rpeterso@...hat.com> [ Upstream commit a9dd945ccef07a904e412f208f8de708a3d7159e ] Gfs2 creates an address space for its rgrps called sd_aspace, but it never called truncate_inode_pages_final on it. This confused vfs greatly which tried to reference the address space after gfs2 had freed the superblock that contained it. This patch adds a call to truncate_inode_pages_final for sd_aspace, thus avoiding the use-after-free. Signed-off-by: Bob Peterson <rpeterso@...hat.com> Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- fs/gfs2/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c index 5935ce5ae5636..50c925d9c6103 100644 --- a/fs/gfs2/super.c +++ b/fs/gfs2/super.c @@ -689,6 +689,7 @@ restart: gfs2_jindex_free(sdp); /* Take apart glock structures and buffer lists */ gfs2_gl_hash_clear(sdp); + truncate_inode_pages_final(&sdp->sd_aspace); gfs2_delete_debugfs_file(sdp); /* Unmount the locking protocol */ gfs2_lm_unmount(sdp); -- 2.27.0
Powered by blists - more mailing lists