| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221110205436.GJ5824@twin.jikos.cz>
Date: Thu, 10 Nov 2022 21:54:36 +0100
From: David Sterba <dsterba@...e.cz>
To: ChenXiaoSong <chenxiaosong2@...wei.com>
Cc: clm@...com, josef@...icpanda.com, dsterba@...e.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
yi.zhang@...wei.com, zhangxiaoxu5@...wei.com
Subject: Re: [PATCH] btrfs: qgroup: fix sleep from invalid context bug in
update_qgroup_limit_item()
On Thu, Nov 10, 2022 at 10:13:42PM +0800, ChenXiaoSong wrote:
> Syzkaller reported BUG as follows:
>
> BUG: sleeping function called from invalid context at
> include/linux/sched/mm.h:274
> Call Trace:
> <TASK>
> dump_stack_lvl+0xcd/0x134
> __might_resched.cold+0x222/0x26b
> kmem_cache_alloc+0x2e7/0x3c0
> update_qgroup_limit_item+0xe1/0x390
> btrfs_qgroup_inherit+0x147b/0x1ee0
> create_subvol+0x4eb/0x1710
> btrfs_mksubvol+0xfe5/0x13f0
> __btrfs_ioctl_snap_create+0x2b0/0x430
> btrfs_ioctl_snap_create_v2+0x25a/0x520
> btrfs_ioctl+0x2a1c/0x5ce0
> __x64_sys_ioctl+0x193/0x200
> do_syscall_64+0x35/0x80
>
> Fix this by introducing __update_qgroup_limit_item() helper, allocate
> memory outside of the spin lock.
>
> Signed-off-by: ChenXiaoSong <chenxiaosong2@...wei.com>
Added to misc-next, thanks.
> + path = btrfs_alloc_path();
btrfs_alloc_path uses fixed GFP_NOFS flags for kmem_cache_alloc but that
does not try to detect if it could sleep or not.
Powered by blists - more mailing lists