[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHB1NajJsvZgF5AdpaaZbnbBYt4L=Atcymag3aqTknLL0PeGTQ@mail.gmail.com>
Date: Mon, 19 Aug 2024 22:43:32 +0800
From: Julian Sun <sunjunchao2870@...il.com>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+05b9b39d8bdfe1a0861f@...kaller.appspotmail.com, jack@...e.com,
jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org, mark@...heh.com, ocfs2-devel@...ts.linux.dev,
syzkaller-bugs@...glegroups.com, tytso@....edu
Subject: Re: [PATCH] ocfs2: Fix null-ptr-deref in jbd2_journal_update_sb_log_tail
Well,In my modest opinion, j_sb_buffer is an internal variable of
jbd2. Directly accessing internal variables from other modules can
degrade the maintainability of the code (for instance, this variable
might be removed at some point in the future). I have just sent
another patch to address this issue [1].
[1]: https://lore.kernel.org/ocfs2-devel/20240819131120.746077-1-sunjunchao2870@gmail.com/
Edward Adam Davis <eadavis@...com> 于2024年8月19日周一 21:41写道:
>
> Journal too short will cause ocfs2_check_volume failed, and will set
> journal->j_sb_buffer to NULL in journal_fail_superblock before running
> journal shutdown.
>
> Reported-and-tested-by: syzbot+05b9b39d8bdfe1a0861f@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=05b9b39d8bdfe1a0861f
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
> fs/ocfs2/journal.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
> index 530fba34f6d3..25821077b855 100644
> --- a/fs/ocfs2/journal.c
> +++ b/fs/ocfs2/journal.c
> @@ -1077,9 +1077,11 @@ void ocfs2_journal_shutdown(struct ocfs2_super *osb)
> BUG_ON(atomic_read(&(osb->journal->j_num_trans)) != 0);
>
> if (ocfs2_mount_local(osb)) {
> - jbd2_journal_lock_updates(journal->j_journal);
> - status = jbd2_journal_flush(journal->j_journal, 0);
> - jbd2_journal_unlock_updates(journal->j_journal);
> + if (journal->j_journal->j_sb_buffer) {
> + jbd2_journal_lock_updates(journal->j_journal);
> + status = jbd2_journal_flush(journal->j_journal, 0);
> + jbd2_journal_unlock_updates(journal->j_journal);
> + }
> if (status < 0)
> mlog_errno(status);
> }
> --
> 2.43.0
>
>
Thanks,
--
Julian Sun <sunjunchao2870@...il.com>
Powered by blists - more mailing lists