lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250322142134.35325-1-purvayeshi550@gmail.com>
Date: Sat, 22 Mar 2025 19:51:34 +0530
From: Purva Yeshi <purvayeshi550@...il.com>
To: Dave Kleikamp <shaggy@...nel.org>,
	Al Viro <viro@...iv.linux.org.uk>
Cc: jfs-discussion@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org,
	Purva Yeshi <purvayeshi550@...il.com>,
	syzbot+219127d0a3bce650e1b6@...kaller.appspotmail.com
Subject: [PATCH] fs: jfs: Avoid sleeping function call in softirq

Bug detected by Syzbot:
BUG: sleeping function called from invalid context in jfs_fsync

Fix jfs_fsync() to avoid sleeping in softirq/atomic, preventing crash.
Skip execution in softirq/atomic and return -EWOULDBLOCK to prevent issues.
Correct generic_file_fsync() call to pass the required arguments properly.

Reported-by: syzbot+219127d0a3bce650e1b6@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=219127d0a3bce650e1b6
Tested-by: syzbot+219127d0a3bce650e1b6@...kaller.appspotmail.com
Fixes: 5955102c9984 ("wrappers for ->i_mutex access")
Signed-off-by: Purva Yeshi <purvayeshi550@...il.com>
---
 fs/jfs/file.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 93a3e7a45b0f..fc93376eb1e6 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -19,25 +19,17 @@
 int jfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
 {
 	struct inode *inode = file->f_mapping->host;
-	int rc = 0;
 
-	rc = file_write_and_wait_range(file, start, end);
-	if (rc)
-		return rc;
-
-	inode_lock(inode);
-	if (!(inode->i_state & I_DIRTY_ALL) ||
-		(datasync && !(inode->i_state & I_DIRTY_DATASYNC))) {
-		/* Make sure committed changes hit the disk */
-		jfs_flush_journal(JFS_SBI(inode->i_sb)->log, 1);
-		inode_unlock(inode);
-		return rc;
+	if (in_softirq() || in_atomic()) {
+		pr_warn("jfs_fsync() called in softirq/atomic context, skipping execution.\n");
+		return -EWOULDBLOCK;
 	}
 
-	rc |= jfs_commit_inode(inode, 1);
+	inode_lock(inode);
+	generic_file_fsync(file, start, end, datasync);
 	inode_unlock(inode);
 
-	return rc ? -EIO : 0;
+	return 0;
 }
 
 static int jfs_open(struct inode *inode, struct file *file)
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ