iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Joseph Qi 0550ad8771 ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() 
commit 58f7e1e2c9e72c7974054c64c3abeac81c11f822 upstream.

bdev->bd_super has been removed and commit 8887b94d9322 change the usage
from bdev->bd_super to b_assoc_map->host->i_sb.  This introduces the
following NULL pointer dereference in ocfs2_journal_dirty() since
b_assoc_map is still not initialized.  This can be easily reproduced by
running xfstests generic/186, which simulate no more credits.

[  134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000
...
[  134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
...
[  134.365071] Call Trace:
[  134.365312]  <TASK>
[  134.365524]  ? __die_body+0x1e/0x60
[  134.365868]  ? page_fault_oops+0x13d/0x4f0
[  134.366265]  ? __pfx_bit_wait_io+0x10/0x10
[  134.366659]  ? schedule+0x27/0xb0
[  134.366981]  ? exc_page_fault+0x6a/0x140
[  134.367356]  ? asm_exc_page_fault+0x26/0x30
[  134.367762]  ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2]
[  134.368305]  ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2]
[  134.368837]  ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2]
[  134.369454]  ocfs2_grow_tree+0x688/0x8a0 [ocfs2]
[  134.369927]  ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2]
[  134.370521]  ocfs2_split_extent+0x314/0x4d0 [ocfs2]
[  134.371019]  ocfs2_change_extent_flag+0x174/0x410 [ocfs2]
[  134.371566]  ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2]
[  134.372117]  ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2]
[  134.372994]  ? inode_update_timestamps+0x4a/0x120
[  134.373692]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
[  134.374545]  ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2]
[  134.375393]  ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2]
[  134.376197]  ocfs2_remap_file_range+0x1de/0x390 [ocfs2]
[  134.376971]  ? security_file_permission+0x29/0x50
[  134.377644]  vfs_clone_file_range+0xfe/0x320
[  134.378268]  ioctl_file_clone+0x45/0xa0
[  134.378853]  do_vfs_ioctl+0x457/0x990
[  134.379422]  __x64_sys_ioctl+0x6e/0xd0
[  134.379987]  do_syscall_64+0x5d/0x170
[  134.380550]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  134.381231] RIP: 0033:0x7fa4926397cb
[  134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48
[  134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb
[  134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003
[  134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000
[  134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000
[  134.389207]  </TASK>

Fix it by only aborting transaction and journal in ocfs2_journal_dirty()
now, and leave ocfs2_abort() later when detecting an aborted handle,
e.g. start next transaction. Also log the handle details in this case.

Link: https://lkml.kernel.org/r/20240530110630.3933832-1-joseph.qi@linux.alibaba.com
Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging")
Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reviewed-by: Heming Zhao <heming.zhao@suse.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>	[6.6+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-27 13:49:12 +02:00
..
9p
9p: add missing locking around taking dentry fid list
2024-06-16 13:47:37 +02:00
adfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
affs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
afs
afs: Don't cross .backup mountpoint from backup volume
2024-06-16 13:47:30 +02:00
autofs
v6.6-vfs.autofs
2023-08-28 11:39:14 -07:00
befs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
bfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
btrfs
btrfs: retry block group reclaim without infinite loop
2024-06-27 13:49:11 +02:00
cachefiles
cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode
2024-06-21 14:38:47 +02:00
ceph
ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE
2024-04-27 17:11:29 +02:00
coda
v6.6-vfs.ctime
2023-08-28 09:31:32 -07:00
configfs
configfs: convert to ctime accessor functions
2023-07-13 10:28:05 +02:00
cramfs
v6.6-vfs.super
2023-08-28 11:04:18 -07:00
crypto
debugfs
debugfs: fix automount d_fsdata usage
2024-01-20 11:51:37 +01:00
devpts
v6.6-vfs.misc
2023-08-28 10:17:14 -07:00
dlm
dlm: fix user space lock decision to copy lvb
2024-06-12 11:11:38 +02:00
ecryptfs
ecryptfs: Fix buffer size for tag 66 packet
2024-06-12 11:11:31 +02:00
efivarfs
efivarfs: Request at most 512 bytes for variable names
2024-03-06 14:48:41 +00:00
efs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
erofs
erofs: avoid allocating DEFLATE streams before mounting
2024-06-16 13:47:31 +02:00
exfat
exfat: support handle zero-size directory
2023-11-28 17:19:44 +00:00
exportfs
exportfs: remove kernel-doc warnings in exportfs
2023-08-29 17:45:22 -04:00
ext2
quota: Properly annotate i_dquot arrays with __rcu
2024-03-26 18:19:46 -04:00
ext4
ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()
2024-06-27 13:49:10 +02:00
f2fs
f2fs: don't set RO when shutting down f2fs
2024-06-27 13:49:04 +02:00
fat
fat: fix uninitialized field in nostale filehandles
2024-04-03 15:28:20 +02:00
freevxfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
fscache
netfs, fscache: Prevent Oops in fscache_put_cache()
2024-01-31 16:19:01 -08:00
fuse
fuse: fix leaked ENOSYS error on first statx call
2024-04-27 17:11:42 +02:00
gfs2
kthread: add kthread_stop_put
2024-06-12 11:12:52 +02:00
hfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
hfsplus
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
hostfs
hostfs: convert to ctime accessor functions
2023-07-24 10:30:00 +02:00
hpfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
hugetlbfs
mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
2024-02-23 09:25:16 +01:00
iomap
iomap: fault in smaller chunks for non-large folio mappings
2024-06-16 13:47:40 +02:00
isofs
isofs: handle CDs with bad root inode but good Joliet root directory
2024-04-13 13:07:34 +02:00
jbd2
jbd2: fix soft lockup in journal_finish_inode_data_buffers()
2024-01-20 11:51:43 +01:00
jffs2
jffs2: prevent xattr node from overflowing the eraseblock
2024-06-12 11:11:33 +02:00
jfs
jfs: xattr: fix buffer overflow for invalid xattr
2024-06-21 14:38:24 +02:00
kernfs
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
2024-04-13 13:07:38 +02:00
lockd
SUNRPC: Add enum svc_auth_status
2023-08-29 17:45:22 -04:00
minix
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
netfs
netfs: Only call folio_start_fscache() one time for each folio
2023-09-18 12:03:46 -07:00
nfs
NFS: add barriers when testing for NFS_FSDATA_BLOCKED
2024-06-21 14:38:29 +02:00
nfs_common
nfsd
knfsd: LOOKUP can return an illegal error value
2024-06-21 14:38:40 +02:00
nilfs2
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
2024-06-21 14:38:46 +02:00
nls
nls: Hide new NLS_UCS2_UTILS
2023-08-31 12:07:34 -05:00
notify
fanotify: limit reporting of event with non-decodeable file handles
2023-10-19 16:19:20 +02:00
ntfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
ntfs3
fs/ntfs3: Use variable length array instead of fixed size
2024-06-12 11:12:39 +02:00
ocfs2
ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty()
2024-06-27 13:49:12 +02:00
omfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
openpromfs
openpromfs: finish conversion to the new mount API
2024-06-12 11:11:30 +02:00
orangefs
Julia Lawall reported this null pointer dereference, this should fix it.
2024-04-13 13:07:35 +02:00
overlayfs
ovl: fix encoding fid for lower only root
2024-06-27 13:49:12 +02:00
proc
fs/proc: fix softlockup in __read_vmcore
2024-06-21 14:38:41 +02:00
pstore
pstore/zone: Add a null pointer check to the psz_kmsg_read
2024-04-13 13:07:31 +02:00
qnx4
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
qnx6
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
quota
quota: Properly annotate i_dquot arrays with __rcu
2024-03-26 18:19:46 -04:00
ramfs
ramfs: convert to ctime accessor functions
2023-07-24 10:30:04 +02:00
reiserfs
quota: Properly annotate i_dquot arrays with __rcu
2024-03-26 18:19:46 -04:00
romfs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
smb
cifs: fix typo in module parameter enable_gcm_256
2024-06-27 13:49:11 +02:00
squashfs
Squashfs: check the inode number is not the invalid value of zero
2024-05-02 16:32:41 +02:00
sysfs
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
2024-04-27 17:11:41 +02:00
sysv
sysv: don't call sb_bread() with pointers_lock held
2024-04-13 13:07:34 +02:00
tracefs
eventfs: Update all the eventfs_inodes from the events descriptor
2024-06-21 14:38:22 +02:00
ubifs
ubifs: Set page uptodate in the correct place
2024-04-03 15:28:20 +02:00
udf
udf: udftime: prevent overflow in udf_disk_stamp_to_time()
2024-06-27 13:49:04 +02:00
ufs
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
unicode
vboxsf
vboxsf: explicitly deny setlease attempts
2024-05-17 12:02:13 +02:00
verity
fsverity: use register_sysctl_init() to avoid kmemleak warning
2024-06-16 13:47:33 +02:00
xfs
xfs: allow cross-linking special files without project quota
2024-06-21 14:38:45 +02:00
zonefs
zonefs: Improve error handling
2024-02-23 09:25:13 +01:00
aio.c
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
2024-04-03 15:28:44 +02:00
anon_inodes.c
attr.c
v6.6-vfs.misc
2023-08-28 10:17:14 -07:00
bad_inode.c
fs: drop the timespec64 argument from update_time
2023-08-11 09:04:57 +02:00
binfmt_elf_fdpic.c
fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
2023-09-29 17:20:45 -07:00
binfmt_elf_test.c
binfmt_elf.c
Merge branch 'expand-stack'
2023-06-28 20:35:21 -07:00
binfmt_flat.c
binfmt_misc.c
fs: convert to ctime accessor functions
2023-07-13 10:28:04 +02:00
binfmt_script.c
buffer.c
iomap: add a workaround for racy i_size updates on block devices
2023-09-25 08:55:00 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c
v6.5/vfs.misc
2023-06-26 09:50:21 -07:00
d_path.c
dax.c
mm: convert DAX lock/unlock page to lock/unlock folio
2024-01-10 17:16:53 +01:00
dcache.c
fast_dput(): handle underflows gracefully
2024-02-05 20:14:26 +00:00
direct-io.c
- Yosry Ahmed brought back some cgroup v1 stats in OOM logs.
2023-06-28 10:28:11 -07:00
drop_caches.c
fs: drop_caches: draining pages before dropping caches
2023-08-18 10:12:11 -07:00
eventfd.c
eventfd: prevent underflow for eventfd semaphores
2023-07-11 11:41:34 +02:00
eventpoll.c
epoll: be better about file lifetimes
2024-06-12 11:11:30 +02:00
exec.c
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
2024-04-03 15:28:55 +02:00
fcntl.c
fs: Fix rw_hint validation
2024-03-26 18:19:17 -04:00
fhandle.c
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
2024-03-26 18:19:15 -04:00
file_table.c
fs: use __fput_sync in close(2)
2023-08-08 19:36:51 +02:00
file.c
v6.6-vfs.misc
2023-08-28 10:17:14 -07:00
filesystems.c
fs_context.c
fs: factor out vfs_parse_monolithic_sep() helper
2023-10-12 18:53:36 +03:00
fs_parser.c
fs_pin.c
fs_struct.c
kill do_each_thread()
2023-08-21 13:46:25 -07:00
fs_types.c
fs-writeback.c
fs/writeback: bail out if there is no more inodes for IO and queued once
2024-06-27 13:49:00 +02:00
fsopen.c
fs: add FSCONFIG_CMD_CREATE_EXCL
2023-08-14 18:48:02 +02:00
init.c
inode.c
filemap: add a per-mapping stable writes flag
2023-12-03 07:33:03 +01:00
internal.h
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
ioctl.c
lsm: new security_file_ioctl_compat() hook
2024-01-31 16:18:54 -08:00
Kconfig
for-6.6/block-2023-08-28
2023-08-29 20:21:42 -07:00
Kconfig.binfmt
riscv: support the elf-fdpic binfmt loader
2023-08-23 14:17:43 -07:00
kernel_read_file.c
fs: Fix kernel-doc warnings
2023-08-19 12:12:12 +02:00
libfs.c
fs: new accessor methods for atime and mtime
2024-01-05 15:19:40 +01:00
locks.c
NFSD 6.6 Release Notes
2023-08-31 15:32:18 -07:00
Makefile
fs: add CONFIG_BUFFER_HEAD
2023-08-02 09:13:09 -06:00
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c
rename(): fix the locking of subdirectories
2024-01-31 16:18:57 -08:00
namespace.c
fs: relax mount_setattr() permission checks
2024-02-23 09:25:15 +01:00
nsfs.c
fs: convert to ctime accessor functions
2023-07-13 10:28:04 +02:00
open.c
cred: get rid of CONFIG_DEBUG_CREDENTIALS
2023-12-20 17:01:51 +01:00
pipe.c
fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
2024-04-10 16:35:57 +02:00
pnode.c
pnode.h
posix_acl.c
fs: convert to ctime accessor functions
2023-07-13 10:28:04 +02:00
proc_namespace.c
read_write.c
fs: Fix one kernel-doc comment
2023-08-15 08:32:45 +02:00
readdir.c
vfs: get rid of old '->iterate' directory operation
2023-08-06 15:08:35 +02:00
remap_range.c
select.c
fs/select: rework stack allocation hack for clang
2024-03-26 18:19:17 -04:00
seq_file.c
signalfd.c
splice.c
- Some swap cleanups from Ma Wupeng ("fix WARN_ON in add_to_avail_list")
2023-08-29 14:25:26 -07:00
stack.c
fs: convert to ctime accessor functions
2023-07-13 10:28:04 +02:00
stat.c
fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
2023-12-03 07:33:03 +01:00
statfs.c
super.c
fs: export sget_dev()
2023-08-31 12:47:15 +02:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c
mm/userfaultfd: reset ptes when close() for wr-protected ones
2024-05-17 12:02:36 +02:00
utimes.c
xattr.c
tmpfs,xattr: GFP_KERNEL_ACCOUNT for simple xattrs
2023-08-22 10:57:46 +02:00