iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
989d5ec317
linux/fs/nilfs2
History
Ryusuke Konishi 5bc09b397c nilfs2: fix potential bug in end_buffer_async_write 
According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.

Nilfs2 itself does not use end_buffer_async_write().  But, the async_write
flag is now used as a marker by commit 7f42ec3941 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.

This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent.  However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device.  This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.

The use of async_write for segment summary buffers has already been
removed in a previous change.

Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.

Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com
Fixes: 7f42ec3941 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+5c04210f7c7f897c1e7f@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-02-07 21:20:37 -08:00
..
alloc.c
alloc.h
bmap.c
bmap.h
btnode.c nilfs2: convert nilfs_page_bug() to nilfs_folio_bug() 2023-12-10 17:21:48 -08:00
btnode.h
btree.c
btree.h
cpfile.c nilfs2: cpfile: fix some kernel-doc warnings 2023-12-29 12:22:29 -08:00
cpfile.h
dat.c
dat.h
dir.c nilfs2: convert nilfs_prepare_chunk() and nilfs_commit_chunk() to folios 2023-12-10 17:21:48 -08:00
direct.c
direct.h
export.h
file.c nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() 2024-02-07 21:20:36 -08:00
gcinode.c
ifile.c
ifile.h
inode.c Quite a lot of kexec work this time around. Many singleton patches in 2024-01-09 11:46:20 -08:00
ioctl.c
Kconfig
Makefile
mdt.c
mdt.h
namei.c misc cleanups (the part that hadn't been picked by individual fs trees) 2024-01-11 20:23:50 -08:00
nilfs.h nilfs2: convert nilfs_rename() to use folios 2023-12-10 17:21:47 -08:00
page.c nilfs2: convert nilfs_page_bug() to nilfs_folio_bug() 2023-12-10 17:21:48 -08:00
page.h nilfs2: convert nilfs_page_bug() to nilfs_folio_bug() 2023-12-10 17:21:48 -08:00
recovery.c nilfs2: fix data corruption in dsync block recovery for small block sizes 2024-02-07 21:20:34 -08:00
segbuf.c
segbuf.h
segment.c nilfs2: fix potential bug in end_buffer_async_write 2024-02-07 21:20:37 -08:00
segment.h
sufile.c nilfs2: switch WARN_ONs to warning output in nilfs_sufile_do_free() 2023-12-20 15:02:58 -08:00
sufile.h
super.c
sysfs.c
sysfs.h
the_nilfs.c
the_nilfs.h