korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-22 04:31:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
a1832c0fcb
linux/fs/gfs2
History
Juntong Deng 7ad4e0a4f6 gfs2: Fix slab-use-after-free in gfs2_qd_dealloc 
commit bdcb8aa434 upstream.

In gfs2_put_super(), whether withdrawn or not, the quota should
be cleaned up by gfs2_quota_cleanup().

Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu
callback) has run for all gfs2_quota_data objects, resulting in
use-after-free.

Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called
by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling
gfs2_make_fs_ro(), there is no need to call them again.

Reported-by: syzbot+29c47e9e51895928698c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=29c47e9e51895928698c
Signed-off-by: Juntong Deng <juntong.deng@outlook.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
2024-07-05 09:32:00 +02:00
..
acl.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
aops.c gfs2: low-memory forced flush fixes 2023-09-19 12:27:58 +02:00
aops.h
bmap.c gfs2: Fix invalid metadata access in punch_hole 2024-05-17 11:56:04 +02:00
bmap.h gfs2: Clean up gfs2_unstuff_dinode 2021-06-29 10:56:51 +02:00
dentry.c
dir.c gfs2 fixes 2022-08-06 14:44:49 -07:00
dir.h
export.c Change calling conventions for filldir_t 2022-08-17 17:25:04 -04:00
file.c gfs2: Fix duplicate should_fault_in_pages() call 2023-07-19 16:21:54 +02:00
gfs2.h
glock.c gfs2: Fix "ignore unlock failures after withdraw" 2024-06-12 11:03:10 +02:00
glock.h gfs2: Merge branch 'for-next.nopid' into for-next 2022-10-09 22:56:28 +02:00
glops.c gfs2: Don't forget to complete delayed withdraw 2024-06-12 11:03:10 +02:00
glops.h
incore.h gfs2: Make go_instantiate take a glock 2022-06-29 16:59:07 +02:00
inode.c gfs2: Silence "suspicious RCU usage in gfs2_permission" warning 2023-11-28 17:07:04 +00:00
inode.h gfs2: Convert to release_folio 2022-05-09 23:12:33 -04:00
Kconfig
lock_dlm.c fs: dlm: remove DLM_LSFL_FS from uapi 2022-08-23 14:54:54 -05:00
log.c gfs2: low-memory forced flush fixes 2023-09-19 12:27:58 +02:00
log.h fs/gfs2: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:32 -06:00
lops.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
lops.h fs/gfs2: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:32 -06:00
main.c gfs2: Register fs after creating workqueues 2022-09-20 17:53:54 +02:00
Makefile
meta_io.c gfs2: replace ll_rw_block() 2022-09-11 20:26:06 -07:00
meta_io.h gfs2: Use container_of() for gfs2_glock(aspace) 2022-05-24 21:29:14 +02:00
ops_fstype.c gfs2: Merge branch 'for-next.nopid' into for-next 2022-10-09 22:56:28 +02:00
quota.c gfs2: ignore negated quota changes 2023-11-28 17:07:02 +00:00
quota.h
recovery.c gfs2: replace 'found' with dedicated list iterator variable 2022-05-14 03:05:55 +02:00
recovery.h
rgrp.c gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump 2024-01-25 15:27:22 -08:00
rgrp.h Merge part of branch 'for-next.instantiate' into for-next 2022-08-05 18:37:03 +02:00
super.c gfs2: Fix slab-use-after-free in gfs2_qd_dealloc 2024-07-05 09:32:00 +02:00
super.h gfs2: Don't release and reacquire local statfs bh 2021-08-20 09:03:46 -05:00
sys.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
sys.h
trace_gfs2.h gfs2: Remove 'first' trace_gfs2_promote argument 2021-10-25 08:42:19 +02:00
trans.c
trans.h
util.c gfs2: Fix "ignore unlock failures after withdraw" 2024-06-12 11:03:10 +02:00
util.h gfs2: don't stop reads while withdraw in progress 2021-08-20 09:03:46 -05:00
xattr.c gfs2: Minor gfs2_glock_nq_m cleanup 2022-06-28 20:38:15 +02:00
xattr.h