Ritesh Harjani cc16eecae6 jbd2: fix use-after-free of transaction_t race ... jbd2_journal_wait_updates() is called with j_state_lock held. But if there is a commit in progress, then this transaction might get committed and freed via jbd2_journal_commit_transaction() -> jbd2_journal_free_transaction(), when we release j_state_lock. So check for journal->j_running_transaction everytime we release and acquire j_state_lock to avoid use-after-free issue. Link: https://lore.kernel.org/r/948c2fed518ae739db6a8f7f83f1d58b504f87d0.1644497105.git.ritesh.list@gmail.com Fixes: 4f98186848 ("jbd2: refactor wait logic for transaction updates into a common function") Cc: stable@kernel.org Reported-and-tested-by: syzbot+afa2ca5171d93e44b348@syzkaller.appspotmail.com Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>		2022-02-25 21:28:10 -05:00
..
checkpoint.c	ext4: inline jbd2_journal_[un]register_shrinker()	2021-07-08 08:37:31 -04:00
commit.c	jbd2: refactor wait logic for transaction updates into a common function	2022-02-03 10:57:44 -05:00
journal.c	Various bug fixes for ext4 fast commit and inline data handling. Also	2022-02-06 10:34:45 -08:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
recovery.c	jbd2: clean up two gcc -Wall warnings in recovery.c	2021-08-10 14:12:27 -04:00
revoke.c	jbd2: Reserve space for revoke descriptor blocks	2019-11-05 16:00:48 -05:00
transaction.c	jbd2: fix use-after-free of transaction_t race	2022-02-25 21:28:10 -05:00