Re: [PATCH] ext4: fix an use-after-free issue about data=journal writeback mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 25 Dec 2021 17:09:37 +0800, Zhang Yi wrote:
> Our syzkaller report an use-after-free issue that accessing the freed
> buffer_head on the writeback page in __ext4_journalled_writepage(). The
> problem is that if there was a truncate racing with the data=journalled
> writeback procedure, the writeback length could become zero and
> bget_one() refuse to get buffer_head's refcount, then the truncate
> procedure release buffer once we drop page lock, finally, the last
> ext4_walk_page_buffers() trigger the use-after-free problem.
> 
> [...]

Nice catch.   Applied, thanks!

[1/1] ext4: fix an use-after-free issue about data=journal writeback mode
      commit: 856dd2096e2a01f6eb2c9d60f6e0cd587aa273a8

Best regards,
-- 
Theodore Ts'o <tytso@xxxxxxx>
[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux