On Fri, Feb 28, 2020 at 04:48:15PM -0800, Suraj Jitindar Singh wrote:
From: Theodore Ts'o <tytso@xxxxxxx> commit 1d0c3924a92e69bfa91163bda83c12a994b4d106 upstream. During an online resize an array of pointers to buffer heads gets replaced so it can get enlarged. If there is a racing block allocation or deallocation which uses the old array, and the old array has gotten reused this can lead to a GPF or some other random kernel memory getting modified. Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443 Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@xxxxxxx Reported-by: Suraj Jitindar Singh <surajjs@xxxxxxxxxx> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> Cc: stable@xxxxxxxxxx # 4.14.x
I've applied this and the 4.9 and 4.4 series. Note that patch 2 in all of your serieses didn't apply cleanly for me, but cherry picking the upstream commit directly worked so I did that. -- Thanks, Sasha
