On Wed, Dec 11, 2024 at 04:10:23PM +0800, guocai.he.cn@xxxxxxxxxxxxx wrote: > From: Juntong Deng <juntong.deng@xxxxxxxxxxx> > > commit 7ad4e0a4f61c57c3ca291ee010a9d677d0199fba upstream. > > In gfs2_put_super(), whether withdrawn or not, the quota should > be cleaned up by gfs2_quota_cleanup(). > > Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu > callback) has run for all gfs2_quota_data objects, resulting in > use-after-free. > > Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called > by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling > gfs2_make_fs_ro(), there is no need to call them again. > > Reported-by: syzbot+29c47e9e51895928698c@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=29c47e9e51895928698c > Signed-off-by: Juntong Deng <juntong.deng@xxxxxxxxxxx> > Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Clayton Casciato <majortomtosourcecontrol@xxxxxxxxx> > Signed-off-by: Guocai He <guocai.he.cn@xxxxxxxxxxxxx> > --- > This commit is backporting 7ad4e0a4f61c7ad4e0a4f61c57c3ca291ee010a9d677d0199fba to the branch linux-5.15.y to > solve the CVE-2024-52760. Please merge this commit to linux-5.15.y. What changed from v1?
