fs: do not update freeing inode i_io_list - kernel/linux.git

diff options

author	Svyatoslav Feldsherov <feldsherov@google.com>	2022-11-15 23:20:01 +0300
committer	Theodore Ts'o <tytso@mit.edu>	2022-11-23 01:00:00 +0300
commit	4e3c51f4e805291b057d12f5dda5aeb50a538dc4 (patch)
tree	e9f12c22f0aebe3ad2bc4ad620b3fca71a8a64ec /MAINTAINERS
parent	f6b1a1cf1c3ee430d3f5e47847047ce789a690aa (diff)
download	linux-4e3c51f4e805291b057d12f5dda5aeb50a538dc4.tar.xz

fs: do not update freeing inode i_io_list

After commit cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE") writeback_single_inode can push inode with I_DIRTY_TIME set to b_dirty_time list. In case of freeing inode with I_DIRTY_TIME set this can happen after deletion of inode from i_io_list at evict. Stack trace is following. evict fat_evict_inode fat_truncate_blocks fat_flush_inodes writeback_inode sync_inode_metadata(inode, sync=0) writeback_single_inode(inode, wbc) <- wbc->sync_mode == WB_SYNC_NONE This will lead to use after free in flusher thread. Similar issue can be triggered if writeback_single_inode in the stack trace update inode->i_io_list. Add explicit check to avoid it. Fixes: cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE") Reported-by: syzbot+6ba92bd00d5093f7e371@syzkaller.appspotmail.com Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Svyatoslav Feldsherov <feldsherov@google.com> Link: https://lore.kernel.org/r/20221115202001.324188-1-feldsherov@google.com Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Diffstat (limited to 'MAINTAINERS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: