diff options
| author | Svyatoslav Feldsherov <[email protected]> | 2022-11-15 20:20:01 +0000 |
|---|---|---|
| committer | Theodore Ts'o <[email protected]> | 2022-11-22 17:00:00 -0500 |
| commit | 4e3c51f4e805291b057d12f5dda5aeb50a538dc4 (patch) | |
| tree | e9f12c22f0aebe3ad2bc4ad620b3fca71a8a64ec /lib/mpi/mpi-mod.c | |
| parent | f6b1a1cf1c3ee430d3f5e47847047ce789a690aa (diff) | |
fs: do not update freeing inode i_io_list
After commit cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode
already has I_DIRTY_INODE") writeback_single_inode can push inode with
I_DIRTY_TIME set to b_dirty_time list. In case of freeing inode with
I_DIRTY_TIME set this can happen after deletion of inode from i_io_list
at evict. Stack trace is following.
evict
fat_evict_inode
fat_truncate_blocks
fat_flush_inodes
writeback_inode
sync_inode_metadata(inode, sync=0)
writeback_single_inode(inode, wbc) <- wbc->sync_mode == WB_SYNC_NONE
This will lead to use after free in flusher thread.
Similar issue can be triggered if writeback_single_inode in the
stack trace update inode->i_io_list. Add explicit check to avoid it.
Fixes: cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE")
Reported-by: [email protected]
Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Svyatoslav Feldsherov <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Theodore Ts'o <[email protected]>
Diffstat (limited to 'lib/mpi/mpi-mod.c')
0 files changed, 0 insertions, 0 deletions