Stable Archive on lore.kernel.org
 help / color / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Pan Bian <bianpan2016@163.com>,
	Theodore Tso <tytso@mit.edu>, Jan Kara <jack@suse.cz>,
	stable@kernel.org
Subject: [PATCH 4.19 069/105] ext4: avoid drop reference to iloc.bh twice
Date: Mon, 20 May 2019 14:14:15 +0200
Message-ID: <20190520115251.952565717@linuxfoundation.org> (raw)
In-Reply-To: <20190520115247.060821231@linuxfoundation.org>

From: Pan Bian <bianpan2016@163.com>

commit 8c380ab4b7b59c0c602743810be1b712514eaebc upstream.

The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty.
However, the reference is dropped again if error occurs during
ext4_handle_dirty_metadata, which may result in use-after-free bugs.

Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/resize.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle,
 	err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
 	if (unlikely(err)) {
 		ext4_std_error(sb, err);
+		iloc.bh = NULL;
 		goto errout;
 	}
 	brelse(dind);



  parent reply index

Thread overview: 131+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-20 12:13 [PATCH 4.19 000/105] 4.19.45-stable review Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 001/105] locking/rwsem: Prevent decrement of reader count before increment Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 002/105] x86/speculation/mds: Revert CPU buffer clear on double fault exit Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 003/105] x86/speculation/mds: Improve CPU buffer clear documentation Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 004/105] objtool: Fix function fallthrough detection Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 005/105] arm64: dts: rockchip: Disable DCMDs on RK3399s eMMC controller Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 006/105] ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260 Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 007/105] ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3 Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 008/105] mmc: sdhci-of-arasan: Add DTS property to disable DCMDs Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 009/105] ARM: exynos: Fix a leaked reference by adding missing of_node_put Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 010/105] power: supply: axp288_charger: Fix unchecked return value Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 011/105] power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 012/105] arm64: mmap: Ensure file offset is treated as unsigned Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 013/105] arm64: arch_timer: Ensure counter register reads occur with seqlock held Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 014/105] arm64: compat: Reduce address limit Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 015/105] arm64: Clear OSDLR_EL1 on CPU boot Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 016/105] arm64: Save and restore OSDLR_EL1 across suspend/resume Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 017/105] sched/x86: Save [ER]FLAGS on context switch Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 018/105] crypto: crypto4xx - fix ctr-aes missing output IV Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 019/105] crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 020/105] crypto: salsa20 - dont access already-freed walk.iv Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 021/105] crypto: chacha20poly1305 - set cra_name correctly Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 022/105] crypto: ccp - Do not free psp_master when PLATFORM_INIT fails Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 023/105] crypto: vmx - fix copy-paste error in CTR mode Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 024/105] crypto: skcipher - dont WARN on unprocessed data after slow walk step Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 025/105] crypto: crct10dif-generic - fix use via crypto_shash_digest() Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 026/105] crypto: x86/crct10dif-pcl " Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 027/105] crypto: arm64/gcm-aes-ce - fix no-NEON fallback code Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 028/105] crypto: gcm - fix incompatibility between "gcm" and "gcm_base" Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 029/105] crypto: rockchip - update IV buffer to contain the next IV Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 030/105] crypto: arm/aes-neonbs - dont access already-freed walk.iv Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 031/105] crypto: arm64/aes-neonbs " Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 032/105] mmc: core: Fix tag set memory leak Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 033/105] ALSA: line6: toneport: Fix broken usage of timer for delayed execution Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 034/105] ALSA: usb-audio: Fix a memory leak bug Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 035/105] ALSA: hda/hdmi - Read the pin sense from register when repolling Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 036/105] ALSA: hda/hdmi - Consider eld_valid when reporting jack event Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 037/105] ALSA: hda/realtek - EAPD turn on later Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 038/105] ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) Greg Kroah-Hartman
2019-05-22  9:15   ` Pavel Machek
2019-05-22 10:22     ` Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 039/105] ASoC: max98090: Fix restore of DAPM Muxes Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 040/105] ASoC: RT5677-SPI: Disable 16Bit SPI Transfers Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 041/105] ASoC: fsl_esai: Fix missing break in switch statement Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 042/105] ASoC: codec: hdac_hdmi add device_link to card device Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 043/105] bpf, arm64: remove prefetch insn in xadd mapping Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 044/105] crypto: ccree - remove special handling of chained sg Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 045/105] crypto: ccree - fix mem leak on error path Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 046/105] crypto: ccree - dont map MAC key on stack Greg Kroah-Hartman
2019-05-22  8:49   ` Pavel Machek
2019-05-20 12:13 ` [PATCH 4.19 047/105] crypto: ccree - use correct internal state sizes for export Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 048/105] crypto: ccree - dont map AEAD key and IV on stack Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 049/105] crypto: ccree - pm resume first enable the source clk Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 050/105] crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 051/105] crypto: ccree - add function to handle cryptocell tee fips error Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 052/105] crypto: ccree - handle tee fips error during power management resume Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 053/105] mm/mincore.c: make mincore() more conservative Greg Kroah-Hartman
2019-05-22  8:57   ` Pavel Machek
2019-05-22  9:21     ` Michal Hocko
2019-05-23  9:18       ` Kevin Easton
2019-05-20 12:14 ` [PATCH 4.19 054/105] mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 055/105] mm/hugetlb.c: dont put_page in lock of hugetlb_lock Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 056/105] hugetlb: use same fault hash key for shared and private mappings Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 057/105] ocfs2: fix ocfs2 read inode data panic in ocfs2_iget Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 058/105] userfaultfd: use RCU to free the task struct when fork fails Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 059/105] ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 060/105] mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 061/105] mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 062/105] mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 063/105] tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 064/105] tty/vt: fix write/write race in ioctl(KDSKBSENT) handler Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 065/105] jbd2: check superblock mapped prior to committing Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 066/105] ext4: make sanity check in mballoc more strict Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 067/105] ext4: protect journal inodes blocks using block_validity Greg Kroah-Hartman
2019-05-22  9:18   ` Pavel Machek
2019-05-22 10:21     ` Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 068/105] ext4: ignore e_value_offs for xattrs with value-in-ea-inode Greg Kroah-Hartman
2019-05-20 12:14 ` Greg Kroah-Hartman [this message]
2019-05-20 12:14 ` [PATCH 4.19 070/105] ext4: fix use-after-free race with debug_want_extra_isize Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 071/105] ext4: actually request zeroing of inode table after grow Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 072/105] ext4: fix ext4_show_options for file systems w/o journal Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 073/105] btrfs: Check the first key and level for cached extent buffer Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 074/105] btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 075/105] btrfs: Honour FITRIM range constraints during free space trim Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 076/105] Btrfs: send, flush dellaloc in order to avoid data loss Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 077/105] Btrfs: do not start a transaction during fiemap Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 078/105] Btrfs: do not start a transaction at iterate_extent_inodes() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 079/105] bcache: fix a race between cache register and cacheset unregister Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 080/105] bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 081/105] ipmi:ssif: compare block number correctly for multi-part return messages Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 082/105] crypto: ccm - fix incompatibility between "ccm" and "ccm_base" Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 083/105] fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 084/105] tty: Dont force RISCV SBI console as preferred console Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 085/105] ext4: zero out the unused memory region in the extent tree block Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 086/105] ext4: fix data corruption caused by overlapping unaligned and aligned IO Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 087/105] ext4: fix use-after-free in dx_release() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 088/105] ext4: avoid panic during forced reboot due to aborted journal Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 089/105] ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 090/105] ALSA: hda/realtek - Fixup headphone noise via runtime suspend Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 091/105] ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 092/105] jbd2: fix potential double free Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 093/105] KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes Greg Kroah-Hartman
2019-05-22 11:20   ` Pavel Machek
2019-05-20 12:14 ` [PATCH 4.19 094/105] KVM: lapic: Busy wait for timer to expire when using hv_timer Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 095/105] kbuild: turn auto.conf.cmd into a mandatory include file Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 096/105] xen/pvh: set xen_domain_type to HVM in xen_pvh_init Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 097/105] libnvdimm/namespace: Fix label tracking error Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 098/105] iov_iter: optimize page_copy_sane() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 099/105] pstore: Centralize init/exit routines Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 100/105] pstore: Allocate compression during late_initcall() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 101/105] pstore: Refactor compression initialization Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 102/105] ext4: unsigned int compared against zero Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 103/105] ext4: fix block validity checks for journal inodes using indirect blocks Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 104/105] ext4: fix compile error when using BUFFER_TRACE Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 105/105] ext4: dont update s_rev_level if not required Greg Kroah-Hartman
2019-05-20 17:48 ` [PATCH 4.19 000/105] 4.19.45-stable review kernelci.org bot
2019-05-20 22:23 ` Dan Rue
2019-05-21  8:59   ` Greg Kroah-Hartman
2019-05-21  9:28     ` Naresh Kamboju
2019-05-21  9:38       ` ext4 regression (was Re: [PATCH 4.19 000/105] 4.19.45-stable review) Greg Kroah-Hartman
2019-05-21 10:28         ` Naresh Kamboju
2019-05-21 16:21           ` Theodore Ts'o
2019-05-21 16:30             ` Greg Kroah-Hartman
2019-05-21 16:44               ` Greg Kroah-Hartman
2019-05-21 17:57             ` Naresh Kamboju
2019-05-22  5:05               ` Theodore Ts'o
2019-05-22 10:20                 ` Naresh Kamboju
2019-05-21 15:02         ` Dan Rue
2019-05-21  8:51 ` [PATCH 4.19 000/105] 4.19.45-stable review Jon Hunter
2019-05-21 21:31 ` shuah
2019-05-22  5:04 ` Naresh Kamboju

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190520115251.952565717@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=bianpan2016@163.com \
    --cc=jack@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Stable Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ https://lore.kernel.org/stable \
		stable@vger.kernel.org stable@archiver.kernel.org
	public-inbox-index stable

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox