2
0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
linux/fs/ocfs2
Edward Adam Davis f46e8ef8bb ocfs2: prevent release journal inode after journal shutdown
Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already
been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. 
Therefore, the following calltrace will inevitably fail when it reaches
jbd2_journal_release_jbd_inode().

ocfs2_dismount_volume()->
  ocfs2_delete_osb()->
    ocfs2_free_slot_info()->
      __ocfs2_free_slot_info()->
        evict()->
          ocfs2_evict_inode()->
            ocfs2_clear_inode()->
	      jbd2_journal_release_jbd_inode(osb->journal->j_journal,

Adding osb->journal checks will prevent null-ptr-deref during the above
execution path.

Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.com
Fixes: da5e7c8782 ("ocfs2: cleanup journal init and shutdown")
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Reported-by: syzbot+47d8cb2f2cc1517e515a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=47d8cb2f2cc1517e515a
Tested-by: syzbot+47d8cb2f2cc1517e515a@syzkaller.appspotmail.com
Reviewed-by: Mark Tinguely <mark.tinguely@oracle.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-08-27 22:45:41 -07:00
..
cluster treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
dlm ocfs2/dlm: fix "take a while" typo 2025-07-19 19:08:26 -07:00
dlmfs Change inode_operations.mkdir to return struct dentry * 2025-02-27 20:00:17 +01:00
acl.c ocfs2: convert to new timestamp accessors 2023-10-18 14:08:24 +02:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
alloc.c ocfs2: fix panic in failed foilio allocation 2025-05-07 23:39:38 -07:00
alloc.h ocfs2: convert ocfs2_map_and_dirty_page() to ocfs2_map_and_dirty_folio() 2025-01-12 20:21:13 -08:00
aops.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
aops.h ocfs2: remove ocfs2_start_walk_page_trans() prototype 2025-01-12 20:21:13 -08:00
blockcheck.c
blockcheck.h
buffer_head_io.c ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate 2024-09-09 15:15:54 -07:00
buffer_head_io.h
dcache.c ocfs2_dentry_revalidate(): use stable parent inode and name passed by caller 2025-01-27 19:25:24 -05:00
dcache.h
dir.c ocfs2: avoid NULL pointer dereference in dx_dir_lookup_rec() 2025-07-19 19:08:27 -07:00
dir.h
dlmglue.c ocfs2: use str_yes_no() and str_no_yes() helper functions 2025-01-24 22:47:28 -08:00
dlmglue.h ocfs2: convert ocfs2_inode_lock_with_page() to ocfs2_inode_lock_with_folio() 2025-01-12 20:21:10 -08:00
export.c exportfs: Remove EXPORT_OP_ASYNC_LOCK 2024-10-01 17:01:08 +02:00
export.h
extent_map.c ocfs2: check el->l_next_free_rec in ocfs2_get_clusters_nocache 2025-01-24 22:47:23 -08:00
extent_map.h
file.c fs: replace mmap hook with .mmap_prepare for simple mappings 2025-06-19 13:56:59 +02:00
file.h ocfs2: store cookie in private data 2024-09-12 11:58:44 +02:00
filecheck.c ocfs2: simplify return statement in ocfs2_filecheck_attr_store() 2025-05-11 17:54:08 -07:00
filecheck.h
heartbeat.c
heartbeat.h
inode.c ocfs2: prevent release journal inode after journal shutdown 2025-08-27 22:45:41 -07:00
inode.h quota: Properly annotate i_dquot arrays with __rcu 2024-02-08 12:04:59 +01:00
ioctl.c tree-wide: s/struct fileattr/struct file_kattr/g 2025-07-04 16:14:39 +02:00
ioctl.h tree-wide: s/struct fileattr/struct file_kattr/g 2025-07-04 16:14:39 +02:00
journal.c ocfs2: stop quota recovery before disabling quotas 2025-05-07 23:39:40 -07:00
journal.h ocfs2: stop quota recovery before disabling quotas 2025-05-07 23:39:40 -07:00
Kconfig fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
localalloc.c ocfs2: fix the space leak in LA when releasing LA 2024-12-18 19:04:41 -08:00
localalloc.h
locks.c ocfs2: adapt to breakup of struct file_lock 2024-02-05 13:11:43 +01:00
locks.h
Makefile
mmap.c fs: replace mmap hook with .mmap_prepare for simple mappings 2025-06-19 13:56:59 +02:00
mmap.h fs: replace mmap hook with .mmap_prepare for simple mappings 2025-06-19 13:56:59 +02:00
move_extents.c ocfs2: avoid potential ABBA deadlock by reordering tl_inode lock 2025-07-19 19:08:27 -07:00
move_extents.h
namei.c ocfs2: update d_splice_alias() return code checking 2025-07-09 22:57:57 -07:00
namei.h
ocfs1_fs_compat.h
ocfs2_fs.h ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
ocfs2_ioctl.h ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
ocfs2_lockid.h ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
ocfs2_lockingver.h
ocfs2_trace.h ocfs2: convert to the new mount API 2025-01-12 20:21:06 -08:00
ocfs2.h ocfs2: stop quota recovery before disabling quotas 2025-05-07 23:39:40 -07:00
quota_global.c ocfs2: remove reference to bh->b_page 2025-03-16 23:24:13 -07:00
quota_local.c ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery 2025-05-11 17:54:11 -07:00
quota.h ocfs2: remove unused declaration in header file 2024-11-05 17:12:26 -08:00
refcounttree.c ocfs2: convert ocfs2_map_and_dirty_page() to ocfs2_map_and_dirty_folio() 2025-01-12 20:21:13 -08:00
refcounttree.h
reservations.c ocfs2: correctly use ocfs2_find_next_zero_bit() 2024-04-25 21:07:01 -07:00
reservations.h ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
resize.c ocfs2: uncache inode which has failed entering the group 2024-11-14 22:43:48 -08:00
resize.h
slot_map.c ocfs2: Annotate struct ocfs2_slot_info with __counted_by 2023-10-02 09:48:52 -07:00
slot_map.h
stack_o2cb.c ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
stack_user.c ocfs2: replace simple_strtol with kstrtol 2025-07-09 22:57:49 -07:00
stackglue.c ocfs2: remove unnecessary NULL check before unregister_sysctl_table() 2025-05-11 17:54:11 -07:00
stackglue.h ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
suballoc.c ocfs2: fix the issue with discontiguous allocation in the global_bitmap 2025-05-07 23:39:37 -07:00
suballoc.h ocfs2: fix the issue with discontiguous allocation in the global_bitmap 2025-05-07 23:39:37 -07:00
super.c new helper: set_default_d_op() 2025-06-10 22:21:16 -04:00
super.h
symlink.c ocfs2: use a folio in ocfs2_fast_symlink_read_folio() 2025-01-12 20:21:13 -08:00
symlink.h
sysfile.c
sysfile.h
uptodate.c
uptodate.h
xattr.c ocfs2: miscellaneous spelling fixes 2025-01-12 20:21:07 -08:00
xattr.h ocfs2: move ocfs2_xattr_handlers and ocfs2_xattr_handler_map to .rodata 2023-10-09 16:24:20 +02:00