torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-25 08:56:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
758b8db4a56ab03eca4ecbfa7fa641ed30fb2a90
linux/fs
History
Tejun Heo 8e00c4e9dd writeback: fix use-after-free in finish_writeback_work() 
finish_writeback_work() reads @done->waitq after decrementing
@done->cnt.  However, once @done->cnt reaches zero, @done may be freed
(from stack) at any moment and @done->waitq can contain something
unrelated by the time finish_writeback_work() tries to read it.  This
led to the following crash.

  "BUG: kernel NULL pointer dereference, address: 0000000000000002"
  #PF: supervisor write access in kernel mode
  #PF: error_code(0x0002) - not-present page
  PGD 0 P4D 0
  Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
  CPU: 40 PID: 555153 Comm: kworker/u98:50 Kdump: loaded Not tainted
  ...
  Workqueue: writeback wb_workfn (flush-btrfs-1)
  RIP: 0010:_raw_spin_lock_irqsave+0x10/0x30
  Code: 48 89 d8 5b c3 e8 50 db 6b ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 9c 5b fa 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 05 48 89 d8 5b c3 89 c6 e8 fe ca 6b ff eb f2 66 90
  RSP: 0018:ffffc90049b27d98 EFLAGS: 00010046
  RAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000
  RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000002
  RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
  R10: ffff889fff407600 R11: ffff88ba9395d740 R12: 000000000000e300
  R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff88bfdfa00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000002 CR3: 0000000002409005 CR4: 00000000001606e0
  Call Trace:
   __wake_up_common_lock+0x63/0xc0
   wb_workfn+0xd2/0x3e0
   process_one_work+0x1f5/0x3f0
   worker_thread+0x2d/0x3d0
   kthread+0x111/0x130
   ret_from_fork+0x1f/0x30

Fix it by reading and caching @done->waitq before decrementing
@done->cnt.

Link: http://lkml.kernel.org/r/20190924010631.GH2233839@devbig004.ftw2.facebook.com
Fixes: 5b9cce4c7e ("writeback: Generalize and expose wb_completion")
Signed-off-by: Tejun Heo <tj@kernel.org>
Debugged-by: Chris Mason <clm@fb.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Cc: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org>	[5.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-10-07 15:47:19 -07:00
..
9p
Merge tag '9p-for-5.4' of git://github.com/martinetd/linux
2019-09-27 15:10:34 -07:00
adfs
Merge branch 'work.adfs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 11:33:22 -07:00
affs
fs: affs: Initialize filesystem timestamp ranges
2019-08-30 07:27:18 -07:00
afs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-29 19:42:07 -07:00
autofs
autofs_lookup(): hold ->d_lock over playing with ->d_flags
2019-07-27 10:03:14 -04:00
befs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
bfs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
btrfs
Merge tag 'for-5.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
2019-09-30 10:25:24 -07:00
cachefiles
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
ceph
Merge tag 'ceph-for-5.4-rc1' of git://github.com/ceph/ceph-client
2019-09-25 10:21:13 -07:00
cifs
Merge tag '5.4-rc-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
2019-09-29 19:37:32 -07:00
coda
Merge tag 'y2038-vfs' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground
2019-09-19 09:42:37 -07:00
configfs
Merge tag 'configfs-for-5.4' of git://git.infradead.org/users/hch/configfs
2019-09-19 13:09:28 -07:00
cramfs
Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-19 10:06:57 -07:00
crypto
fscrypt: require that key be added when setting a v2 encryption policy
2019-08-12 19:18:50 -07:00
debugfs
Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2019-09-28 08:14:15 -07:00
devpts
devpts_pty_kill(): don't bother with d_delete()
2019-09-03 09:30:56 -04:00
dlm
Merge tag 'dlm-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm
2019-07-12 17:37:53 -07:00
ecryptfs
Merge tag 'ecryptfs-5.3-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
2019-07-14 19:29:04 -07:00
efivarfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
efs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
erofs
erofs: fix mis-inplace determination related with noio chain
2019-10-01 04:54:45 +08:00
exportfs
docs: fs: convert docs without extension to ReST
2019-07-31 13:31:05 -06:00
ext2
Merge tag 'for_v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2019-09-21 13:53:34 -07:00
ext4
Merge branch 'entropy'
2019-09-29 19:25:39 -07:00
f2fs
Merge tag 'f2fs-for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
2019-09-21 14:26:33 -07:00
fat
fat: delete an unnecessary check before brelse()
2019-09-25 17:51:40 -07:00
freevxfs
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
fscache
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
2019-07-10 18:43:43 -07:00
fuse
Merge tag 'virtio-fs-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2019-09-27 15:54:24 -07:00
gfs2
Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-24 12:33:34 -07:00
hfs
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
hfsplus
fs/hfsplus/xattr.c: replace strncpy with memcpy
2019-07-16 19:23:23 -07:00
hostfs
Merge tag 'for-linus-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/uml
2019-05-12 17:52:13 -04:00
hpfs
fs: hpfs: Initialize filesystem timestamp ranges
2019-08-30 08:11:25 -07:00
hugetlbfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
iomap
iomap: move the iomap_dio_rw ->end_io callback into a structure
2019-09-19 15:32:45 -07:00
isofs
Merge tag 'y2038-vfs' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground
2019-09-19 09:42:37 -07:00
jbd2
jbd2: remove jbd2_journal_inode_add_[write|wait]
2019-09-24 15:54:07 -07:00
jffs2
Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-26 11:33:30 -07:00
jfs
Merge tag 'y2038-vfs' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground
2019-09-19 09:42:37 -07:00
kernfs
Merge tag 'y2038-vfs' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground
2019-09-19 09:42:37 -07:00
lockd
lockd: Make two symbols static
2019-07-03 17:52:09 -04:00
minix
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
nfs
Merge tag 'nfs-for-5.4-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
2019-09-26 12:20:14 -07:00
nfs_common
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
nfsd
Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux
2019-09-27 17:00:27 -07:00
nilfs2
vfs: create a generic checking and prep function for FS_IOC_SETFLAGS
2019-07-01 08:25:34 -07:00
nls
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
notify
Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux
2019-09-27 17:00:27 -07:00
ntfs
ntfs: remove (un)?likely() from IS_ERR() conditions
2019-09-26 10:10:44 -07:00
ocfs2
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
2019-10-07 15:47:19 -07:00
omfs
fs: omfs: Initialize filesystem timestamp ranges
2019-08-30 08:11:25 -07:00
openpromfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
orangefs
Merge tag 'for-linus-5.4-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
2019-09-19 10:21:35 -07:00
overlayfs
ovl: filter of trusted xattr results in audit
2019-09-11 16:11:45 +02:00
proc
Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2019-09-28 08:14:15 -07:00
pstore
pstore: fs superblock limits
2019-08-30 08:11:25 -07:00
qnx4
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
qnx6
fs: Fill in max and min timestamps in superblock
2019-08-30 07:27:17 -07:00
quota
quota: fix condition for resetting time limit in do_set_dqblk()
2019-07-31 12:04:42 +02:00
ramfs
vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API
2019-09-12 21:05:34 -04:00
reiserfs
fs/reiserfs/do_balan.c: remove set but not used variable
2019-09-25 17:51:40 -07:00
romfs
Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-19 10:06:57 -07:00
squashfs
Merge branch 'work.mount2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-09-19 10:06:57 -07:00
sysfs
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
sysv
fs: sysv: Initialize filesystem timestamp ranges
2019-08-30 07:27:18 -07:00
tracefs
Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2019-09-28 08:14:15 -07:00
ubifs
Merge tag 'upstream-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
2019-09-21 11:10:16 -07:00
udf
fs-udf: Delete an unnecessary check before brelse()
2019-09-04 18:19:43 +02:00
ufs
Merge tag 'y2038-vfs' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground
2019-09-19 09:42:37 -07:00
unicode
unicode: make array 'token' static const, makes object smaller
2019-09-17 11:48:24 -04:00
verity
fs-verity: support builtin file signatures
2019-08-12 19:33:50 -07:00
xfs
Merge tag 'xfs-5.4-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
2019-09-26 11:36:20 -07:00
aio.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
anon_inodes.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
attr.c
timestamp_truncate: Replace users of timespec64_trunc
2019-08-30 07:27:17 -07:00
bad_inode.c
binfmt_aout.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
binfmt_elf_fdpic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
binfmt_elf.c
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
2019-09-26 11:38:55 -07:00
binfmt_em86.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
binfmt_flat.c
fs/binfmt_flat.c: remove set but not used variable 'inode'
2019-07-16 19:23:22 -07:00
binfmt_misc.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
binfmt_script.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
block_dev.c
Merge tag 'vfs-5.4-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
2019-09-18 17:35:20 -07:00
buffer.c
Merge tag 'for-linus-20190715' of git://git.kernel.dk/linux-block
2019-07-15 21:20:52 -07:00
char_dev.c
chardev: set variable ret to -EBUSY before checking minor range overlap
2019-05-24 20:50:36 +02:00
compat_binfmt_elf.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 193
2019-05-30 11:29:21 -07:00
compat_ioctl.c
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
2019-07-30 14:42:13 -07:00
compat.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
coredump.c
coredump: split pipe command whitespace before expanding template
2019-08-03 07:02:01 -07:00
d_path.c
[PATCH] fix d_absolute_path() interplay with fsmount()
2019-08-30 19:31:09 -04:00
dax.c
dax: dax_layout_busy_page() should not unmap cow pages
2019-08-05 14:59:05 -07:00
dcache.c
Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-20 09:15:51 -07:00
dcookies.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
direct-io.c
direct-io: use bio_release_pages in dio_bio_complete
2019-06-29 09:47:31 -06:00
drop_caches.c
eventfd.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
eventpoll.c
PM / wakeup: Show wakeup sources stats in sysfs
2019-08-21 00:20:40 +02:00
exec.c
sched/membarrier: Fix p->mm->membarrier_state racy load
2019-09-25 17:42:30 +02:00
fcntl.c
fs: mark expected switch fall-throughs
2019-04-08 18:21:02 -05:00
fhandle.c
fs/handle.c - fix up kerneldoc
2019-08-07 21:51:47 -04:00
file_table.c
vfs: Export flush_delayed_fput for use by knfsd.
2019-08-19 11:00:39 -04:00
file.c
Merge tag 'io_uring-2019-03-06' of git://git.kernel.dk/linux-block
2019-03-08 14:48:40 -08:00
filesystems.c
vfs: Implement a filesystem superblock creation/configuration context
2019-02-28 03:29:26 -05:00
fs_context.c
vfs: subtype handling moved to fuse
2019-09-06 21:28:49 +02:00
fs_parser.c
vfs: Make fs_parse() handle fs_param_is_fd-type params better
2019-09-12 21:06:14 -04:00
fs_pin.c
switch the remnants of releasing the mountpoint away from fs_pin
2019-07-16 22:52:37 -04:00
fs_struct.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
fs_types.c
fs-writeback.c
writeback: fix use-after-free in finish_writeback_work()
2019-10-07 15:47:19 -07:00
fsopen.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
inode.c
mm,thp: avoid writes to file with THP in pagecache
2019-09-24 15:54:11 -07:00
internal.h
Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-20 09:15:51 -07:00
io_uring.c
Merge tag 'for-linus-2019-10-03' of git://git.kernel.dk/linux-block
2019-10-04 09:56:51 -07:00
ioctl.c
Kconfig
Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt
2019-09-18 16:59:14 -07:00
Kconfig.binfmt
binfmt_flat: make support for old format binaries optional
2019-06-24 09:16:47 +10:00
libfs.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
locks.c
Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux
2019-09-27 17:00:27 -07:00
Makefile
Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt
2019-09-18 16:59:14 -07:00
mbcache.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
mount.h
switch the remnants of releasing the mountpoint away from fs_pin
2019-07-16 22:52:37 -04:00
mpage.c
blkcg, writeback: Rename wbc_account_io() to wbc_account_cgroup_owner()
2019-07-10 09:00:57 -06:00
namei.c
fs/namei.c: keep track of nd->root refcount status
2019-09-03 09:30:45 -04:00
namespace.c
Merge branch 'akpm' (patches from Andrew)
2019-09-26 10:29:42 -07:00
no-block.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
nsfs.c
vfs: Convert nsfs to use the new mount API
2019-05-25 18:00:06 -04:00
open.c
fs: remove unlikely() from WARN_ON() condition
2019-09-26 10:10:30 -07:00
pipe.c
vfs: Convert pipe to use the new mount API
2019-05-25 18:00:07 -04:00
pnode.c
fs/namespace: fix unprivileged mount propagation
2019-06-17 17:36:09 -04:00
pnode.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 209
2019-05-30 11:29:53 -07:00
posix_acl.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
proc_namespace.c
vfs: subtype handling moved to fuse
2019-09-06 21:28:49 +02:00
read_write.c
vfs: fix page locking deadlocks when deduping files
2019-08-16 18:43:24 -07:00
readdir.c
select.c
fs/select.c: use struct_size() in kmalloc()
2019-07-16 19:23:25 -07:00
seq_file.c
seq_file: fix problem when seeking mid-record
2019-08-13 16:06:52 -07:00
signalfd.c
fs: mark expected switch fall-throughs
2019-04-08 18:21:02 -05:00
splice.c
uio: make import_iovec()/compat_import_iovec() return bytes on success
2019-05-31 15:30:03 -06:00
stack.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
stat.c
statfs.c
vfs: Fix EOVERFLOW testing in put_compat_statfs64
2019-10-03 14:21:35 -07:00
super.c
Merge tag 'fuse-update-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2019-09-25 09:55:59 -07:00
sync.c
fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback
2019-05-14 09:47:50 -07:00
timerfd.c
timerfd: Prepare for PREEMPT_RT
2019-08-01 20:51:23 +02:00
userfaultfd.c
userfaultfd: untag user pointers
2019-09-25 17:51:41 -07:00
utimes.c
utimes: Clamp the timestamps before update
2019-08-30 07:27:17 -07:00
xattr.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00