Dropping the patch: ms code already use kvmalloc() which was the main idea of our series (to avoid
high order memory allocations with kmalloc()).
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 30.09.2021 16:03, Konstantin Khorenko wrote:
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at
https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit 5dba1638a3ef3bf3faa86a610259f9c25d266ed0
Author: Theodore Ts'o <ty...@mit.edu>
Date: Thu Sep 30 16:03:55 2021 +0300
ms/ext4: fix potential race between online resizing and write operations
ms commit 1d0c3924a92e
During an online resize an array of pointers to buffer heads gets
replaced so it can get enlarged. If there is a racing block
allocation or deallocation which uses the old array, and the old array
has gotten reused this can lead to a GPF or some other random kernel
memory getting modified.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
Link: https://lore.kernel.org/r/20200221053458.730016-2-ty...@mit.edu
Reported-by: Suraj Jitindar Singh <sura...@amazon.com>
Signed-off-by: Theodore Ts'o <ty...@mit.edu>
Cc: sta...@kernel.org
https://jira.sw.ru/browse/PSBM-101798
[ktkhai: adopted for our kernel]
Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com>
[VvS RHEL7.8 rebase] context changes
Ported to vz8 in the scope of https://jira.sw.ru/browse/PSBM-127850
Cherry-picked from vz7 commit ac708c29a6ed ("ms/ext4: fix potential race
between online resizing and write operations").
In fact - only 1 hunk for ext4_alloc_group_desc_bh_array() has been
taken, the patch itself has been already backported by RedHat.
mFixes: 762801fc7090 ("ext4: Fix high probable use-after-free")
Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
(cherry picked from vz8 commit 2b8aba6c7903855b74c9c682ccd913827762463a)
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
fs/ext4/super.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 0186d0421c2b..e17a9304c1ae 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2773,13 +2773,14 @@ int ext4_alloc_group_desc_bh_array(struct super_block
*sb, ext4_group_t ngroup)
return -ENOMEM;
}
- o_group_desc = sbi->s_group_desc;
+ rcu_read_lock();
+ o_group_desc = rcu_dereference(EXT4_SB(sb)->s_group_desc);
memcpy(n_group_desc, o_group_desc,
sbi->s_gdb_count * sizeof(struct buffer_head *));
- WRITE_ONCE(sbi->s_group_desc, n_group_desc);
+ rcu_read_unlock();
+ rcu_assign_pointer(EXT4_SB(sb)->s_group_desc, n_group_desc);
- /* FIXME: rcu is needed here. See ms commit 1d0c3924a92e */
- kvfree(o_group_desc);
+ ext4_kvfree_array_rcu(o_group_desc);
return 0;
}
.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
