| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jan 2024 16:41:53 +0100
From: Jan Kara <jack@...e.cz>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+cdee56dbcdf0096ef605@...kaller.appspotmail.com,
adilger.kernel@...ger.ca, chandan.babu@...cle.com, jack@...e.com,
linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-xfs@...r.kernel.org,
syzkaller-bugs@...glegroups.com, tytso@....edu
Subject: Re: [PATCH] jbd2: user-memory-access in jbd2__journal_start
On Wed 31-01-24 20:04:27, Edward Adam Davis wrote:
> Before reusing the handle, it is necessary to confirm that the transaction is
> ready.
>
> Reported-and-tested-by: syzbot+cdee56dbcdf0096ef605@...kaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@...com>
Sorry but no. Dave found a way to fix this particular problem in XFS and
your patch would not really improve anything because we'd just crash
when dereferencing handle->saved_alloc_context.
Honza
> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> index cb0b8d6fc0c6..702312cd5392 100644
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -493,6 +493,9 @@ handle_t *jbd2__journal_start(journal_t *journal, int nblocks, int rsv_blocks,
> return ERR_PTR(-EROFS);
>
> if (handle) {
> + if (handle->saved_alloc_context & ~PF_MEMALLOC_NOFS)
> + return ERR_PTR(-EBUSY);
> +
> J_ASSERT(handle->h_transaction->t_journal == journal);
> handle->h_ref++;
> return handle;
> --
> 2.43.0
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists