[Devel] [PATCH RHEL COMMIT] ms/ext4: fix potential race between online resizing and write operations

Konstantin Khorenko khorenko at virtuozzo.com
Thu Sep 30 16:37:41 MSK 2021 

Dropping the patch: ms code already use kvmalloc() which was the main idea of our series (to avoid 
high order memory allocations with kmalloc()).

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 30.09.2021 16:03, Konstantin Khorenko wrote:
> The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
> after ark-5.14
> ------>
> commit 5dba1638a3ef3bf3faa86a610259f9c25d266ed0
> Author: Theodore Ts'o <tytso at mit.edu>
> Date:   Thu Sep 30 16:03:55 2021 +0300
> 
>      ms/ext4: fix potential race between online resizing and write operations
>      
>      ms commit 1d0c3924a92e
>      
>      During an online resize an array of pointers to buffer heads gets
>      replaced so it can get enlarged.  If there is a racing block
>      allocation or deallocation which uses the old array, and the old array
>      has gotten reused this can lead to a GPF or some other random kernel
>      memory getting modified.
>      
>      Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
>      Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@mit.edu
>      Reported-by: Suraj Jitindar Singh <surajjs at amazon.com>
>      Signed-off-by: Theodore Ts'o <tytso at mit.edu>
>      Cc: stable at kernel.org
>      
>      https://jira.sw.ru/browse/PSBM-101798
>      [ktkhai: adopted for our kernel]
>      
>      Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>      
>      [VvS RHEL7.8 rebase] context changes
>      
>      Ported to vz8 in the scope of https://jira.sw.ru/browse/PSBM-127850
>      
>      Cherry-picked from vz7 commit ac708c29a6ed ("ms/ext4: fix potential race
>      between online resizing and write operations").
>      In fact - only 1 hunk for ext4_alloc_group_desc_bh_array() has been
>      taken, the patch itself has been already backported by RedHat.
>      
>      mFixes: 762801fc7090 ("ext4: Fix high probable use-after-free")
>      
>      Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
>      
>      (cherry picked from vz8 commit 2b8aba6c7903855b74c9c682ccd913827762463a)
>      Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
> ---
>   fs/ext4/super.c | 9 +++++----
>   1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 0186d0421c2b..e17a9304c1ae 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -2773,13 +2773,14 @@ int ext4_alloc_group_desc_bh_array(struct super_block *sb, ext4_group_t ngroup)
>   		return -ENOMEM;
>   	}
>   
> -	o_group_desc = sbi->s_group_desc;
> +	rcu_read_lock();
> +	o_group_desc = rcu_dereference(EXT4_SB(sb)->s_group_desc);
>   	memcpy(n_group_desc, o_group_desc,
>   	       sbi->s_gdb_count * sizeof(struct buffer_head *));
> -	WRITE_ONCE(sbi->s_group_desc, n_group_desc);
> +	rcu_read_unlock();
> +	rcu_assign_pointer(EXT4_SB(sb)->s_group_desc, n_group_desc);
>   
> -	/* FIXME: rcu is needed here. See ms commit 1d0c3924a92e */
> -	kvfree(o_group_desc);
> +	ext4_kvfree_array_rcu(o_group_desc);
>   	return 0;
>   }
>   
> .
>

More information about the Devel mailing list