summaryrefslogtreecommitdiff
path: root/scripts/basic
diff options
context:
space:
mode:
authorDmitry Antipov <dmantipov@yandex.ru>2026-05-29 12:41:28 +0300
committerAndrew Morton <akpm@linux-foundation.org>2026-06-05 00:49:28 +0300
commit6371a07148ee979af22a9d6f4c277462953a9a4a (patch)
tree37a1dca11ccae49f27dc8197c999e30cb17fe17c /scripts/basic
parent19c000ba93d609e15e95fed76a9e3b8055833098 (diff)
downloadlinux-6371a07148ee979af22a9d6f4c277462953a9a4a.tar.xz
ocfs2: fix buffer head management in ocfs2_read_blocks()
In ocfs2_read_blocks(), caller should't assume that buffer head returned by 'sb_getblk()' is exclusively owned and so 'put_bh()' always drops b_count from 1 to 0. If it is not so, buffer head remains on hold and likely to be returned by the next call to 'sb_getblk()' unchanged - that is, with BH_Uptodate bit set even if it has failed validation previously, thus allowing to insert that buffer head into OCFS2 metadata cache and submit it to upper layers. To avoid such a scenario, BH_Uptodate should be cleared immediately after 'validate()' callback has detected some data inconsistency. Link: https://lore.kernel.org/20260529094128.494293-1-dmantipov@yandex.ru Fixes: cf76c78595ca ("ocfs2: don't put and assigning null to bh allocated outside") Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Reported-by: syzbot+caacd220635a9cc3bac9@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=caacd220635a9cc3bac9 Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Jun Piao <piaojun@huawei.com> Cc: Heming Zhao <heming.zhao@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Diffstat (limited to 'scripts/basic')
0 files changed, 0 insertions, 0 deletions