nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Ryusuke Konishi <konishi.ryusuke@gmail.com>	2023-08-05 16:20:38 +0300
committer	Andrew Morton <akpm@linux-foundation.org>	2023-08-21 23:07:21 +0300
commit	f83913f8c5b882a312e72b7669762f8a5c9385e4 (patch)
tree	6076dbd4064da7d78d992a687b7ca58712c5d483 /tools
parent	5805192c7b7257d290474cb1a3897d0567281bbc (diff)
download	linux-f83913f8c5b882a312e72b7669762f8a5c9385e4.tar.xz

nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()

A syzbot stress test reported that create_empty_buffers() called from nilfs_lookup_dirty_data_buffers() can cause a general protection fault. Analysis using its reproducer revealed that the back reference "mapping" from a page/folio has been changed to NULL after dirty page/folio gang lookup in nilfs_lookup_dirty_data_buffers(). Fix this issue by excluding pages/folios from being collected if, after acquiring a lock on each page/folio, its back reference "mapping" differs from the pointer to the address space struct that held the page/folio. Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Diffstat (limited to 'tools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: