github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
523578f790
linux/fs
History
Jan Kara 9cfae3e2f1 jbd2: Fix use after free after error in jbd2_journal_dirty_metadata() 
commit 91aa11fae1 upstream.

When jbd2_journal_dirty_metadata() returns error,
__ext4_handle_dirty_metadata() stops the handle. However callers of this
function do not count with that fact and still happily used now freed
handle. This use after free can result in various issues but very likely
we oops soon.

The motivation of adding __ext4_journal_stop() into
__ext4_handle_dirty_metadata() in commit 9ea7a0df seems to be only to
improve error reporting. So replace __ext4_journal_stop() with
ext4_journal_abort_handle() which was there before that commit and add
WARN_ON_ONCE() to dump stack to provide useful information.

Reported-by: Sage Weil <sage@inktank.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-08-20 08:26:29 -07:00
..
9p 9p changes for the 3.4 merge window 2012-03-28 09:58:38 -07:00
adfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
affs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
afs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
autofs4 autofs - remove autofs dentry mount check 2013-05-11 13:48:06 -07:00
befs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
bfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
btrfs Btrfs: re-add root to dead root list if we stop dropping it 2013-08-04 16:25:54 +08:00
cachefiles switch touch_atime to struct path 2012-03-20 21:29:41 -04:00
ceph ceph: fix statvfs fr_size 2013-06-20 11:58:47 -07:00
cifs cifs: extend the buffer length enought for sprintf() using 2013-08-14 22:57:07 -07:00
coda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
configfs make configfs_pin_fs() return root dentry on success 2012-03-20 21:29:48 -04:00
cramfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
debugfs debugfs: debugfs_remove_recursive() must not rely on list_empty(d_subdirs) 2013-08-14 22:57:07 -07:00
devpts Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
dlm dlm fixes for 3.4 2012-04-23 18:22:42 -07:00
ecryptfs eCryptfs: check for eCryptfs cipher support at mount 2012-11-26 11:37:49 -08:00
efs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
exofs ore: Fix out-of-bounds access in _ios_obj() 2012-08-15 08:10:09 -07:00
exportfs
ext2 migrate ext2_fs.h guts to fs/ext2/ext2.h 2012-03-31 16:03:16 -04:00
ext3 ext3: fix data=journal fast mount/umount hang 2013-07-28 16:25:40 -07:00
ext4 jbd2: Fix use after free after error in jbd2_journal_dirty_metadata() 2013-08-20 08:26:29 -07:00
fat fat: fix possible overflow for fat_clusters 2013-06-07 12:49:12 -07:00
freevxfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
fscache fs/fscache/stats.c: fix memory leak 2013-05-07 19:51:55 -07:00
fuse fuse: don't WARN when nlink is zero 2013-03-04 06:06:43 +08:00
gfs2 GFS2: Test bufdata with buffer locked and gfs2_log_lock held 2013-01-17 08:51:06 -08:00
hfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hfsplus hfsplus: fix potential overflow in hfsplus_file_truncate() 2013-04-25 21:19:54 -07:00
hostfs Merge branch 'for-linus-3.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2012-03-27 18:29:53 -07:00
hpfs hpfs: better test for errors 2013-07-13 11:03:40 -07:00
hppfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hugetlbfs hugetlbfs: fix mmap failure in unaligned size request 2013-05-19 10:54:48 -07:00
isofs isofs: avoid info leak on export 2013-03-28 12:12:27 -07:00
jbd jbd: Fix lock ordering bug in journal_unmap_buffer() 2012-12-03 11:47:10 -08:00
jbd2 jbd2: fix theoretical race in jbd2__journal_restart 2013-07-21 18:19:00 -07:00
jffs2 jffs2: hold erase_completion_lock on exit 2013-01-17 08:50:46 -08:00
jfs jfs: fix a couple races 2013-06-07 12:49:34 -07:00
lockd lockd: protect nlm_blocked access in nlmsvc_retry_blocked 2013-07-28 16:26:17 -07:00
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
minix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ncpfs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nfs NFSv4: Fix a thinko in nfs4_try_open_cached 2013-06-07 12:49:30 -07:00
nfs_common
nfsd nfsd4: fix decoding of compounds across page boundaries 2013-07-13 11:03:41 -07:00
nilfs2 nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary 2013-06-07 12:49:21 -07:00
nls
notify fanotify: info leak in copy_event_to_user() 2013-08-11 15:38:43 -07:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ocfs2 ocfs2: xattr: fix inlined xattr reflink 2013-07-21 18:19:01 -07:00
omfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
openpromfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
proc fs/proc/task_mmu.c: fix buffer overflow in add_page_map() 2013-08-20 08:26:27 -07:00
pstore pstore: Avoid deadlock in panic and emergency-restart path 2013-03-04 06:06:43 +08:00
qnx4 qnx4: new helper - try_extent() 2012-03-20 21:29:52 -04:00
qnx6 fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-03-28 10:00:14 -07:00
ramfs fs: ramfs: file-nommu: add SetPageUptodate() 2012-07-16 09:04:45 -07:00
reiserfs reiserfs: Fix warning and inode leak when deleting inode with xattrs 2013-04-12 09:38:43 -07:00
romfs MTD merge for 3.4 2012-03-30 17:31:56 -07:00
squashfs Add an extra mount time sanity check, plus some code cleanups and bug fixes. 2012-03-28 18:05:54 -07:00
sysfs sysfs: fix use after free in case of concurrent read/write and readdir 2013-05-07 19:51:54 -07:00
sysv switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
ubifs UBIFS: fix a horrid bug 2013-07-03 10:59:05 -07:00
udf udf: avoid info leak on export 2013-03-28 12:12:27 -07:00
ufs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xfs xfs: kill suid/sgid through the truncate path. 2013-06-07 12:49:30 -07:00
aio.c aio: fix possible invalid memory access when DEBUG is enabled 2013-05-01 09:41:03 -07:00
anon_inodes.c anon_inodes: move allocation of anon_inode into ->mount() 2012-03-20 21:29:45 -04:00
attr.c vfs: increment iversion when a file is truncated 2012-06-10 00:36:12 +09:00
bad_inode.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
binfmt_aout.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf_fdpic.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf.c coredump: prevent double-free on an error path in core dumper 2012-10-07 08:32:27 -07:00
binfmt_em86.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_flat.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_misc.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_script.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_som.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
bio-integrity.c fs: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:21 +08:00
bio.c bio allocation failure due to bio_get_nr_vecs() 2012-05-11 16:45:12 +02:00
block_dev.c writeback: Fix periodic writeback after fs mount 2013-07-28 16:26:08 -07:00
buffer.c block: replace __getblk_slow misfix by grow_dev_page fix 2012-09-14 10:00:20 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check 2012-10-31 10:02:55 -07:00
compat.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-14 11:29:51 -07:00
dcache.c vfs: d_obtain_alias() needs to use "/" as default name. 2013-08-14 22:57:08 -07:00
dcookies.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
direct-io.c fs: Fix possible use-after-free with AIO 2013-03-04 06:06:41 +08:00
drop_caches.c
eventfd.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
eventpoll.c epoll: prevent missed events on EPOLL_CTL_MOD 2013-01-17 08:50:54 -08:00
exec.c perf: Disable monitoring on setuid processes for regular users 2013-07-03 10:59:04 -07:00
fcntl.c Wrap accesses to the fd_sets in struct fdtable 2012-02-19 10:30:52 -08:00
fhandle.c
fifo.c fifo: Do not restart open() if it already found a partner 2012-07-19 08:58:56 -07:00
file_table.c vfs: drop_file_write_access() made static 2012-03-20 21:29:32 -04:00
file.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
filesystems.c
fs_struct.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
fs-writeback.c ext4: fix potential deadlock in ext4_nonda_switch() 2012-10-13 05:38:49 +09:00
generic_acl.c
inode.c vfs: Revert spurious fix to spinning prevention in prune_icache_sb 2013-04-16 21:27:26 -07:00
internal.h vfs: protect remounting superblock read-only 2012-01-06 23:20:12 -05:00
ioctl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
ioprio.c block: strip out locking optimization in put_io_context() 2012-02-07 07:51:30 +01:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
Kconfig.binfmt fs: binfmt_elf: create Kconfig variable for PIE randomization 2012-01-10 16:30:51 -08:00
libfs.c dentry leak in simple_fill_super() failure exit 2012-04-09 01:39:22 -04:00
locks.c locks: fix checking of fcntl_setlease argument 2012-08-09 08:31:29 -07:00
Makefile fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
mbcache.c
mount.h vfs: keep list of mounts for each superblock 2012-01-06 23:20:12 -05:00
mpage.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
namei.c vfs: make word-at-a-time accesses handle a non-existing page 2012-05-03 14:01:40 -07:00
namespace.c vfs: umount_tree() might be called on subtree that had never made it 2012-06-10 00:36:12 +09:00
no-block.c
open.c vfs: canonicalize create mode in build_open_flags() 2012-09-14 10:00:05 -07:00
pipe.c vfs: fix pipe counter breakage 2013-03-14 11:29:51 -07:00
pnode.c
pnode.h
posix_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
proc_namespace.c vfs: switch ->show_options() to struct dentry * 2012-01-06 23:19:54 -05:00
read_write.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
read_write.h
readdir.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
select.c posix_types.h: Cleanup stale __NFDBITS and related definitions 2012-08-09 08:31:39 -07:00
seq_file.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
signalfd.c epoll: ep_unregister_pollwait() can use the freed pwq->whead 2012-02-24 11:42:50 -08:00
splice.c tcp: fix MSG_SENDPAGE_NOTLAST logic 2013-01-11 09:07:14 -08:00
stack.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
stat.c vfs: make O_PATH file descriptors usable for 'fstat()' 2012-10-02 10:29:51 -07:00
statfs.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
super.c livelock avoidance in sget() 2013-08-04 16:25:59 +08:00
sync.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
timerfd.c
utimes.c
xattr_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
xattr.c fs/xattr.c:setxattr(): improve handling of allocation failures 2012-04-05 15:25:50 -07:00