linux/fs/nilfs2
Ryusuke Konishi f83913f8c5 nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
A syzbot stress test reported that create_empty_buffers() called from
nilfs_lookup_dirty_data_buffers() can cause a general protection fault.

Analysis using its reproducer revealed that the back reference "mapping"
from a page/folio has been changed to NULL after dirty page/folio gang
lookup in nilfs_lookup_dirty_data_buffers().

Fix this issue by excluding pages/folios from being collected if, after
acquiring a lock on each page/folio, its back reference "mapping" differs
from the pointer to the address space struct that held the page/folio.

Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-08-21 13:07:21 -07:00
..
alloc.c nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
alloc.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
bmap.c nilfs2: fix infinite loop in nilfs_mdt_get_block() 2023-05-06 10:10:07 -07:00
bmap.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
btnode.c nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() 2023-06-12 11:31:49 -07:00
btnode.h fs/nilfs2: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:33 -06:00
btree.c nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field 2023-04-05 18:06:23 -07:00
btree.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
cpfile.c nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
cpfile.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
dat.c nilfs2: prevent WARNING in nilfs_dat_commit_end() 2023-02-02 22:50:10 -08:00
dat.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
dir.c nilfs2: Remove check for PageError 2022-06-29 08:51:07 -04:00
direct.c nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field 2023-04-05 18:06:23 -07:00
direct.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
export.h
file.c splice: Use filemap_splice_read() instead of generic_file_splice_read() 2023-05-24 08:42:17 -06:00
gcinode.c nilfs2: replace obvious uses of b_page with b_folio 2023-01-18 17:12:41 -08:00
ifile.c nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
ifile.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
inode.c nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput 2023-08-04 13:03:43 -07:00
ioctl.c nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() 2023-03-23 17:18:32 -07:00
Kconfig fs: build the legacy direct I/O code conditionally 2023-01-26 10:30:56 -07:00
Makefile
mdt.c nilfs2: replace obvious uses of b_page with b_folio 2023-01-18 17:12:41 -08:00
mdt.h nilfs2: fix lockdep warnings during disk space reclamation 2022-04-01 11:46:09 -07:00
namei.c fs: port ->rename() to pass mnt_idmap 2023-01-19 09:24:26 +01:00
nilfs.h fs: port ->permission() to pass mnt_idmap 2023-01-19 09:24:28 +01:00
page.c nilfs2: prevent general protection fault in nilfs_clear_dirty_page() 2023-06-19 13:19:35 -07:00
page.h nilfs2: get rid of nilfs_mapping_init() 2022-04-01 11:46:09 -07:00
recovery.c fs: Remove aop flags parameter from block_write_begin() 2022-05-08 14:28:19 -04:00
segbuf.c nilfs2: fix buffer corruption due to concurrent device reads 2023-06-19 13:19:33 -07:00
segbuf.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
segment.c nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() 2023-08-21 13:07:21 -07:00
segment.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
sufile.c nilfs2: fix possible out-of-bounds segment allocation in resize ioctl 2023-06-12 11:31:51 -07:00
sufile.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
super.c for-6.5/block-2023-06-23 2023-06-26 12:47:20 -07:00
sysfs.c nilfs2: use default_groups in kobj_type 2021-12-29 10:53:48 +01:00
sysfs.h nilfs2: remove filenames from file comments 2021-11-09 10:02:52 -08:00
the_nilfs.c nilfs2: reject devices with insufficient block count 2023-06-12 11:31:51 -07:00
the_nilfs.h nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput 2023-08-04 13:03:43 -07:00