Displaying 15 results from an estimated 15 matches for "ocfs2_local_free_info".
2023 May 28
1
[PATCH 1/2] ocfs2: correct return value of ocfs2_local_free_info()
Now in ocfs2_local_free_info(), it returns 0 even if it actually fails.
Though it doesn't cause any real problem since the only caller
dquot_disable() ignores the return value, we'd better return correct
as it is.
Signed-off-by: Joseph Qi <joseph.qi at linux.alibaba.com>
---
fs/ocfs2/quota_local.c | 9 +++------...
2023 May 23
1
[PATCH v2] ocfs2: fix use-after-free when unmounting read-only filesystem
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 May 24
0
[PATCH v2] ocfs2: fix use-after-free when unmounting read-only filesystem
On 5/23/23 5:33 PM, Lu?s Henriques wrote:
> It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
> fstest generic/452. After a read-only remount, quotas are suspended and
> ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
> the filesystem, an UAF access to the oinfo will eventually cause a crash.
>
> BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
> Read of size 8 at addr ffff8880389a8208 by task umount/669
> ...
> Call Trace:
> <TASK>
> ...
> timer_...
2023 May 26
1
+ ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch added to mm-hotfixes-unstable branch
On Fri, 26 May 2023 09:36:25 +0800 Joseph Qi <joseph.qi at linux.alibaba.com> wrote:
> Hi Andrew,
>
> There is an updated version v2, which describe more clearly about the
> case:
> https://lore.kernel.org/ocfs2-devel/e9fc4b2f-1fcc-7c31-f346-59eccff50f9b at linux.alibaba.com/T/#u
Sigh. Thanks.
As you can see from the above link, the email never hit ocfs2-devel and
never
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 4.14-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 4.19-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 5.4-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 5.10-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 5.15-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 6.1-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 Jun 17
0
Patch "ocfs2: fix use-after-free when unmounting read-only filesystem" has been added to the 6.3-stable tree
...Henriques <ocfs2-devel at oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x...
2023 May 25
1
+ ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch added to mm-hotfixes-unstable branch
...x use-after-free when unmounting read-only filesystem
Date: Mon, 22 May 2023 11:21:12 +0100
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code
using fstest generic/452. After mounting a filesystem as read-only,
quotas are suspended and ocfs2_mem_dqinfo is freed through
->ocfs2_local_free_info(). When unmounting the filesystem, an UAF access
to the oinfo will eventually cause a crash.
Link: https://lkml.kernel.org/r/20230522102112.9031-1-lhenriques at suse.de
Signed-off-by: Lu??s Henriques <lhenriques at suse.de>
Reviewed-by: Joseph Qi <joseph.qi at linux.alibaba.com>
Teste...
2023 May 26
1
+ ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch added to mm-hotfixes-unstable branch
...ng read-only filesystem
> Date: Mon, 22 May 2023 11:21:12 +0100
>
> It's trivial to trigger a use-after-free bug in the ocfs2 quotas code
> using fstest generic/452. After mounting a filesystem as read-only,
> quotas are suspended and ocfs2_mem_dqinfo is freed through
> ->ocfs2_local_free_info(). When unmounting the filesystem, an UAF access
> to the oinfo will eventually cause a crash.
>
> Link: https://lkml.kernel.org/r/20230522102112.9031-1-lhenriques at suse.de
> Signed-off-by: Lu?s Henriques <lhenriques at suse.de>
> Reviewed-by: Joseph Qi <joseph.qi at lin...
2008 Oct 20
0
[PATCH] ocfs2: Implement quota syncing thread
...imer,
+ round_jiffies(jiffies + oinfo->dqi_syncjiff));
+}
+
+/*
* Wrappers for generic quota functions
*/
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 719659b..17509bd 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -367,6 +367,10 @@ static int ocfs2_local_free_info(struct super_block *sb, int type)
int mark_clean = 1, len;
int status;
+ /* At this point we know there are no more dquots and thus
+ * even if there's some sync in the pdflush queue, it won't
+ * find any dquots and return without doing anything */
+ del_timer_sync(&oinfo->d...
2008 Dec 22
56
[git patches] Ocfs2 patches for merge window, batch 2/3
Hi,
This is the second batch of Ocfs2 patches intended for the merge window. The
1st batch were sent out previously:
http://lkml.org/lkml/2008/12/19/280
The bulk of this set is comprised of Jan Kara's patches to add quota support
to Ocfs2. Many of the quota patches are to generic code, which I carried to
make merging of the Ocfs2 support easier. All of the non-ocfs2 patches
should have