Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp800435pxb; Tue, 3 Nov 2020 12:54:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJxwaQjMYPPs9mXvFYD0a6Fzk4Yj62gE77vH/bZNY5I1bwel9d1m0YI7SwTVXCeDeRyAVLLr X-Received: by 2002:a17:906:3bcf:: with SMTP id v15mr22870034ejf.244.1604436878040; Tue, 03 Nov 2020 12:54:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604436878; cv=none; d=google.com; s=arc-20160816; b=yWcqiiFKFMxk53wi4YzZKXpszLNQWSWbCTRtAYjfraQJdhPrRU3ANJtrlYY2HWjVbf aIazRLocF0PNDnd4MF0/uMw+UpeqIac5SsAKcnm5HBAvjVnO3J07Y3tBHUZ+CZpZwM5A h/CqcNRUI8dJjPX8ExudO18n6pK6zb90U5BfvbrZyGPu93mS7Ru5uzsV16MHEDLW+O1W 1cOmOgSr8aytpi/qLNrtT300QjqIoi4Npy/szlH3N/lwa2PpTB/f7D1ScUx04suUi1ux js5cAM/6o1qRXw4NhXFahTnYCL3pBbv09+TlbtiNbY3uFhEaBUAoOYwUixFYmEXiRzLi ELuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=I9EobUofyfpbH3SHTf9phise/Omd6hWHfzbKCSafQUc=; b=bX5rsOp5j3ORyLUQbS1nlBAxssxr1YETs8isGuJssNozTH155aupfBY+CM9Z8bH55D Fz7yYD5VzyOd24CCrj9fVJommM/ExCHghkkew7xE3EnNRgvYXd4XNei29+9NkOxP91OI WFw5Vo6YHNHikwg3xM13T1R5Qe+al52S32k74mzoQU7jE6d5t6H0mdNdoZq5jqcaFgRC 9DED0DYPLIT0Bp7dahpx/Q/mR04rNau/HGEkdZVbIRkO80ouBmrG2+W28pikoO3druxo QEdHawGvrt1AgSuS6/nmVdhmWUKBPWFH6dheCZqHvzmViuq7f3Cv5VfFgKr3bTTFUgiy 95lg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bR0GKshO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v24si13316918edq.0.2020.11.03.12.54.14; Tue, 03 Nov 2020 12:54:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bR0GKshO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731439AbgKCUve (ORCPT + 99 others); Tue, 3 Nov 2020 15:51:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:46820 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731974AbgKCUvd (ORCPT ); Tue, 3 Nov 2020 15:51:33 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0DC6E2071E; Tue, 3 Nov 2020 20:51:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604436692; bh=61khsE1TzuDOx5YXSlWjxBV41HDaFppGH788FB9Bx3c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bR0GKshO2geE/PmfyA5msqWY+4fy76SdQz8WhXNuPq7WXIIXWhuqTpgc276N33mhI KyP4mXIsD0rFde+gKW7sTNOJ0dR85LoqjULwBzFLgyUx/sYsXWQ0dRtBMfK6aVMxlV iszdFPo8ChuGgx3SyWJ9hUyDqZpiN44X6qh03FZE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Constantine Sapuntzakis , Jan Kara , Theodore Tso Subject: [PATCH 5.9 344/391] ext4: fix superblock checksum calculation race Date: Tue, 3 Nov 2020 21:36:35 +0100 Message-Id: <20201103203410.349940532@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201103203348.153465465@linuxfoundation.org> References: <20201103203348.153465465@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Constantine Sapuntzakis commit acaa532687cdc3a03757defafece9c27aa667546 upstream. The race condition could cause the persisted superblock checksum to not match the contents of the superblock, causing the superblock to be considered corrupt. An example of the race follows. A first thread is interrupted in the middle of a checksum calculation. Then, another thread changes the superblock, calculates a new checksum, and sets it. Then, the first thread resumes and sets the checksum based on the older superblock. To fix, serialize the superblock checksum calculation using the buffer header lock. While a spinlock is sufficient, the buffer header is already there and there is precedent for locking it (e.g. in ext4_commit_super). Tested the patch by booting up a kernel with the patch, creating a filesystem and some files (including some orphans), and then unmounting and remounting the file system. Cc: stable@kernel.org Signed-off-by: Constantine Sapuntzakis Reviewed-by: Jan Kara Suggested-by: Jan Kara Link: https://lore.kernel.org/r/20200914161014.22275-1-costa@purestorage.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/super.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -201,7 +201,18 @@ void ext4_superblock_csum_set(struct sup if (!ext4_has_metadata_csum(sb)) return; + /* + * Locking the superblock prevents the scenario + * where: + * 1) a first thread pauses during checksum calculation. + * 2) a second thread updates the superblock, recalculates + * the checksum, and updates s_checksum + * 3) the first thread resumes and finishes its checksum calculation + * and updates s_checksum with a potentially stale or torn value. + */ + lock_buffer(EXT4_SB(sb)->s_sbh); es->s_checksum = ext4_superblock_csum(sb, es); + unlock_buffer(EXT4_SB(sb)->s_sbh); } ext4_fsblk_t ext4_block_bitmap(struct super_block *sb,