Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp822161pxb; Tue, 3 Nov 2020 13:31:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJwVZYWYuYVu0Y66bULo+806vVwt3DkLRXO/MtKqJla62uiRuAMlTVG94LUm1Y9erDxwWKBe X-Received: by 2002:a50:8ada:: with SMTP id k26mr23715659edk.281.1604439106641; Tue, 03 Nov 2020 13:31:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604439106; cv=none; d=google.com; s=arc-20160816; b=VOVrpFFx2pcZuuS7Fa4uwsN7RAefRw9ooNi35x0vb/jBeEt6NxqjRI5f9pWrd5Ilhn 4d70Tc5HrcgOk4qBvwFLRuPPV+wMT+trLi6S1UTg7PYV/YBlxrV3t7UmqpKCuGH1HrFi QieN+eGrTyxYlm1sgMXTjHbi9cXMI3aJ/6NaCFXzM5igh56Kc1X+VH+Jx/H+BUM32QXQ piU3r0L1VHZHLchkE5DeKrIxeBjcFN1uoTgw9V0FLCAy/ZKaGWawE5vvvRwqyyR8daDc uDWvKP5kvugiw9RLQLigSJUOhVxg0oU2AkstYeirYjTbj2C9Tdvqoghno9lKTkWn4IX2 ODmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jIYMWYcxDGGkSYFTgz7gBuFOTj0dPylW79X3G1yjK44=; b=KfuL4/28WCPZstV7zxlaHea3zE+yrO1QvyHrCoBdkksdhie/Q06pHHMCr1GDUCaGWO v45Qi0nwMmO4h9BDj3MRtv9LXvcOe3GMhML8TyRvcc9A3usWpDFJh4BH0BMjXRaHaAFE /cKaUudbz3srmvhlcyGPBKVTeXzri99ZKYffWk1mFudLQV2ri9VP9KS/xyjHLIR1dT0Y 0LyKU49P8K5LnCBYhoSQweSt9ghX3gr47Rz/4LOWr0hq+1WV/0ylJ/zg4j8AVoClFG3y nPmwT2K3qDGTwX0fNMWAO0DIDE7hZ29O84uPGtwjHMJUi1Jrz4pC0ZOPOf1CueIEDaym Qn3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZlEYI0Jo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bt10si14827561edb.503.2020.11.03.13.31.23; Tue, 03 Nov 2020 13:31:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZlEYI0Jo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387899AbgKCV1z (ORCPT + 99 others); Tue, 3 Nov 2020 16:27:55 -0500 Received: from mail.kernel.org ([198.145.29.99]:36398 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733248AbgKCVAc (ORCPT ); Tue, 3 Nov 2020 16:00:32 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C22A2223AC; Tue, 3 Nov 2020 21:00:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604437232; bh=NavFW0Ox8lxbu+L5f9MBEaVtZF5CMq6KSGLv8Y5GzUQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZlEYI0JouIfH2CaFXK/IAi8+I7JA+Zc4xw6nvj1iO/AeiwEP5TSUbFgHNnctTw09d GfgVn2YGDUvB8g+fQPKLLG5iwblwVsYJOR1mwQhZCANJE4bfMQLk/x5X4hO2++zdHA hS3cUN0Ax6Yv0V6Wat8OPEoXzU/YNVkJk5vFGcpc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Constantine Sapuntzakis , Jan Kara , Theodore Tso Subject: [PATCH 5.4 195/214] ext4: fix superblock checksum calculation race Date: Tue, 3 Nov 2020 21:37:23 +0100 Message-Id: <20201103203308.925079731@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201103203249.448706377@linuxfoundation.org> References: <20201103203249.448706377@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Constantine Sapuntzakis commit acaa532687cdc3a03757defafece9c27aa667546 upstream. The race condition could cause the persisted superblock checksum to not match the contents of the superblock, causing the superblock to be considered corrupt. An example of the race follows. A first thread is interrupted in the middle of a checksum calculation. Then, another thread changes the superblock, calculates a new checksum, and sets it. Then, the first thread resumes and sets the checksum based on the older superblock. To fix, serialize the superblock checksum calculation using the buffer header lock. While a spinlock is sufficient, the buffer header is already there and there is precedent for locking it (e.g. in ext4_commit_super). Tested the patch by booting up a kernel with the patch, creating a filesystem and some files (including some orphans), and then unmounting and remounting the file system. Cc: stable@kernel.org Signed-off-by: Constantine Sapuntzakis Reviewed-by: Jan Kara Suggested-by: Jan Kara Link: https://lore.kernel.org/r/20200914161014.22275-1-costa@purestorage.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/super.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -201,7 +201,18 @@ void ext4_superblock_csum_set(struct sup if (!ext4_has_metadata_csum(sb)) return; + /* + * Locking the superblock prevents the scenario + * where: + * 1) a first thread pauses during checksum calculation. + * 2) a second thread updates the superblock, recalculates + * the checksum, and updates s_checksum + * 3) the first thread resumes and finishes its checksum calculation + * and updates s_checksum with a potentially stale or torn value. + */ + lock_buffer(EXT4_SB(sb)->s_sbh); es->s_checksum = ext4_superblock_csum(sb, es); + unlock_buffer(EXT4_SB(sb)->s_sbh); } void *ext4_kvmalloc(size_t size, gfp_t flags)