Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp19629326rwd; Wed, 28 Jun 2023 11:51:45 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6VHVK6WeDH+a7NfS26DLlUhYFsGH73GMFsWkJMBbjgPUCGTvB1Sxelb8IhA4xjx10G2nj8 X-Received: by 2002:a17:90b:291:b0:262:ec04:4ff7 with SMTP id az17-20020a17090b029100b00262ec044ff7mr2763452pjb.16.1687978304977; Wed, 28 Jun 2023 11:51:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687978304; cv=none; d=google.com; s=arc-20160816; b=fW+ajLnQ3u6x4VmaEetXcNeIwUeOA9zJVMKOiKuMyPM93RAwWRYmhytpU1cklRy/Sr 65MJiMAw+aAIRjQb6fu9BxVE3pkKx2MEWY9nSx0zcSaeb0EsDHPkqg1Jo8nIU1knaWBg Y1GoMvdyVJRs53Fje2J1I2vGm+WROELRxTVl7DTBup7NXE/DakPcvgZ/Wv3AGsU7sy8u 8JsP6UQ2JGheOMw7FkE9rzviDoLpzecIENIJBDWZvCk4CItp7GHZE25eXzNIkjlkbpNI N6yLjg4HKLCNoEsFSvkBNeb8T7ULCEfpENAbJCTGHZKv1uEMgOnVbxGXXQiehvSS1GMw LWqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=JJ8A5RWcyl1scz/K2Ger4aToKVFg8VkiR1tPU5FsSag=; fh=tH3gwMBfzZz2MfnIny4srnXBKrGPSZAYz6/godc8+FY=; b=0Yp5Lhx2oWiqUWX1NgkKmKwuxA2Il9pJwksld+9Bc30GW1Yk6vZYnV+xk2twsXQSgI M6o1sG2XFAmVgMZRfyH517WUfMBJxw4L+lcW8S625caJhF692TvR5M/tJ0msSl4UOwxb 277+z2eWyk3ePVjG1pAV9vIt/+MNzSPfHI+ITB0Rpt6X83OO3wQZxkl18BAkJ0lBO+7Y GNM06ZWjd13z42FSA7TLUa8iGv0/FOhAfpDiqIQnYmJUbE3RjlmSF3lomUoavvcMijq5 BBhmgM28bymXUaWWHfE8aqqu4zlwmwh2iuu7IDeJDJ1TCaqScD4Q5k0GQnkI4PPq9DMh JR0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kroah.com header.s=fm2 header.b=K7QDnX6d; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=TTVpZcTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w10-20020a17090a8a0a00b0025beeac6c98si9536621pjn.107.2023.06.28.11.51.31; Wed, 28 Jun 2023 11:51:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kroah.com header.s=fm2 header.b=K7QDnX6d; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=TTVpZcTb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231854AbjF1Sbq (ORCPT + 99 others); Wed, 28 Jun 2023 14:31:46 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:48453 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229941AbjF1Sbn (ORCPT ); Wed, 28 Jun 2023 14:31:43 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2B1F95C01EB; Wed, 28 Jun 2023 14:31:43 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 28 Jun 2023 14:31:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1687977103; x=1688063503; bh=JJ 8A5RWcyl1scz/K2Ger4aToKVFg8VkiR1tPU5FsSag=; b=K7QDnX6dKijyHALqGc DvstsLWTSqQV9gURPBfEaNdcw2EWzmjfedeBSQ/4MAs/v6zSufsbeEeS1Zob9mWK CTArJ4YZuHSiA0s1v6UknulKU1+xVSldYmt83rexOnHVclZd4QRZv2gtv8V5gals +D2BHMvulIyj18H6nLs7AoLcBWvzbViLTnzdFapEr3vo8sCIJpzjdWi8rSz+iq0Y zO/U9GI+T7cgDx94MuhHH2xwZ2l9D8YwXVNYO06wiO1NkQZPj8lwq+dhTl9MBC6w rcZhiAtERmQfNUMb6STFxNfGL5A3Hy3mrfDxzupVuA0A4QW/Km+yzJ0qAet7DJUC 2cpw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1687977103; x=1688063503; bh=JJ8A5RWcyl1sc z/K2Ger4aToKVFg8VkiR1tPU5FsSag=; b=TTVpZcTbDJxcX/2LHybvbOl7QaXAg jhlBYrszR9zWNBy7B3l9YESBwjqrnnuP65wkXHvU2CQHHrikOuno8hKlaq6QIOpq kltjsLDiIhNEJFHvWJDJP9EvjybOxL3YG0ZACihT0nq5cdbqYZx8cQTkpDlePUB4 sym+csiB81qVgM2N1LVBmUStDbrQh/Mi1J9n3syJZYXU/JHa3uHfwm+N1IZx5fnS vufbmbkY7MlXDhu0I3u+tdI5LGnWzIJarbIYlNwClSQOC0hZyTLlSytb6stbJT0N K2ZWORsrcI8cQpO7qA8BtbrLtXh9yAXCR4Ltx5aavo7QBv8MLpheCKzUw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddvgdduvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepifhrvghg ucfmjfcuoehgrhgvgheskhhrohgrhhdrtghomheqnecuggftrfgrthhtvghrnhepheegvd evvdeljeeugfdtudduhfekledtiefhveejkeejuefhtdeufefhgfehkeetnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorg hhrdgtohhm X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 28 Jun 2023 14:31:42 -0400 (EDT) Date: Wed, 28 Jun 2023 20:31:40 +0200 From: Greg KH To: Dragos-Marian Panait Cc: stable@vger.kernel.org, Yang Lan , Bob Peterson , Andreas Gruenbacher , cluster-devel@redhat.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH 5.4] gfs2: Don't deref jdesc in evict Message-ID: <2023062832-snuggle-casino-7f9e@gregkh> References: <20230628133052.1796173-1-dragos.panait@windriver.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230628133052.1796173-1-dragos.panait@windriver.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 28, 2023 at 04:30:52PM +0300, Dragos-Marian Panait wrote: > From: Bob Peterson > > [ Upstream commit 504a10d9e46bc37b23d0a1ae2f28973c8516e636 ] > > On corrupt gfs2 file systems the evict code can try to reference the > journal descriptor structure, jdesc, after it has been freed and set to > NULL. The sequence of events is: > > init_journal() > ... > fail_jindex: > gfs2_jindex_free(sdp); <------frees journals, sets jdesc = NULL > if (gfs2_holder_initialized(&ji_gh)) > gfs2_glock_dq_uninit(&ji_gh); > fail: > iput(sdp->sd_jindex); <--references jdesc in evict_linked_inode > evict() > gfs2_evict_inode() > evict_linked_inode() > ret = gfs2_trans_begin(sdp, 0, sdp->sd_jdesc->jd_blocks); > <------references the now freed/zeroed sd_jdesc pointer. > > The call to gfs2_trans_begin is done because the truncate_inode_pages > call can cause gfs2 events that require a transaction, such as removing > journaled data (jdata) blocks from the journal. > > This patch fixes the problem by adding a check for sdp->sd_jdesc to > function gfs2_evict_inode. In theory, this should only happen to corrupt > gfs2 file systems, when gfs2 detects the problem, reports it, then tries > to evict all the system inodes it has read in up to that point. > > Reported-by: Yang Lan > Signed-off-by: Bob Peterson > Signed-off-by: Andreas Gruenbacher > [DP: adjusted context] > Signed-off-by: Dragos-Marian Panait > --- > fs/gfs2/super.c | 8 ++++++++ > 1 file changed, 8 insertions(+) All now queued up, thanks. greg k-h