ext4: fix potential race between online resizing and write operations
authorTheodore Ts'o <tytso@mit.edu>
Sat, 15 Feb 2020 21:40:37 +0000 (16:40 -0500)
committerTheodore Ts'o <tytso@mit.edu>
Fri, 21 Feb 2020 05:37:09 +0000 (00:37 -0500)
commit1d0c3924a92e69bfa91163bda83c12a994b4d106
treec8bdc41a140f8ef4f01d6b1b7f4bd7c86b3edecc
parent9424ef56e13a1f14c57ea161eed3ecfdc7b2770e
ext4: fix potential race between online resizing and write operations

During an online resize an array of pointers to buffer heads gets
replaced so it can get enlarged.  If there is a racing block
allocation or deallocation which uses the old array, and the old array
has gotten reused this can lead to a GPF or some other random kernel
memory getting modified.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@mit.edu
Reported-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
fs/ext4/balloc.c
fs/ext4/ext4.h
fs/ext4/resize.c
fs/ext4/super.c