review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Theodore Ts'o <tytso@mit.edu>
	Sat, 15 Feb 2020 21:40:37 +0000 (16:40 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 28 Feb 2020 16:22:22 +0000 (17:22 +0100)
commit	bb43897de9b380a6366cb4fd636e9e0a4f04ec86
tree	c06b203b0a03f0cb05d086445f7f7b76d184dc91	tree \| snapshot
parent	ded8c21ac49cb2f90053e04791b1e05390d2af4f	commit \| diff

ext4: fix potential race between online resizing and write operations

commit 1d0c3924a92e69bfa91163bda83c12a994b4d106 upstream.

During an online resize an array of pointers to buffer heads gets
replaced so it can get enlarged. If there is a racing block
allocation or deallocation which uses the old array, and the old array
has gotten reused this can lead to a GPF or some other random kernel
memory getting modified.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@mit.edu
Reported-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/ext4/balloc.c		diff \| blob \| history
fs/ext4/ext4.h		diff \| blob \| history
fs/ext4/resize.c		diff \| blob \| history
fs/ext4/super.c		diff \| blob \| history