review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Theodore Ts'o <tytso@mit.edu>
	Sat, 15 Feb 2020 21:40:37 +0000 (16:40 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 28 Feb 2020 15:38:57 +0000 (16:38 +0100)
commit	cc9948abe47b01cd32db81829b26007a4414be9f
tree	5a752c83218bbcc84766f78b9bef2e40e47b96bd	tree \| snapshot
parent	38884609b8b5282397f5f354ad2b098a13f57145	commit \| diff

ext4: fix potential race between online resizing and write operations

commit 1d0c3924a92e69bfa91163bda83c12a994b4d106 upstream.

During an online resize an array of pointers to buffer heads gets
replaced so it can get enlarged. If there is a racing block
allocation or deallocation which uses the old array, and the old array
has gotten reused this can lead to a GPF or some other random kernel
memory getting modified.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@mit.edu
Reported-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/ext4/balloc.c		diff \| blob \| history
fs/ext4/ext4.h		diff \| blob \| history
fs/ext4/resize.c		diff \| blob \| history
fs/ext4/super.c		diff \| blob \| history