ext4: refuse to create ea block when umounted

commit f31173c19901a96bb2ebf6bcfec8a08df7095c91 upstream.

The ea block expansion need to access s_root while it is
already set as NULL when umount is triggered. Refuse this
request to avoid panic.

Reported-by: syzbot+2dacb8f015bf1420155f@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d08
Link: https://lore.kernel.org/r/20230103014517.495275-3-jun.nie@linaro.org
Cc: stable@kernel.org
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 107b208..099a87e 100644 (file)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1422,6 +1422,13 @@ static struct inode *ext4_xattr_inode_create(handle_t *handle,
        uid_t owner[2] = { i_uid_read(inode), i_gid_read(inode) };
        int err;
 
+       if (inode->i_sb->s_root == NULL) {
+               ext4_warning(inode->i_sb,
+                            "refuse to create EA inode when umounting");
+               WARN_ON(1);
+               return ERR_PTR(-EINVAL);
+       }
+
        /*
         * Let the next inode be the goal, so we try and allocate the EA inode
         * in the same group, or nearby one.