git.baikalelectronics.ru Git - kernel.git/commit

author	Suraj Jitindar Singh <surajjs@amazon.com>
	Wed, 19 Feb 2020 03:08:51 +0000 (19:08 -0800)
committer	Theodore Ts'o <tytso@mit.edu>
	Sat, 22 Feb 2020 00:31:46 +0000 (19:31 -0500)
commit	c85c4b7d397ec6c533c08a275ace4699a36a6228
tree	73fcf3b46fb35781ab76a4c8fb84be7f70f87c96	tree \| snapshot
parent	ef68afa3be2dadd94b7ce68fba424e4b3c5a1e01	commit \| diff

ext4: fix potential race between s_flex_groups online resizing and access

During an online resize an array of s_flex_groups structures gets replaced
so it can get enlarged. If there is a concurrent access to the array and
this memory has been reused then this can lead to an invalid memory access.

The s_flex_group array has been converted into an array of pointers rather
than an array of structures. This is to ensure that the information
contained in the structures cannot get out of sync during a resize due to
an accessor updating the value in the old structure after it has been
copied but before the array pointer is updated. Since the structures them-
selves are no longer copied but only the pointers to them this case is
mitigated.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443
Link: https://lore.kernel.org/r/20200221053458.730016-4-tytso@mit.edu
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org

fs/ext4/ext4.h		diff \| blob \| history
fs/ext4/ialloc.c		diff \| blob \| history
fs/ext4/mballoc.c		diff \| blob \| history
fs/ext4/resize.c		diff \| blob \| history
fs/ext4/super.c		diff \| blob \| history