mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
synced 2025-11-01 02:12:27 +10:00
782e53d0c1
In a syzbot stress test that deliberately causes file system errors on nilfs2 with a corrupted disk image, it has been reported that nilfs_clear_dirty_page() called from nilfs_clear_dirty_pages() can cause a general protection fault. In nilfs_clear_dirty_pages(), when looking up dirty pages from the page cache and calling nilfs_clear_dirty_page() for each dirty page/folio retrieved, the back reference from the argument page to "mapping" may have been changed to NULL (and possibly others). It is necessary to check this after locking the page/folio. So, fix this issue by not calling nilfs_clear_dirty_page() on a page/folio after locking it in nilfs_clear_dirty_pages() if the back reference "mapping" from the page/folio is different from the "mapping" that held the page/folio just before. Link: https://lkml.kernel.org/r/20230612021456.3682-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Reported-by: syzbot+53369d11851d8f26735c@syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/000000000000da4f6b05eb9bf593@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| alloc.c | ||
| alloc.h | ||
| bmap.c | ||
| bmap.h | ||
| btnode.c | ||
| btnode.h | ||
| btree.c | ||
| btree.h | ||
| cpfile.c | ||
| cpfile.h | ||
| dat.c | ||
| dat.h | ||
| dir.c | ||
| direct.c | ||
| direct.h | ||
| export.h | ||
| file.c | ||
| gcinode.c | ||
| ifile.c | ||
| ifile.h | ||
| inode.c | ||
| ioctl.c | ||
| Kconfig | ||
| Makefile | ||
| mdt.c | ||
| mdt.h | ||
| namei.c | ||
| nilfs.h | ||
| page.c | ||
| page.h | ||
| recovery.c | ||
| segbuf.c | ||
| segbuf.h | ||
| segment.c | ||
| segment.h | ||
| sufile.c | ||
| sufile.h | ||
| super.c | ||
| sysfs.c | ||
| sysfs.h | ||
| the_nilfs.c | ||
| the_nilfs.h | ||