linux-stable

mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-14 11:19:08 +10:00

History

Edward Adam Davis f4a917e6cd ocfs2: prevent release journal inode after journal shutdown commit `f46e8ef8bb` upstream. Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path. Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.com Fixes: `da5e7c8782` ("ocfs2: cleanup journal init and shutdown") Signed-off-by: Edward Adam Davis <eadavis@qq.com> Reported-by: syzbot+47d8cb2f2cc1517e515a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=47d8cb2f2cc1517e515a Tested-by: syzbot+47d8cb2f2cc1517e515a@syzkaller.appspotmail.com Reviewed-by: Mark Tinguely <mark.tinguely@oracle.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-09-09 18:58:16 +02:00
..
cluster
dlm
dlmfs
acl.c
acl.h
alloc.c	ocfs2: validate l_tree_depth to avoid out-of-bounds access	2025-04-10 14:39:24 +02:00
alloc.h
aops.c
aops.h
blockcheck.c
blockcheck.h
buffer_head_io.c
buffer_head_io.h
dcache.c
dcache.h
dir.c	ocfs2: check dir i_size in ocfs2_find_entry	2025-02-17 10:05:48 +01:00
dir.h
dlmglue.c	ocfs2: update seq_file index in ocfs2_dlm_seq_next	2024-12-14 20:03:31 +01:00
dlmglue.h
export.c
export.h
extent_map.c
extent_map.h
file.c
file.h
filecheck.c
filecheck.h
heartbeat.c
heartbeat.h
inode.c	ocfs2: prevent release journal inode after journal shutdown	2025-09-09 18:58:16 +02:00
inode.h
ioctl.c
ioctl.h
journal.c	fs/ocfs2: use sleeping version of __find_get_block()	2025-05-29 11:02:00 +02:00
journal.h	ocfs2: stop quota recovery before disabling quotas	2025-05-18 08:24:54 +02:00
Kconfig
localalloc.c	ocfs2: fix the space leak in LA when releasing LA	2024-12-27 14:02:18 +01:00
localalloc.h
locks.c
locks.h
Makefile
mmap.c
mmap.h
move_extents.c
move_extents.h
namei.c
namei.h
ocfs1_fs_compat.h
ocfs2_fs.h
ocfs2_ioctl.h
ocfs2_lockid.h
ocfs2_lockingver.h
ocfs2_trace.h
ocfs2.h	ocfs2: stop quota recovery before disabling quotas	2025-05-18 08:24:54 +02:00
quota_global.c	ocfs2: mark dquot as inactive if failed to start trans while releasing dquot	2025-02-08 09:57:58 +01:00
quota_local.c	ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery	2025-06-19 15:32:01 +02:00
quota.h
refcounttree.c
refcounttree.h
reservations.c
reservations.h
resize.c
resize.h
slot_map.c
slot_map.h
stack_o2cb.c
stack_user.c
stackglue.c
stackglue.h
suballoc.c	ocfs2: fix the issue with discontiguous allocation in the global_bitmap	2025-05-18 08:24:54 +02:00
suballoc.h	ocfs2: fix the issue with discontiguous allocation in the global_bitmap	2025-05-18 08:24:54 +02:00
super.c	ocfs2: stop quota recovery before disabling quotas	2025-05-18 08:24:54 +02:00
super.h
symlink.c	ocfs2: handle a symlink read error correctly	2025-02-17 10:05:39 +01:00
symlink.h
sysfile.c
sysfile.h
uptodate.c
uptodate.h
xattr.c
xattr.h