Re: [PATCH 6.1.96] gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Cc: rpeterso@redhat.com, agruenba@redhat.com,
	cluster-devel@redhat.com, stable@vger.kernel.org
Subject: Re: [PATCH 6.1.96] gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
Date: Sat, 29 Jun 2024 10:10:51 +0200	[thread overview]
Message-ID: <2024062953-problem-truth-ce3c@gregkh> (raw)
In-Reply-To: <54398cb8-92e0-4ed2-8691-38f6d48efc9a@gmail.com>

On Fri, Jun 28, 2024 at 12:07:52PM -0600, Clayton Casciato wrote:
> [ Upstream commit bdcb8aa434c6d36b5c215d02a9ef07551be25a37 ]
> 
> In gfs2_put_super(), whether withdrawn or not, the quota should
> be cleaned up by gfs2_quota_cleanup().
> 
> Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu
> callback) has run for all gfs2_quota_data objects, resulting in
> use-after-free.
> 
> Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called
> by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling
> gfs2_make_fs_ro(), there is no need to call them again.
> 
> The origin of a cherry-pick conflict is the (relevant) code block added in
> commit f66af88e3321 ("gfs2: Stop using gfs2_make_fs_ro for withdraw")
> 
> There are no references to gfs2_withdrawn() nor gfs2_destroy_threads() in
> gfs2_put_super(), so we can simply call gfs2_quota_cleanup() in a new else
> block as bdcb8aa434c6 achieves.
> 
> Else braces were used for consistency with the if block.
> 
> Sponsor: 21SoftWare LLC

That's not a valid tag for kernel commits, sorry.

> Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>

What happened to the original authorship information, and all of the
other signed-off-by that were on the original commit?  YOu can not just
delete them, would you want someone doing that to a patch you
contributed?

as-is, we can't take this, please fix up.

thanks,

greg k-h

next prev parent reply	other threads:[~2024-06-29  8:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-28 18:07 [PATCH 6.1.96] gfs2: Fix slab-use-after-free in gfs2_qd_dealloc Clayton Casciato
2024-06-29  8:10 ` Greg KH [this message]
2024-07-01 21:30   ` Clayton Casciato

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2024062953-problem-truth-ce3c@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=agruenba@redhat.com \
    --cc=cluster-devel@redhat.com \
    --cc=majortomtosourcecontrol@gmail.com \
    --cc=rpeterso@redhat.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.