From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35FF31FAC5C for ; Fri, 3 Jan 2025 15:30:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.9.28.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735918252; cv=none; b=OJTLbjziBugv6ZTE0G8+SbjPNzv2X2xnELWdNR8dV1NeWRfdSHdUSluvxavl8YQnGa7i9tULcf5sl50wz5hDP6uSUPIGja4xoqBUjAGhrsL4SoxO4V99lN2wbUpFHkDR+FHAbqFFjRJz2cFbgKKfLluJbw4dMK8UeDqlACTSIMM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735918252; c=relaxed/simple; bh=I3dDZvdqOHI9Ad+UdhLKSRhj/wArXqRchm3jzly6xHQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AceGqCGj/GRU8ZddUbNphI6fPyt+b5PqSsWHyKfLa9E2Dub45DRzZESV5N4CsZhOTuk98zIZL4rSq+hVVZ/yA+UoFxoFiKJraS9Bp0Ju6C9ndrYwVF7gNJqYe1mPTKEO3gFgG6cz4OnSRkp/47dCsXjT9jGH9jqaSoZWHg+G1t4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu; spf=pass smtp.mailfrom=mit.edu; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b=IfUQa1wA; arc=none smtp.client-ip=18.9.28.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="IfUQa1wA" Received: from cwcc.thunk.org (pool-173-48-117-149.bstnma.fios.verizon.net [173.48.117.149]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 503FRJUZ012125 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 3 Jan 2025 10:27:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1735918041; bh=rsKR8Dt/DfI2RHkaQmQy5cw7HE2KCBG8yTXmkyh/VUE=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=IfUQa1wA6znurzTPFAyBdGHsUTnlmC5/rH+ifMbwVY2OiG4kSs/q7OUxrQUZErbyE 1TSm0/Laszti22JC+lW5sZoYIV0nDwO4A0jes6FDVqgJ5tx8D6yPmMiLWgolYm9Rtg 3tWBgUWgDHn7G67lYXweH9wwJnA538opK6PE/pxBcSeTVyHT3vfShlBfjT9RP2gIkA YvyT/kpOWUR8PJ0DHiJT6/qXi+f9voL0q5kmBVjbxMK0rxSh07vOnisiGoAZzG4hGq BqqyR4DEi+JlxuhiVJIUKfO7uD1nCBJ+Uqc//++3DF3yJVqC87G3dKvtgO1SVEWucw I1CIwAy58r3ww== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 0535615C0113; Fri, 03 Jan 2025 10:27:19 -0500 (EST) Date: Fri, 3 Jan 2025 10:27:18 -0500 From: "Theodore Ts'o" To: cheung wall Cc: Andreas Dilger , linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: "possible deadlock in corrupted" in Linux kernel version 5.15.169 Message-ID: <20250103152718.GA1284777@mit.edu> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Fri, Jan 03, 2025 at 03:37:31PM +0800, cheung wall wrote: > Hello, > > I am writing to report a potential vulnerability identified in the > Linux Kernel version 5.15.169. This issue was discovered using our > custom vulnerability discovery tool. Do you have a reproducer? If I had to guess, this was caused by a maliciously fuzzed file system where the quota file was placed on the orphaned file list. We have checks for the more modern quota file support (see the checks for EXT4_IGET_SPECIAL in fs/ext4/inode.c's __ext4_iget() function), even for antedeluvian kernel versions such as 5.15, however so that's not it. In any case, with a crazy old kernel version, and no reproducer, it's not something we're likely to waste any time on. - Ted