| Message ID | 20241008201811.72174-1-massimiliano.pellizzer@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-42079 | expand |
Acked-by: Ivan Hu <ivan.hu@canonical.com> On 10/9/24 04:18, Massimiliano Pellizzer wrote: > [Impact] > > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush > lock to provide exclusion against gfs2_log_flush(). > > In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before > dereferencing it. Otherwise, we could run into a NULL pointer > dereference when outstanding glock work races with an unmount > (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> > gfs2_log_flush). > > [Fix] > > Noble: Fixed > Jammy: Backported from linux-6.6.y > Focal: Not affected > Bionic: Not affected > Xenial: Not affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > The fix affects the GFS2 filesystem. Ans issue with this fix may lead to > kernel crashes. Users may also notice file system inconsistencies > potentially leading to incomplete or corrupted data writes. These issues > may present themselves particularly when multiple nodes are concurrently > accessing the same resource in the filesystem. > > Andreas Gruenbacher (1): > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > fs/gfs2/log.c | 3 ++- > fs/gfs2/super.c | 4 ++++ > 2 files changed, 6 insertions(+), 1 deletion(-) >
Acked-by: Guoqing Jiang <guoqing.jiang@canonical.com> On 10/9/24 04:18, Massimiliano Pellizzer wrote: > [Impact] > > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush > lock to provide exclusion against gfs2_log_flush(). > > In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before > dereferencing it. Otherwise, we could run into a NULL pointer > dereference when outstanding glock work races with an unmount > (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> > gfs2_log_flush). > > [Fix] > > Noble: Fixed > Jammy: Backported from linux-6.6.y > Focal: Not affected > Bionic: Not affected > Xenial: Not affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > The fix affects the GFS2 filesystem. Ans issue with this fix may lead to > kernel crashes. Users may also notice file system inconsistencies > potentially leading to incomplete or corrupted data writes. These issues > may present themselves particularly when multiple nodes are concurrently > accessing the same resource in the filesystem. > > Andreas Gruenbacher (1): > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > fs/gfs2/log.c | 3 ++- > fs/gfs2/super.c | 4 ++++ > 2 files changed, 6 insertions(+), 1 deletion(-) >
On 08.10.24 22:18, Massimiliano Pellizzer wrote: > [Impact] > > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush > lock to provide exclusion against gfs2_log_flush(). > > In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before > dereferencing it. Otherwise, we could run into a NULL pointer > dereference when outstanding glock work races with an unmount > (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> > gfs2_log_flush). > > [Fix] > > Noble: Fixed > Jammy: Backported from linux-6.6.y > Focal: Not affected > Bionic: Not affected > Xenial: Not affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > The fix affects the GFS2 filesystem. Ans issue with this fix may lead to > kernel crashes. Users may also notice file system inconsistencies > potentially leading to incomplete or corrupted data writes. These issues > may present themselves particularly when multiple nodes are concurrently > accessing the same resource in the filesystem. > > Andreas Gruenbacher (1): > gfs2: Fix NULL pointer dereference in gfs2_log_flush > > fs/gfs2/log.c | 3 ++- > fs/gfs2/super.c | 4 ++++ > 2 files changed, 6 insertions(+), 1 deletion(-) > Applied to jammy:linux/master-next. Thanks. -Stefan