From patchwork Thu Oct 17 06:26:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 1998396 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XTdDB32fzz1xvX for ; Thu, 17 Oct 2024 17:27:21 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t1JyV-0001Gn-5I; Thu, 17 Oct 2024 06:27:07 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t1JyP-0001GG-Qm for kernel-team@lists.ubuntu.com; Thu, 17 Oct 2024 06:27:01 +0000 Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 84CCA3F458 for ; Thu, 17 Oct 2024 06:27:01 +0000 (UTC) Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-37d589138a9so281034f8f.1 for ; Wed, 16 Oct 2024 23:27:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729146421; x=1729751221; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9pWuQyjsXhLWwFXKBdE+8LRrL2Iu9HqFP9aCLeTFEmo=; b=t+3bsJIaMc8yiWG674Q+BdzA7pc/fJCkWDixK5Gr70w3KDYMncWuFpZHlD0iWDxFzZ fqHc/Esk7+2AIn8urroPUOMPBXbq/6r0DHGIwLKoPzX/rAQTTIZaVx6gzuTCJZi8gsEE w2iHf1xwZZ+ncV+VlxXEFJUhkweBHiqsWez7yzPeb+zaETuaxIAcDPQahyJI/LypSnGJ Z7qjVpemA/dwHVGM9zlNkl3oFfnHt9JoY/f4kPSuO1y0/YEr6FpqHDR9U2yz9ukbuCfv DvJIJ9No7kFv5QZNGFaK6pvG2qGJFKUWaVnW/DQuz79q/aye8OGi2ZjphJEPAjy7l8SE VkeA== X-Gm-Message-State: AOJu0YyXvItXH8atCvuF/nZyzX04ZKdfeszqxAWwLhXYWGUlrb6jlUMD WGY3GiydMa+Fe5iam+eQJkDm94aEyJxQYSDnKJUVcKnddWlPGDJeXGMOU743ntcO1x02ZfedL1Z GZsQ/dLLgwIezTtt0P0p274LYn4OJBx+RxJrPKrJ88tDuPxMdiUrpAnaeq0ZcMgT275ahGqwG30 aoE/X56ZX3GQ== X-Received: by 2002:a5d:5192:0:b0:37d:5496:290c with SMTP id ffacd0b85a97d-37d86bb6740mr3697623f8f.7.1729146420798; Wed, 16 Oct 2024 23:27:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGeZQ58iYc8YzNqZ8eUiJ7bw+853GEk2noNVa5HKhDukACu6HEYdzkP4lt9Ump9kyjdXhX1Gg== X-Received: by 2002:a5d:5192:0:b0:37d:5496:290c with SMTP id ffacd0b85a97d-37d86bb6740mr3697613f8f.7.1729146420314; Wed, 16 Oct 2024 23:27:00 -0700 (PDT) Received: from localhost.localdomain (net-93-66-99-170.cust.vodafonedsl.it. [93.66.99.170]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d7fa7a09dsm6268229f8f.23.2024.10.16.23.26.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 23:26:59 -0700 (PDT) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH v2 0/1] CVE-2024-42077 Date: Thu, 17 Oct 2024 08:26:48 +0200 Message-ID: <20241017062649.10459-1-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). [Fix] Noble: Fixed Jammy: Fixed Focal: Backported from linux-5.10.y Bionic: Sent to ESM ML Xenial: Not affected [Test Case] Compile tested only. [Where problems could occur] The fix affects the OCFS2 file system. An issue with this fix may lead to kernel crashes, particularly when performing file operations on OCFS2 file system. Users may also notice unexpected file system behavior, such as I/O errors or unresponsive file access, especially during large I/O operations or under heavy load. Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits fs/ocfs2/aops.c | 5 +++++ fs/ocfs2/journal.c | 17 +++++++++++++++++ fs/ocfs2/journal.h | 2 ++ fs/ocfs2/ocfs2_trace.h | 2 ++ 4 files changed, 26 insertions(+) Acked-by: Manuel Diewald