Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fs: do not update freeing inode i_io_list
After commit cbfecb9 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE") writeback_single_inode can push inode with I_DIRTY_TIME set to b_dirty_time list. In case of freeing inode with I_DIRTY_TIME set this can happen after deletion of inode from i_io_list at evict. Stack trace is following. evict fat_evict_inode fat_truncate_blocks fat_flush_inodes writeback_inode sync_inode_metadata(inode, sync=0) writeback_single_inode(inode, wbc) <- wbc->sync_mode == WB_SYNC_NONE This will lead to use after free in flusher thread. Similar issue can be triggered if writeback_single_inode in the stack trace update inode->i_io_list. Add explicit check to avoid it. Fixes: cbfecb9 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE") Reported-by: [email protected] Reviewed-by: Jan Kara <[email protected]> Signed-off-by: Svyatoslav Feldsherov <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Theodore Ts'o <[email protected]>
- Loading branch information