Patch "ext4: fix possible use after free with metadata csum" has been added to the 3.7-stable tree

Mon, 14 Jan 2013 09:34:40 -0800 

This is a note to let you know that I've just added the patch titled

    ext4: fix possible use after free with metadata csum

to the 3.7-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-fix-possible-use-after-free-with-metadata-csum.patch
and it can be found in the queue-3.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From aeb1e5d69a5be592e86a926be73efb38c55af404 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <[email protected]>
Date: Thu, 29 Nov 2012 21:21:22 -0500
Subject: ext4: fix possible use after free with metadata csum

From: Theodore Ts'o <[email protected]>

commit aeb1e5d69a5be592e86a926be73efb38c55af404 upstream.

Commit fa77dcfafeaa introduces block bitmap checksum calculation into
ext4_new_inode() in the case that block group was uninitialized.
However we brelse() the bitmap buffer before we attempt to checksum it
so we have no guarantee that the buffer is still there.

Fix this by releasing the buffer after the possible checksum
computation.

Signed-off-by: Lukas Czerner <[email protected]>
Signed-off-by: "Theodore Ts'o" <[email protected]>
Acked-by: Darrick J. Wong <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 fs/ext4/ialloc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -762,7 +762,6 @@ got:
 
                BUFFER_TRACE(block_bitmap_bh, "dirty block bitmap");
                err = ext4_handle_dirty_metadata(handle, NULL, block_bitmap_bh);
-               brelse(block_bitmap_bh);
 
                /* recheck and clear flag under lock if we still need to */
                ext4_lock_group(sb, group);
@@ -775,6 +774,7 @@ got:
                        ext4_group_desc_csum_set(sb, group, gdp);
                }
                ext4_unlock_group(sb, group);
+               brelse(block_bitmap_bh);
 
                if (err)
                        goto fail;


Patches currently in stable-queue which might be from [email protected] are

queue-3.7/ext4-fix-memory-leak-in-ext4_xattr_set_acl-s-error-path.patch
queue-3.7/ext4-fix-possible-use-after-free-with-metadata-csum.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to