diff options
author | Theodore Ts'o <tytso@mit.edu> | 2018-06-16 20:21:45 -0400 |
---|---|---|
committer | Todd Kjos <tkjos@google.com> | 2019-02-28 16:20:39 -0800 |
commit | c1ad191aba6e85b0a8c9727e25f842598e19c2fc (patch) | |
tree | 2708ebb4554d0dbe6f834a85fdbae64a07fd24e9 | |
parent | 56d9897f87ab3da291c393d975af0bb6ecdbaa75 (diff) | |
download | goldfish-c1ad191aba6e85b0a8c9727e25f842598e19c2fc.tar.gz |
jbd2: don't mark block as modified if the handle is out of credits
commit e09463f220ca9a1a1ecfda84fcda658f99a1f12a upstream.
Do not set the b_modified flag in block's journal head should not
until after we're sure that jbd2_journal_dirty_metadat() will not
abort with an error due to there not being enough space reserved in
the jbd2 handle.
Otherwise, future attempts to modify the buffer may lead a large
number of spurious errors and warnings.
This addresses CVE-2018-10883.
https://bugzilla.kernel.org/show_bug.cgi?id=200071
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
[bwh: Backported to 3.16: Drop the added logging statement, as it's on
a code path that doesn't exist here]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | fs/jbd2/transaction.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index 2abbb2babcae..2d5548449529 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -1282,11 +1282,11 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) * of the transaction. This needs to be done * once a transaction -bzzz */ - jh->b_modified = 1; if (handle->h_buffer_credits <= 0) { ret = -ENOSPC; goto out_unlock_bh; } + jh->b_modified = 1; handle->h_buffer_credits--; } |