| Message ID | 20251231223008.3251711-18-sjg@u-boot.org |
|---|---|
| State | New |
| Headers |
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org> X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767220302; bh=OoOLEtPg9nRElHmGosGY1GWG4HA/OT0kOJqYnQO2MN4=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=rCvDTTceiXLsAGhuogbInfHyx1BJzKXh5PTvrnHHz3qYheBqbMQO0H4KWJTMSu6Af 3Fw2H7XugxaIaAugakAv+1251Pa7nzK5qIq6Pa/MfutZrTxlFsemNcIvXpMuHUpyRX zS8U/Oc8oSN409xuH6LNAe/YLzzCJiiQdIb3YVi54GvAD2zotzuru53aHkvMMI6P8x E33okSiqdDsQfi/JobKk2lzQqXufrdypnxDaF3pkS2kBJWAnJjdFCjD7Okd8Ghr9iV nHNQaPi9lSlo2EmbxNhldZvfRaIN+85r/wsIrP88In+dNFTnavNnVQUaEdwaaKPyjZ U/xRPPwodN4Sg== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 7372F68FE5 for <u-boot-concept@u-boot.org>; Wed, 31 Dec 2025 15:31:42 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id vK0zz3sy9cvT for <u-boot-concept@u-boot.org>; Wed, 31 Dec 2025 15:31:42 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767220302; bh=OoOLEtPg9nRElHmGosGY1GWG4HA/OT0kOJqYnQO2MN4=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=rCvDTTceiXLsAGhuogbInfHyx1BJzKXh5PTvrnHHz3qYheBqbMQO0H4KWJTMSu6Af 3Fw2H7XugxaIaAugakAv+1251Pa7nzK5qIq6Pa/MfutZrTxlFsemNcIvXpMuHUpyRX zS8U/Oc8oSN409xuH6LNAe/YLzzCJiiQdIb3YVi54GvAD2zotzuru53aHkvMMI6P8x E33okSiqdDsQfi/JobKk2lzQqXufrdypnxDaF3pkS2kBJWAnJjdFCjD7Okd8Ghr9iV nHNQaPi9lSlo2EmbxNhldZvfRaIN+85r/wsIrP88In+dNFTnavNnVQUaEdwaaKPyjZ U/xRPPwodN4Sg== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 60C9F68FE3 for <u-boot-concept@u-boot.org>; Wed, 31 Dec 2025 15:31:42 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767220300; bh=5KhIpuQUmswOxedCwSC1sgLqmAOVIoxoSjjlj8sOzoE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uALhrEfTz0/2A544a6CI9njiSIKohIk0VmV/KdPoDLDhwjghQDjpS5iTowOMeoyZv B8AAGzAUEQPn2IfayacT7mao5yyVqyU0WErSnkkCwaV97Sa6VqhA9uZkdMYvMu4v4X svkkL07H5vj28rLknvt56VgrH4Q28xE0zXxzFsjnrbHBClmkLle+Ix7fPDjU0ORuSB qytl+HW/W9moGX9T9nV8KkNuFoaq4R0DxQ0phgm8YLtnBZDNqF/kXn2/cpJeVUWE9K LPhH/Jn5rbUPSCXBkFIdK9MGsZ/Yr9l728NrU8NvUDqQqIR75lxaT3Xng878MYsFul G7yFrr5oU5/Fw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 4D56F68F61; Wed, 31 Dec 2025 15:31:40 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id TIc1TTI0_zFr; Wed, 31 Dec 2025 15:31:40 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767220295; bh=YGAZ+1mJJtgC3r6xCokqi8Wxn8H026ghdyl9G2jQtBE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TCghiHyaxe0Od2OMyTg0nDxlOjoFyD8WlBg5OqkvrNcLJ47OyTmX6yRH3ITmsPn10 /AoFA1nfE3VwL7oqxYJSUE9H3CvxAzGPtlUgIdc1APDWgruiVETyg1k6tITNifnswW 68pPebbtUq7lbpbUC3m/Vhopt7ztsSbYQ9JN0Jdhz7teBGTEa4NZuXpZLLNVrLBpa0 oRRu7g/epenmU2iw9IzbZL5RhwH+15Swljj/0BfFM7LCrlsyxpfLEDZ1YR5oWg9LKz mKiLUOIF+coJ9fuGyp/E3m8VRqPfmfhiFtahtLVm6Y7tui8Nco1vS8OXRS+0CGsEOl Vl99dDTahKxqg== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 871AD68FE3; Wed, 31 Dec 2025 15:31:35 -0700 (MST) From: Simon Glass <sjg@u-boot.org> To: U-Boot Concept <concept@u-boot.org> Date: Wed, 31 Dec 2025 15:29:50 -0700 Message-ID: <20251231223008.3251711-18-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251231223008.3251711-1-sjg@u-boot.org> References: <20251231223008.3251711-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: KBVGAHTJI6IEVAJPCLEUAPUZRKCA7TTT X-Message-ID-Hash: KBVGAHTJI6IEVAJPCLEUAPUZRKCA7TTT X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt <xypron.glpk@gmx.de>, Simon Glass <simon.glass@canonical.com>, Claude <noreply@anthropic.com> X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 17/26] ext4l: Prevent freeing buffer_heads with active journal_heads List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org> Archived-At: <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/KBVGAHTJI6IEVAJPCLEUAPUZRKCA7TTT/> List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/> List-Help: <mailto:concept-request@u-boot.org?subject=help> List-Owner: <mailto:concept-owner@u-boot.org> List-Post: <mailto:concept@u-boot.org> List-Subscribe: <mailto:concept-join@u-boot.org> List-Unsubscribe: <mailto:concept-leave@u-boot.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit |
| Series |
ext4l: Add write support (part L)
|
|
Commit Message
Simon Glass
Dec. 31, 2025, 10:29 p.m. UTC
From: Simon Glass <simon.glass@canonical.com> When running filesystem tests back-to-back, buffer_heads could be freed while journal_heads still reference them. This causes use-after-free crashes when the journal code later accesses the stale b_bh pointer. Add protection in free_buffer_head() to skip buffers with JBD attached, since the journal owns a reference and will clean them up properly. Also add protection in brelse() to prevent the ref count from dropping to zero while JBD is still attached. Update comments in ext4l_close_internal() to clarify why cache cleanup is critical even during skip_io mode. Fixes crashes when test_fs13 runs after test_fs11 in the same session. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- fs/ext4l/support.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/fs/ext4l/support.c b/fs/ext4l/support.c index aaaf89092eb..3be40b6fca2 100644 --- a/fs/ext4l/support.c +++ b/fs/ext4l/support.c @@ -466,6 +466,15 @@ void free_buffer_head(struct buffer_head *bh) if (!bh) return; + /* + * Never free a buffer_head that has a journal_head attached. + * This would cause use-after-free when the journal tries to access it. + * The journal owns a reference and the buffer will be cleaned up when + * the journal_head is properly released. + */ + if (buffer_jbd(bh)) + return; + /* * Shadow buffers (b_private != NULL) share their folio with the * original buffer. Don't free the shared folio.