[PATCH openEuler-1.0-LTS 12/33] ext4: protect superblock modifications with a buffer lock

22 Mar 2021

From: Jan Kara jack@suse.cz
mainline inclusion
from mainline-v5.11-rc4
commit 05c2c00f3769abb9e323fcaca70d2de0b48af7ba
category: bugfix
bugzilla: 46758
CVE: NA
-----------------------------------------------
Protect all superblock modifications (including checksum computation)
with a superblock buffer lock. That way we are sure computed checksum
matches current superblock contents (a mismatch could cause checksum
failures in nojournal mode or if an unjournalled superblock update races
with a journalled one). Also we avoid modifying superblock contents
while it is being written out (which can cause DIF/DIX failures if we
are running in nojournal mode).
Signed-off-by: Jan Kara jack@suse.cz
Link: https://lore.kernel.org/r/20201216101844.22917-4-jack@suse.cz
Signed-off-by: Theodore Ts'o tytso@mit.edu
Signed-off-by: Ye Bin yebin10@huawei.com
Reviewed-by: zhangyi (F) yi.zhang@huawei.com
Signed-off-by: Yang Yingliang yangyingliang@huawei.com
Signed-off-by: Cheng Jian cj.chengjian@huawei.com
---
 fs/ext4/ext4_jbd2.c |  1 -
 fs/ext4/file.c      |  3 +++
 fs/ext4/inode.c     |  3 +++
 fs/ext4/namei.c     |  6 ++++++
 fs/ext4/resize.c    | 12 ++++++++++++
 fs/ext4/super.c     |  2 +-
 fs/ext4/xattr.c     |  3 +++
 7 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c
index af2808995858..f720d8ceeff4 100644
--- a/fs/ext4/ext4_jbd2.c
+++ b/fs/ext4/ext4_jbd2.c
@@ -359,7 +359,6 @@ int __ext4_handle_dirty_super(const char *where, unsigned int line,
    struct buffer_head *bh = EXT4_SB(sb)->s_sbh;
    int err = 0;
-	ext4_superblock_csum_set(sb);
    if (ext4_handle_valid(handle)) {
    	err = jbd2_journal_dirty_metadata(handle, bh);
    	if (err)
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 52d155b4e733..76dadab4638d 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -432,8 +432,11 @@ static int ext4_sample_last_mounted(struct super_block *sb,
    err = ext4_journal_get_write_access(handle, sbi->s_sbh);
    if (err)
    	goto out_journal;
+	lock_buffer(sbi->s_sbh);
    strlcpy(sbi->s_es->s_last_mounted, cp,
    	sizeof(sbi->s_es->s_last_mounted));
+	ext4_superblock_csum_set(sb);
+	unlock_buffer(sbi->s_sbh);
    ext4_handle_dirty_super(handle, sb);
 out_journal:
    ext4_journal_stop(handle);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index e8190bec96f0..00dca30cc091 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5403,7 +5403,10 @@ static int ext4_do_update_inode(handle_t *handle,
    	err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh);
    	if (err)
    		goto out_brelse;
+		lock_buffer(EXT4_SB(sb)->s_sbh);
    	ext4_set_feature_large_file(sb);
+		ext4_superblock_csum_set(sb);
+		unlock_buffer(EXT4_SB(sb)->s_sbh);
    	ext4_handle_sync(handle);
    	err = ext4_handle_dirty_super(handle, sb);
    }
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 29e3f7548707..bd5d0e5974d2 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2860,7 +2860,10 @@ int ext4_orphan_add(handle_t *handle, struct inode *inode)
        (le32_to_cpu(sbi->s_es->s_inodes_count))) {
    	/* Insert this inode at the head of the on-disk orphan list */
    	NEXT_ORPHAN(inode) = le32_to_cpu(sbi->s_es->s_last_orphan);
+		lock_buffer(sbi->s_sbh);
    	sbi->s_es->s_last_orphan = cpu_to_le32(inode->i_ino);
+		ext4_superblock_csum_set(sb);
+		unlock_buffer(sbi->s_sbh);
    	dirty = true;
    }
    list_add(&EXT4_I(inode)->i_orphan, &sbi->s_orphan);
@@ -2943,7 +2946,10 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode)
    		mutex_unlock(&sbi->s_orphan_lock);
    		goto out_brelse;
    	}
+		lock_buffer(sbi->s_sbh);
    	sbi->s_es->s_last_orphan = cpu_to_le32(ino_next);
+		ext4_superblock_csum_set(inode->i_sb);
+		unlock_buffer(sbi->s_sbh);
    	mutex_unlock(&sbi->s_orphan_lock);
    	err = ext4_handle_dirty_super(handle, inode->i_sb);
    } else {
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index 6a0c5c880354..48c71de2e461 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -900,7 +900,10 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
    EXT4_SB(sb)->s_gdb_count++;
    ext4_kvfree_array_rcu(o_group_desc);
+	lock_buffer(EXT4_SB(sb)->s_sbh);
    le16_add_cpu(&es->s_reserved_gdt_blocks, -1);
+	ext4_superblock_csum_set(sb);
+	unlock_buffer(EXT4_SB(sb)->s_sbh);
    err = ext4_handle_dirty_super(handle, sb);
    if (err)
    	ext4_std_error(sb, err);
@@ -1386,6 +1389,7 @@ static void ext4_update_super(struct super_block *sb,
    reserved_blocks *= blocks_count;
    do_div(reserved_blocks, 100);
+	lock_buffer(sbi->s_sbh);
    ext4_blocks_count_set(es, ext4_blocks_count(es) + blocks_count);
    ext4_free_blocks_count_set(es, ext4_free_blocks_count(es) + free_blocks);
    le32_add_cpu(&es->s_inodes_count, EXT4_INODES_PER_GROUP(sb) *
@@ -1423,6 +1427,8 @@ static void ext4_update_super(struct super_block *sb,
     * active. */
    ext4_r_blocks_count_set(es, ext4_r_blocks_count(es) +
    			reserved_blocks);
+	ext4_superblock_csum_set(sb);
+	unlock_buffer(sbi->s_sbh);
/* Update the free space counts */
    percpu_counter_add(&sbi->s_freeclusters_counter,
@@ -1719,8 +1725,11 @@ static int ext4_group_extend_no_check(struct super_block *sb,
    	goto errout;
    }
+	lock_buffer(EXT4_SB(sb)->s_sbh);
    ext4_blocks_count_set(es, o_blocks_count + add);
    ext4_free_blocks_count_set(es, ext4_free_blocks_count(es) + add);
+	ext4_superblock_csum_set(sb);
+	unlock_buffer(EXT4_SB(sb)->s_sbh);
    ext4_debug("freeing blocks %llu through %llu\n", o_blocks_count,
    	   o_blocks_count + add);
    /* We add the blocks to the bitmap and set the group need init bit */
@@ -1878,10 +1887,13 @@ static int ext4_convert_meta_bg(struct super_block *sb, struct inode *inode)
    if (err)
    	goto errout;
+	lock_buffer(sbi->s_sbh);
    ext4_clear_feature_resize_inode(sb);
    ext4_set_feature_meta_bg(sb);
    sbi->s_es->s_first_meta_bg =
    	cpu_to_le32(num_desc_blocks(sb, sbi->s_groups_count));
+	ext4_superblock_csum_set(sb);
+	unlock_buffer(sbi->s_sbh);
err = ext4_handle_dirty_super(handle, sb);
    if (err) {
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 371ba6dda9de..8859803da166 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5033,6 +5033,7 @@ static int ext4_commit_super(struct super_block *sb)
    if (!sbh || block_device_ejected(sb))
    	return error;
+	lock_buffer(sbh);
    /*
     * If the file system is mounted read-only, don't update the
     * superblock write time.  This avoids updating the superblock
@@ -5104,7 +5105,6 @@ static int ext4_commit_super(struct super_block *sb)
BUFFER_TRACE(sbh, "marking dirty");
    ext4_superblock_csum_set(sb);
-	lock_buffer(sbh);
    if (buffer_write_io_error(sbh) || !buffer_uptodate(sbh)) {
    	/*
    	 * Oh, dear.  A previous attempt to write the
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 1a8416f52231..4c2d1afd005f 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -790,7 +790,10 @@ static void ext4_xattr_update_super_block(handle_t *handle,
BUFFER_TRACE(EXT4_SB(sb)->s_sbh, "get_write_access");
    if (ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh) == 0) {
+		lock_buffer(EXT4_SB(sb)->s_sbh);
    	ext4_set_feature_xattr(sb);
+		ext4_superblock_csum_set(sb);
+		unlock_buffer(EXT4_SB(sb)->s_sbh);
    	ext4_handle_dirty_super(handle, sb);
    }
 }
-- 
2.25.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 12/33] ext4: protect superblock modifications with a buffer lock