| From 083123aeb93f330a2e0d27c3cfb2055b3a1025f4 Mon Sep 17 00:00:00 2001 |
| From: Theodore Ts'o <tytso@mit.edu> |
| Date: Thu, 27 Dec 2012 01:42:50 -0500 |
| Subject: [PATCH] ext4: avoid hang when mounting non-journal filesystems with |
| orphan list |
| |
| commit 0e9a9a1ad619e7e987815d20262d36a2f95717ca upstream. |
| |
| When trying to mount a file system which does not contain a journal, |
| but which does have a orphan list containing an inode which needs to |
| be truncated, the mount call with hang forever in |
| ext4_orphan_cleanup() because ext4_orphan_del() will return |
| immediately without removing the inode from the orphan list, leading |
| to an uninterruptible loop in kernel code which will busy out one of |
| the CPU's on the system. |
| |
| This can be trivially reproduced by trying to mount the file system |
| found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs |
| source tree. If a malicious user were to put this on a USB stick, and |
| mount it on a Linux desktop which has automatic mounts enabled, this |
| could be considered a potential denial of service attack. (Not a big |
| deal in practice, but professional paranoids worry about such things, |
| and have even been known to allocate CVE numbers for such problems.) |
| |
| Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> |
| Reviewed-by: Zheng Liu <wenqing.lz@taobao.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| fs/ext4/namei.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c |
| index d64e5f4f12ed..f501bdf9d4c1 100644 |
| --- a/fs/ext4/namei.c |
| +++ b/fs/ext4/namei.c |
| @@ -2081,7 +2081,8 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode) |
| struct ext4_iloc iloc; |
| int err = 0; |
| |
| - if (!EXT4_SB(inode->i_sb)->s_journal) |
| + if ((!EXT4_SB(inode->i_sb)->s_journal) && |
| + !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS)) |
| return 0; |
| |
| mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock); |
| -- |
| 1.8.5.2 |
| |