Add "Access d_bdev before dropping inode" patch
* 0005-oracleasm-Access-d_bdev-before-dropping-inode.patch: New file.
* kmod-redhat-oracleasm.spec (kmod_rpm_release): Bump to 18.1.
(kmod_kernel_version, kmod_kernel_version_min): Bump to 4.18.0-552%{dist}.
(Patch5): New patch.
(%prep): Apply it.
(%changelog): Mention the change.
Resolves: RHEL-30468
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
Eugene Syromiatnikov
parent
d54d26ad31
commit
e48c8e06c2
47
0005-oracleasm-Access-d_bdev-before-dropping-inode.patch
Normal file
47
0005-oracleasm-Access-d_bdev-before-dropping-inode.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
commit a6982d0edd0caeb2a7a0f3465c0adf85a902102a
|
||||||
|
Author: Stephen Brennan stephen.s.brennan@oracle.com
|
||||||
|
Date: Mon Sep 14 16:03:32 2020 -0700
|
||||||
|
|
||||||
|
oracleasm: Access d_bdev before dropping inode
|
||||||
|
|
||||||
|
d_bdev is stored alongside the inode. If we hold the last reference to
|
||||||
|
disk_inode, then iput() will clear the d_bdev field and cause a page
|
||||||
|
fault when it is dereferenced. Further, the iput() could result in a
|
||||||
|
blkdev_put(), after which our accesses to bdev could be further
|
||||||
|
corrupted. To avoid all this, delay the iput() until all access to d,
|
||||||
|
disk_inode, and bdev are complete.
|
||||||
|
|
||||||
|
Ora bug: 31901945
|
||||||
|
Signed-off-by: Stephen Brennan stephen.s.brennan@oracle.com
|
||||||
|
Reviewed-by: Junxiao Bi junxiao.bi@oracle.com
|
||||||
|
Signed-off-by: Somasundaram Krishnasamy somasundaram.krishnasamy@oracle.com
|
||||||
|
|
||||||
|
diff --git a/drivers/block/oracleasm/driver.c b/drivers/block/oracleasm/driver.c
|
||||||
|
index 2bcad19af0d8..02882105f799 100644
|
||||||
|
--- a/drivers/block/oracleasm/driver.c
|
||||||
|
+++ b/drivers/block/oracleasm/driver.c
|
||||||
|
@@ -2380,7 +2380,6 @@ static ssize_t asmfs_svc_query_handle(struct file *file, char *buf, size_t size)
|
||||||
|
}
|
||||||
|
|
||||||
|
d = ASMDISK_I(disk_inode);
|
||||||
|
- iput(disk_inode);
|
||||||
|
bdev = d->d_bdev;
|
||||||
|
|
||||||
|
qh_info->qh_max_sectors = compute_max_sectors(bdev);
|
||||||
|
@@ -2395,6 +2394,15 @@ static ssize_t asmfs_svc_query_handle(struct file *file, char *buf, size_t size)
|
||||||
|
trace_queryhandle(bdev, qh_info);
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Dropping the reference to disk_inode could result in d and
|
||||||
|
+ * disk_inode being evicted and freed. This will further drop the
|
||||||
|
+ * reference to bdev, which could be the last one. Thus, we must
|
||||||
|
+ * delay the iput() until all accesses to disk_inode, d, and bdev
|
||||||
|
+ * are complete.
|
||||||
|
+ */
|
||||||
|
+ iput(disk_inode);
|
||||||
|
+
|
||||||
|
out:
|
||||||
|
qh_info->qh_abi.ai_status = ret;
|
||||||
|
return size;
|
||||||
|
|
||||||
@ -3,9 +3,9 @@
|
|||||||
%define kmod_rpm_name kmod-redhat-oracleasm
|
%define kmod_rpm_name kmod-redhat-oracleasm
|
||||||
%define kmod_driver_version 2.0.8
|
%define kmod_driver_version 2.0.8
|
||||||
%define kmod_driver_epoch 8
|
%define kmod_driver_epoch 8
|
||||||
%define kmod_rpm_release 18
|
%define kmod_rpm_release 18.1
|
||||||
%define kmod_kernel_version 4.18.0-507.el8
|
%define kmod_kernel_version 4.18.0-552%{dist}
|
||||||
%define kmod_kernel_version_min 4.18.0-507.el8
|
%define kmod_kernel_version_min 4.18.0-552%{dist}
|
||||||
%define kmod_kernel_version_dep 4.18.0
|
%define kmod_kernel_version_dep 4.18.0
|
||||||
%define kmod_kbuild_dir drivers/block/oracleasm
|
%define kmod_kbuild_dir drivers/block/oracleasm
|
||||||
%define kmod_install_path extra/kmod-redhat-oracleasm
|
%define kmod_install_path extra/kmod-redhat-oracleasm
|
||||||
@ -13,7 +13,6 @@
|
|||||||
%define kernel_devel_pkg kernel-devel
|
%define kernel_devel_pkg kernel-devel
|
||||||
%define kernel_modules_pkg kernel-modules
|
%define kernel_modules_pkg kernel-modules
|
||||||
|
|
||||||
%{!?dist: %define dist .el8_4}
|
|
||||||
%{!?make_build: %define make_build make}
|
%{!?make_build: %define make_build make}
|
||||||
|
|
||||||
%if "%{kmod_kernel_version_dep}" == ""
|
%if "%{kmod_kernel_version_dep}" == ""
|
||||||
@ -28,6 +27,7 @@ Patch0: 0000-Makefile-config-opts.patch
|
|||||||
Patch2: 0002-oracleasm-driver-make-bio_for_each_segment_all-worki.patch
|
Patch2: 0002-oracleasm-driver-make-bio_for_each_segment_all-worki.patch
|
||||||
Patch3: 0003-oracleasm-copy-rhel8-s-bio_map_user_iov.patch
|
Patch3: 0003-oracleasm-copy-rhel8-s-bio_map_user_iov.patch
|
||||||
Patch4: 0004-update-bdi-writeback-acct_dirty-flags.patch
|
Patch4: 0004-update-bdi-writeback-acct_dirty-flags.patch
|
||||||
|
Patch5: 0005-oracleasm-Access-d_bdev-before-dropping-inode.patch
|
||||||
|
|
||||||
%define findpat %( echo "%""P" )
|
%define findpat %( echo "%""P" )
|
||||||
%define __find_requires /usr/lib/rpm/redhat/find-requires.ksyms
|
%define __find_requires /usr/lib/rpm/redhat/find-requires.ksyms
|
||||||
@ -157,6 +157,7 @@ exit 0
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
set -- *
|
set -- *
|
||||||
mkdir source
|
mkdir source
|
||||||
mv "$@" source/
|
mv "$@" source/
|
||||||
@ -219,6 +220,9 @@ install -m 644 -D source/greylist.txt $RPM_BUILD_ROOT/usr/share/doc/%{kmod_rpm_n
|
|||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 08 2024 Eugene Syromiatnikov <esyr@redhat.com> 2.0.8-18.1
|
||||||
|
- Fix use-after-free in asmfs_svc_query_handle (RHEL-30468).
|
||||||
|
|
||||||
* Wed Jan 04 2023 Eugene Syromiatnikov <esyr@redhat.com> 2.0.8-18
|
* Wed Jan 04 2023 Eugene Syromiatnikov <esyr@redhat.com> 2.0.8-18
|
||||||
- Rebuild against kernel-4.18.0-507.el8 (#2228579).
|
- Rebuild against kernel-4.18.0-507.el8 (#2228579).
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user