Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux: fix 2 lowmem bugs #16770

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Linux: fix 2 lowmem bugs #16770

wants to merge 2 commits into from
+65 −6

Conversation

snajpa
Copy link
Contributor

@snajpa snajpa commented Nov 16, 2024
edited
Loading

Motivation and Context

Linux: Fix zfs_prune panics:
#16324

Linux: s_op: use .free_inode:
#16608

Description

Linux: Fix zfs_prune panics

by protecting against sb->s_shrink eviction on umount with newer kernels

deactivate_locked_super calls shrinker_free and only then
sops->kill_sb cb, resulting in UAF on umount when trying
to reach for the shrinker functions in zpl_prune_sb of
in-umount dataset

Linux: s_op: use .free_inode

as per Documentation/filesystems/porting.rst:

quote:

** strongly recommended **

take the RCU-delayed parts of ->destroy_inode() into a new method -
->free_inode().  If ->destroy_inode() becomes empty - all the better,
just get rid of it.

endquote.

How Has This Been Tested?

Low memory scenario docker pull with zfs as storage backend, now passes. Template build at vpsFree, also passes.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

@github-actions github-actions bot added the Status: Work in Progress Not yet ready for general review label Nov 16, 2024
@snajpa snajpa mentioned this pull request Nov 16, 2024
Open
@snajpa snajpa marked this pull request as ready for review November 16, 2024 15:00
@github-actions github-actions bot added Status: Code Review Needed Ready for review and testing and removed Status: Work in Progress Not yet ready for general review labels Nov 16, 2024
@satmandu
Copy link
Contributor

@behlendorf Any chance of getting this reviewed for #16760 2.3.0-rc4?
(I'm biased as someone who makes heavy use of docker.)

@behlendorf behlendorf self-requested a review November 19, 2024 18:06
adamdmoss
adamdmoss approved these changes Nov 19, 2024
View reviewed changes
module/os/linux/zfs/zpl_super.c Show resolved Hide resolved
@snajpa
Linux: s_op: use .free_inode
f1dfc9d 
as per Documentation/filesystems/porting.rst:

quote:

**strongly recommended**

take the RCU-delayed parts of ->destroy_inode() into a new method -
->free_inode().  If ->destroy_inode() becomes empty - all the better,
just get rid of it.

endquote.

Signed-off-by: Pavel Snajdr <[email protected]>
@snajpa
Linux: Fix zfs_prune panics
38893b6 
by protecting against sb->s_shrink eviction on umount with newer kernels

deactivate_locked_super calls shrinker_free and only then
sops->kill_sb cb, resulting in UAF on umount when trying
to reach for the shrinker functions in zpl_prune_sb of
in-umount dataset

Signed-off-by: Pavel Snajdr <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamdmoss adamdmoss adamdmoss approved these changes

@behlendorf behlendorf Awaiting requested review from behlendorf

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
Status: Code Review Needed Ready for review and testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snajpa @satmandu @adamdmoss