ACK: [SRU][F][PATCH v2 0/1] CVE-2024-42077

Stefan Bader stefan.bader at canonical.com
Fri Oct 25 12:37:15 UTC 2024 

On 17.10.24 08:26, Massimiliano Pellizzer wrote:
> [Impact]
> 
> ocfs2: fix DIO failure due to insufficient transaction credits
> 
> The code in ocfs2_dio_end_io_write() estimates number of necessary
> transaction credits using ocfs2_calc_extend_credits().  This however does
> not take into account that the IO could be arbitrarily large and can
> contain arbitrary number of extents.
> 
> Extent tree manipulations do often extend the current transaction but not
> in all of the cases.  For example if we have only single block extents in
> the tree, ocfs2_mark_extent_written() will end up calling
> ocfs2_replace_extent_rec() all the time and we will never extend the
> current transaction and eventually exhaust all the transaction credits if
> the IO contains many single block extents.  Once that happens a
> WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in
> jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to
> this error.  This was actually triggered by one of our customers on a
> heavily fragmented OCFS2 filesystem.
> 
> To fix the issue make sure the transaction always has enough credits for
> one extent insert before each call of ocfs2_mark_extent_written().
> 
> [Fix]
> 
> Noble:  Fixed
> Jammy:  Fixed
> Focal:  Backported from linux-5.10.y
> Bionic: Sent to ESM ML
> Xenial: Not affected
> 
> [Test Case]
> 
> Compile tested only.
> 
> [Where problems could occur]
> 
> The fix affects the OCFS2 file system. An issue with this fix may lead
> to kernel crashes, particularly when performing file operations on OCFS2
> file system. Users may also notice unexpected file system behavior, such
> as I/O errors or unresponsive file access, especially during large I/O
> operations or under heavy load.
> 
> Jan Kara (1):
>    ocfs2: fix DIO failure due to insufficient transaction credits
> 
>   fs/ocfs2/aops.c        |  5 +++++
>   fs/ocfs2/journal.c     | 17 +++++++++++++++++
>   fs/ocfs2/journal.h     |  2 ++
>   fs/ocfs2/ocfs2_trace.h |  2 ++
>   4 files changed, 26 insertions(+)
> 

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241025/acda5fe8/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241025/acda5fe8/attachment-0001.sig>

More information about the kernel-team mailing list