On Fri, Feb 28, 2020 at 04:48:15PM -0800, Suraj Jitindar Singh wrote:
From: Theodore Ts'o tytso@mit.edu
commit 1d0c3924a92e69bfa91163bda83c12a994b4d106 upstream.
During an online resize an array of pointers to buffer heads gets replaced so it can get enlarged. If there is a racing block allocation or deallocation which uses the old array, and the old array has gotten reused this can lead to a GPF or some other random kernel memory getting modified.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206443 Link: https://lore.kernel.org/r/20200221053458.730016-2-tytso@mit.edu Reported-by: Suraj Jitindar Singh surajjs@amazon.com Signed-off-by: Theodore Ts'o tytso@mit.edu Cc: stable@kernel.org # 4.14.x
I've applied this and the 4.9 and 4.4 series.
Note that patch 2 in all of your serieses didn't apply cleanly for me, but cherry picking the upstream commit directly worked so I did that.