Re: [PATCH v3] ext4: fix use-after-free in update_super_work when racing with umount

Next message: Theodore Ts'o: "Re: [PATCH v2 1/1] jbd2: gracefully abort on checkpointing state corruptions"
Previous message: Theodore Ts'o: "Re: [PATCH] ext4: Fix the might_sleep() warnings in kvfree()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Theodore Ts'o

Date: Sat Mar 28 2026 - 01:33:16 EST

On Thu, 19 Mar 2026 20:03:35 +0800, Jiayuan Chen wrote:
> Commit b98535d09179 ("ext4: fix bug_on in start_this_handle during umount
> filesystem") moved ext4_unregister_sysfs() before flushing s_sb_upd_work
> to prevent new error work from being queued via /proc/fs/ext4/xx/mb_groups
> reads during unmount. However, this introduced a use-after-free because
> update_super_work calls ext4_notify_error_sysfs() -> sysfs_notify() which
> accesses the kobject's kernfs_node after it has been freed by kobject_del()
> in ext4_unregister_sysfs():
>
> [...]

Applied, thanks!

[1/1] ext4: fix use-after-free in update_super_work when racing with umount
commit: d15e4b0a418537aafa56b2cb80d44add83e83697

Best regards,
--
Theodore Ts'o <tytso@xxxxxxx>