Commit d2b47521 authored Sep 24, 2024 by Dave Chinner Committed by Greg Kroah-Hartman Sep 30, 2024

xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING



[ Upstream commit 52f31ed2 ]

Resulting in a UAF if the shrinker races with some other dquot
freeing mechanism that sets XFS_DQFLAG_FREEING before the dquot is
removed from the LRU. This can occur if a dquot purge races with
drop_caches.

Reported-by:  <syzbot+912776840162c13db1a3@syzkaller.appspotmail.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
Acked-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent cfb92605

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 19b68814
· Nov 05, 2025

mentioned in commit 19b68814

mentioned in commit 19b68814b1cd60c40546f31f7cc5b7895c0b013b

Toggle commit list

Please to comment