preventing attempt to unload the ext4 module while the fs is still actively
mounted by adding a check before exit
The crash occurs because ext4_inode_cache still contain objects
in use when kmem_cache_destroy is called
This is a log of the bug produced by crepro given by a local syzkaller
[ 301.647795] BUG ext4_inode_cache (Tainted: G R ): Objects remaining on __kmem_cache_shutdown()
[ 301.652120] -----------------------------------------------------------
[ 301.652120]
[ 301.653366] Object 0xffff88800ec88008 @offset=8
[ 301.653877] Allocated in ext4_alloc_inode+0x27/0x1a0 [ext4] age=46055 cpu=0 pid=616
[ 301.655766] ext4_alloc_inode+0x27/0x1a0 [ext4]
[ 301.657063] alloc_inode+0x2b/0x120
[ 301.657570] iget_locked+0x1ae/0x3e0
[ 301.658137] __ext4_iget+0x243/0x1af0 [ext4]
[ 301.659197] ext4_lookup+0x1b5/0x3e0 [ext4]
[ 301.660784] __lookup_slow+0xd1/0x1f0
[ 301.661575] walk_component+0x1a7/0x250
[ 301.662411] path_lookupat+0x9a/0x2f0
[ 301.663179] filename_lookup+0x14e/0x2e0
[ 301.663947] vfs_statx+0xb9/0x240
[ 301.664622] __do_sys_newstat+0x62/0xd0
[ 301.665376] do_syscall_64+0x80/0x2c0
[ 301.666091] entry_SYSCALL_64_after_hwframe+0x76/0x7e
Was not able to reproduce on my host system
Tested in a Qemu instance
Signed-off-by: Kevin Paul Reddy Janagari <kevinpaul468@xxxxxxxxx>
---
fs/ext4/super.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c7d39da7e733..c6c77369a252 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -7480,8 +7480,24 @@ static int __init ext4_init_fs(void)
return err;
}
+static void ext4_busy_check(struct super_block *sb, void *data)
+{
+ int *is_busy = data;
+ *is_busy = 1;
+}
+
static void __exit ext4_exit_fs(void)
{
+
+ int is_busy = 0;
+
+ iterate_supers_type(&ext4_fs_type, ext4_busy_check, &is_busy);
+
+ if (is_busy) {
+ pr_warn("ext4: Cannot unload module, filesystem is still in use.\n");
+ return;
+ }
+
ext4_destroy_lazyinit_thread();
unregister_as_ext2();
unregister_as_ext3();
--
2.39.5
