CVE-2021-47493

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: fix race between searching chunks and release journal_head from buffer_head<br /> <br /> Encountered a race between ocfs2_test_bg_bit_allocatable() and<br /> jbd2_journal_put_journal_head() resulting in the below vmcore.<br /> <br /> PID: 106879 TASK: ffff880244ba9c00 CPU: 2 COMMAND: "loop3"<br /> Call trace:<br /> panic<br /> oops_end<br /> no_context<br /> __bad_area_nosemaphore<br /> bad_area_nosemaphore<br /> __do_page_fault<br /> do_page_fault<br /> page_fault<br /> [exception RIP: ocfs2_block_group_find_clear_bits+316]<br /> ocfs2_block_group_find_clear_bits [ocfs2]<br /> ocfs2_cluster_group_search [ocfs2]<br /> ocfs2_search_chain [ocfs2]<br /> ocfs2_claim_suballoc_bits [ocfs2]<br /> __ocfs2_claim_clusters [ocfs2]<br /> ocfs2_claim_clusters [ocfs2]<br /> ocfs2_local_alloc_slide_window [ocfs2]<br /> ocfs2_reserve_local_alloc_bits [ocfs2]<br /> ocfs2_reserve_clusters_with_limit [ocfs2]<br /> ocfs2_reserve_clusters [ocfs2]<br /> ocfs2_lock_refcount_allocators [ocfs2]<br /> ocfs2_make_clusters_writable [ocfs2]<br /> ocfs2_replace_cow [ocfs2]<br /> ocfs2_refcount_cow [ocfs2]<br /> ocfs2_file_write_iter [ocfs2]<br /> lo_rw_aio<br /> loop_queue_work<br /> kthread_worker_fn<br /> kthread<br /> ret_from_fork<br /> <br /> When ocfs2_test_bg_bit_allocatable() called bh2jh(bg_bh), the<br /> bg_bh-&gt;b_private NULL as jbd2_journal_put_journal_head() raced and<br /> released the jounal head from the buffer head. Needed to take bit lock<br /> for the bit &amp;#39;BH_JournalHead&amp;#39; to fix this race.