CVE-2022-50730

In the Linux kernel, the following vulnerability has been resolved:

ext4: silence the warning when evicting inode with dioread_nolock

When evicting an inode with default dioreadnolock, it could be raced by the unwritten extents converting kworker after writeback some new allocated dirty blocks. It convert unwritten extents to written, the extents could be merged to upper level and free extent blocks, so it could mark the inode dirty again even this inode has been marked IFREEING. But the inode->iiolist check and warning in ext4evictinode() missing this corner case. Fortunately, ext4evictinode() will wait all extents converting finished before this check, so it will not lead to inode use-after-free problem, every thing is OK besides this warning. The WARNONONCE was originally designed for finding inode use-after-free issues in advance, but if we add current dioread_nolock case in, it will become not quite useful, so fix this warning by just remove this check.

====== WARNING: CPU: 7 PID: 1092 at fs/ext4/inode.c:227 ext4evictinode+0x875/0xc60 ... RIP: 0010:ext4evictinode+0x875/0xc60 ... Call Trace: <TASK> evict+0x11c/0x2b0 iput+0x236/0x3a0 do_unlinkat+0x1b4/0x490 __x64sysunlinkat+0x4c/0xb0 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x46/0xb0 RIP: 0033:0x7fa933c1115b ======

rm kworker ext4endioend() vfsunlink() ext4unlink() ext4convertunwrittenioendvec() ext4convertunwrittenextents() ext4mapblocks() ext4extmapblocks() ext4exttrytomerge_up() _markinodedirty() check !IFREEING lockedinodetowbandlocklist() iput() iputfinal() evict() ext4evictinode() truncateinodepagesfinal() //wait release ioend inodeiolistmovelocked() ext4releaseioend() trigger WARNONONCE()