linux/fs
Sergei Trofimovich 3387206f26 btrfs: properly handle overlapping areas in memmove_extent_buffer
Fix data corruption caused by memcpy() usage on overlapping data.
I've observed it first when found out usermode linux crash on btrfs.

?all chain is the following:
------------[ cut here ]------------
WARNING: at /home/slyfox/linux-2.6/fs/btrfs/extent_io.c:3900 memcpy_extent_buffer+0x1a5/0x219()
Call Trace:
6fa39a58:  [<601b495e>] _raw_spin_unlock_irqrestore+0x18/0x1c
6fa39a68:  [<60029ad9>] warn_slowpath_common+0x59/0x70
6fa39aa8:  [<60029b05>] warn_slowpath_null+0x15/0x17
6fa39ab8:  [<600efc97>] memcpy_extent_buffer+0x1a5/0x219
6fa39b48:  [<600efd9f>] memmove_extent_buffer+0x94/0x208
6fa39bc8:  [<600becbf>] btrfs_del_items+0x214/0x473
6fa39c78:  [<600ce1b0>] btrfs_delete_one_dir_name+0x7c/0xda
6fa39cc8:  [<600dad6b>] __btrfs_unlink_inode+0xad/0x25d
6fa39d08:  [<600d7864>] btrfs_start_transaction+0xe/0x10
6fa39d48:  [<600dc9ff>] btrfs_unlink_inode+0x1b/0x3b
6fa39d78:  [<600e04bc>] btrfs_unlink+0x70/0xef
6fa39dc8:  [<6007f0d0>] vfs_unlink+0x58/0xa3
6fa39df8:  [<60080278>] do_unlinkat+0xd4/0x162
6fa39e48:  [<600517db>] call_rcu_sched+0xe/0x10
6fa39e58:  [<600452a8>] __put_cred+0x58/0x5a
6fa39e78:  [<6007446c>] sys_faccessat+0x154/0x166
6fa39ed8:  [<60080317>] sys_unlink+0x11/0x13
6fa39ee8:  [<60016b80>] handle_syscall+0x58/0x70
6fa39f08:  [<60021377>] userspace+0x2d4/0x381
6fa39fc8:  [<60014507>] fork_handler+0x62/0x69
---[ end trace 70b0ca2ef0266b93 ]---

http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg09302.html

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Reviewed-by: Josef Bacik <josef@redhat.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
2011-04-11 20:25:06 -04:00
..
9p switch 9p 2011-01-12 20:03:43 -05:00
adfs switch adfs 2011-01-12 20:02:45 -05:00
affs switch affs 2011-01-12 20:03:42 -05:00
afs afs: Fix oops in afs_unlink_writeback 2011-02-25 11:12:37 -08:00
autofs4 autofs4: clean ->d_release() and autofs4_free_ino() up 2011-01-18 01:21:29 -05:00
befs befs: don't pass huge structs by value 2011-01-13 08:03:15 -08:00
bfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
btrfs btrfs: properly handle overlapping areas in memmove_extent_buffer 2011-04-11 20:25:06 -04:00
cachefiles
ceph ceph: fix d_revalidate oopsen on NFS exports 2011-03-10 03:44:05 -05:00
cifs [CIFS] update cifs version 2011-02-21 22:31:47 +00:00
coda Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-01-13 10:27:28 -08:00
configfs configfs: change depends -> select SYSFS 2011-01-16 21:22:29 +00:00
cramfs cramfs: generate unique inode number for better inode cache usage 2011-01-13 08:03:23 -08:00
debugfs convert get_sb_single() users 2010-10-29 04:16:28 -04:00
devpts convert get_sb_single() users 2010-10-29 04:16:28 -04:00
dlm dlm: use single thread workqueues 2011-02-11 16:50:47 -06:00
ecryptfs eCryptfs: Copy up lower inode attrs in getattr 2011-02-21 14:46:36 -06:00
efs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
exofs exofs: i_nlink races in rename() 2011-03-03 01:28:17 -05:00
exportfs fs: dcache per-inode inode alias locking 2011-01-07 17:50:31 +11:00
ext2 ext2: Fix link count corruption under heavy link+rename load 2011-03-02 11:03:52 +01:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2011-01-21 07:33:37 -08:00
ext4 ext4: serialize unaligned asynchronous DIO 2011-02-12 08:17:34 -05:00
fat fat: fix d_revalidate oopsen on NFS exports 2011-03-10 03:45:49 -05:00
freevxfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
fscache FS-Cache: Fix operation handling 2011-01-14 09:23:36 -08:00
fuse fuse: fix d_revalidate oopsen on NFS exports 2011-03-10 03:44:31 -05:00
gfs2 gfs2: fix d_revalidate oopsen on NFS exports 2011-03-10 03:44:48 -05:00
hfs hfs: fix rename() over non-empty directory 2011-03-03 01:28:40 -05:00
hfsplus hfsplus: fix up a comparism in hfsplus_file_extend 2011-02-03 16:34:18 -07:00
hostfs switch hostfs 2011-01-12 20:03:42 -05:00
hpfs hpfs_setattr error case avoids unlock_kernel 2011-01-17 05:11:37 -05:00
hppfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
hugetlbfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
isofs fix isofs d_op handling 2011-01-12 20:02:43 -05:00
jbd fix comment typos concerning "consistent" 2010-12-10 16:04:28 +01:00
jbd2 jbd2: call __jbd2_log_start_commit with j_state_lock write locked 2011-02-12 08:18:24 -05:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2011-01-17 11:15:30 -08:00
jfs jfs: fix d_revalidate oopsen on NFS exports 2011-03-10 03:45:28 -05:00
lockd NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!" 2011-01-25 15:24:47 -05:00
logfs Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
minix minix: i_nlink races in rename() 2011-03-03 01:28:16 -05:00
ncpfs move internal-only parts of ncpfs headers to fs/ncpfs 2011-01-12 20:03:43 -05:00
nfs NFS: NFSROOT should default to "proto=udp" 2011-03-11 15:38:07 -05:00
nfs_common NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
nfsd nfsd: wrong index used in inner loop 2011-03-08 19:46:10 -05:00
nilfs2 Merge branch 'i_nlink' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-03 15:37:59 -08:00
nls
notify Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
ntfs NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc(). 2011-01-31 12:58:11 +10:00
ocfs2 ocfs2: fix d_revalidate oopsen on NFS exports 2011-03-10 03:45:07 -05:00
omfs new helper: mount_bdev() 2010-10-29 04:16:13 -04:00
openpromfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
partitions Fix corrupted OSF partition table parsing 2011-03-14 10:14:28 -07:00
proc /proc/self is never going to be invalidated... 2011-03-10 03:41:53 -05:00
qnx4 fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
quota quota: Fix deadlock during path resolution 2011-01-12 19:14:55 +01:00
ramfs convert get_sb_nodev() users 2010-10-29 04:16:31 -04:00
reiserfs reiserfs xattr ->d_revalidate() shouldn't care about RCU 2011-03-10 03:42:01 -05:00
romfs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
squashfs squashfs: fix use of uninitialised variable in zlib & xz decompressors 2011-01-26 10:50:05 +10:00
sysfs kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
sysv sysv: i_nlink races in rename() 2011-03-03 01:28:16 -05:00
ubifs fs: icache RCU free inodes 2011-01-07 17:50:26 +11:00
udf udf: fix i_nlink limit 2011-03-03 01:28:40 -05:00
ufs ufs: i_nlink races in rename() 2011-03-03 01:28:16 -05:00
xfs xfs: zero proper structure size for geometry calls 2011-03-01 21:21:13 -06:00
aio.c aio: fix race between io_destroy() and io_submit() 2011-02-25 15:07:37 -08:00
anon_inodes.c sanitize vfsmount refcounting changes 2011-01-16 13:47:07 -05:00
attr.c
bad_inode.c fs: provide rcu-walk aware permission i_ops 2011-01-07 17:50:29 +11:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c binfmt_elf: cleanups 2011-01-13 08:03:12 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
binfmt_script.c
binfmt_som.c
bio-integrity.c bio-integrity: mark kintegrityd_wq highpri and CPU intensive 2011-01-03 15:01:48 +01:00
bio.c bio: take care not overflow page count when mapping/copying user data 2010-11-10 14:40:43 +01:00
block_dev.c fs/block_dev.c: fix new kernel-doc warning 2011-02-28 18:08:31 -08:00
buffer.c fs: Use this_cpu_inc_return in buffer.c 2010-12-17 15:18:05 +01:00
char_dev.c Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
compat_binfmt_elf.c
compat_ioctl.c Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-01-07 14:39:20 -08:00
compat.c compat breakage in preadv() and pwritev() 2011-03-13 16:29:07 -07:00
dcache.c fs/dcache: allow d_obtain_alias() to return unhashed dentries 2011-03-10 05:18:54 -05:00
dcookies.c
direct-io.c fs/direct-io.c: don't try to allocate more than BIO_MAX_PAGES in a bio 2011-01-20 17:02:05 -08:00
drop_caches.c
eventfd.c Docbook: add fs/eventfd.c and fix typos in it 2011-02-21 15:07:04 -08:00
eventpoll.c epoll: prevent creating circular epoll structures 2011-02-25 15:07:36 -08:00
exec.c vfs: sparse: add __FMODE_EXEC 2011-02-02 16:03:19 -08:00
fcntl.c vfs: sparse: add __FMODE_EXEC 2011-02-02 16:03:19 -08:00
fifo.c
file_table.c CRED: Fix kernel panic upon security_file_alloc() failure. 2011-02-04 10:40:29 -08:00
file.c
filesystems.c fs: rcu-walk for path lookup 2011-01-07 17:50:27 +11:00
fs_struct.c sanitize vfsmount refcounting changes 2011-01-16 13:47:07 -05:00
fs-writeback.c fs/fs-writeback.c: fix sync_inodes_sb() return value kernel-doc 2011-01-13 17:32:48 -08:00
generic_acl.c fs: provide simple rcu-walk generic_check_acl implementation 2011-01-07 17:50:29 +11:00
inode.c Merge branch 'for-linus' of git://neil.brown.name/md 2011-02-25 11:13:26 -08:00
internal.h Fix over-zealous flush_disk when changing device size. 2011-02-24 17:25:47 +11:00
ioctl.c fs: make block fiemap mapping length at least blocksize long 2011-02-02 16:03:20 -08:00
ioprio.c ioprio: grab rcu_read_lock in sys_ioprio_{set,get}() 2010-11-15 10:23:31 +01:00
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
Kconfig.binfmt coredump: default CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y 2010-10-27 18:03:12 -07:00
libfs.c pass default dentry_operations to mount_pseudo() 2011-01-12 20:03:43 -05:00
locks.c Merge branch 'for-2.6.38' of git://linux-nfs.org/~bfields/linux 2011-01-14 13:17:26 -08:00
Makefile Merge 'staging-next' to Linus's tree 2010-10-28 09:44:56 -07:00
mbcache.c ext2: Resolve 'dereferencing pointer to incomplete type' when enabling EXT2_XATTR_DEBUG 2011-01-10 19:04:08 +01:00
mpage.c fs/mpage.c: consolidate code 2011-01-13 17:32:32 -08:00
namei.c nd->inode is not set on the second attempt in path_walk() 2011-03-08 21:16:28 -05:00
namespace.c Unlock vfsmount_lock in do_umount 2011-02-24 02:10:57 -05:00
nfsctl.c
no-block.c
open.c Check for immutable/append flag in fallocate path 2011-03-10 04:22:15 -05:00
pipe.c Fix broken "pipe: use event aware wakeups" optimization 2011-01-20 16:21:59 -08:00
pnode.c fs: scale mntget/mntput 2011-01-07 17:50:33 +11:00
pnode.h
posix_acl.c NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
read_write.c fix signedness mess in rw_verify_area() on 64bit architectures 2011-01-12 20:06:58 -05:00
read_write.h
readdir.c
select.c fs/select.c: fix information leak to userspace 2011-01-13 08:03:12 -08:00
seq_file.c fs: take dcache_lock inside __d_path 2010-10-25 21:26:12 -04:00
signalfd.c Merge branch 'hwpoison' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-mce-2.6 2010-10-26 10:13:10 -07:00
splice.c Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
stack.c
stat.c Add an AT_NO_AUTOMOUNT flag to suppress terminal automount 2011-01-15 20:07:33 -05:00
statfs.c
super.c vfs: call rcu_barrier after ->kill_sb() 2011-02-11 16:12:19 -08:00
sync.c
timerfd.c
utimes.c
xattr_acl.c
xattr.c