Changes since last update:
- Fix firstfsb variables that we left uninitialized, which could lead to locking problems. - Check for NULL metadata buffer pointers before using them. - Don't allow btree cursor manipulation if the btree block is corrupt. Better to just shut down. - Fix infinite loop problems in quotacheck. - Fix buffer overrun when validating directory blocks. - Fix deadlock problem in bunmapi. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCgAGBQJZeXhTAAoJEPh/dxk0SrTrUK8P/RvwLgEflTEUQjjNoakhOuWV yYlXJz2ArWbG/w8vtW4rb6gnExJ6OmJ4EUZWe78g0oTpo9vmS7GuHE0HBXS8AiNe 9Y87GBIQLRi6BOlY9wfiKcLyA3u/buLSAkFhjulA+ARRIS2G3pW/PkzOfl1tIJhl rpL/xJ8TAcNz5LLu/znwebtnIMbaplMdV80b4dOHoNvYC0mYaOFTRiyXANqdCnKx C4tYyKkkQHYDjyXjOwJt8I8CUvcbMrOVQd1E1px+n2L9O81dUP04PhF8N0vPZl/Q ueP83KRqCAm89HMc2P/P0bkBZmbFUtgtMA67oOUxx66crDWEExGRhqZ1+/UgJsAg t5yFg3+QwgaXhAXcZZrvGGMT0b3L6ew5//dhY8XcMq2xKpKrxls/RtQrw3Lux+qx lHhGIAyd15LBKHWARwGXC315gOMfLnUuWhG63pOygL4PrVvOY22Axj5YdRJD5J6E Z4oRzqhQngeLrbfbj73DQFcGxdeEUodB+Pz8uTQ+6pfy5JU3dMzdI16ekX1bgZV3 qFFMRR77a4RpAWYy27LYeaa8NTAEQEahKdRWXofjgKjfsvgnxe+cqhoSdkExAX0c MM0DtXMo2dMjpsajNCo971jPK89a07dY+6Y9COwSMV2vD8Ml43v2F9nS9kcQlUAP H6kdr19vd5p/BBH1P+lu =TKiL -----END PGP SIGNATURE----- Merge tag 'xfs-4.13-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: - fix firstfsb variables that we left uninitialized, which could lead to locking problems. - check for NULL metadata buffer pointers before using them. - don't allow btree cursor manipulation if the btree block is corrupt. Better to just shut down. - fix infinite loop problems in quotacheck. - fix buffer overrun when validating directory blocks. - fix deadlock problem in bunmapi. * tag 'xfs-4.13-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix multi-AG deadlock in xfs_bunmapi xfs: check that dir block entries don't off the end of the buffer xfs: fix quotacheck dquot id overflow infinite loop xfs: check _alloc_read_agf buffer pointer before using xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write xfs: check _btree_check_block value
This commit is contained in:
commit
19993e7378
@ -5435,6 +5435,7 @@ __xfs_bunmapi(
|
|||||||
xfs_fsblock_t sum;
|
xfs_fsblock_t sum;
|
||||||
xfs_filblks_t len = *rlen; /* length to unmap in file */
|
xfs_filblks_t len = *rlen; /* length to unmap in file */
|
||||||
xfs_fileoff_t max_len;
|
xfs_fileoff_t max_len;
|
||||||
|
xfs_agnumber_t prev_agno = NULLAGNUMBER, agno;
|
||||||
|
|
||||||
trace_xfs_bunmap(ip, bno, len, flags, _RET_IP_);
|
trace_xfs_bunmap(ip, bno, len, flags, _RET_IP_);
|
||||||
|
|
||||||
@ -5534,6 +5535,17 @@ __xfs_bunmapi(
|
|||||||
*/
|
*/
|
||||||
del = got;
|
del = got;
|
||||||
wasdel = isnullstartblock(del.br_startblock);
|
wasdel = isnullstartblock(del.br_startblock);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Make sure we don't touch multiple AGF headers out of order
|
||||||
|
* in a single transaction, as that could cause AB-BA deadlocks.
|
||||||
|
*/
|
||||||
|
if (!wasdel) {
|
||||||
|
agno = XFS_FSB_TO_AGNO(mp, del.br_startblock);
|
||||||
|
if (prev_agno != NULLAGNUMBER && prev_agno > agno)
|
||||||
|
break;
|
||||||
|
prev_agno = agno;
|
||||||
|
}
|
||||||
if (got.br_startoff < start) {
|
if (got.br_startoff < start) {
|
||||||
del.br_startoff = start;
|
del.br_startoff = start;
|
||||||
del.br_blockcount -= start - got.br_startoff;
|
del.br_blockcount -= start - got.br_startoff;
|
||||||
@ -6499,6 +6511,15 @@ xfs_bmap_finish_one(
|
|||||||
xfs_fsblock_t firstfsb;
|
xfs_fsblock_t firstfsb;
|
||||||
int error = 0;
|
int error = 0;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* firstfsb is tied to the transaction lifetime and is used to
|
||||||
|
* ensure correct AG locking order and schedule work item
|
||||||
|
* continuations. XFS_BUI_MAX_FAST_EXTENTS (== 1) restricts us
|
||||||
|
* to only making one bmap call per transaction, so it should
|
||||||
|
* be safe to have it as a local variable here.
|
||||||
|
*/
|
||||||
|
firstfsb = NULLFSBLOCK;
|
||||||
|
|
||||||
trace_xfs_bmap_deferred(tp->t_mountp,
|
trace_xfs_bmap_deferred(tp->t_mountp,
|
||||||
XFS_FSB_TO_AGNO(tp->t_mountp, startblock), type,
|
XFS_FSB_TO_AGNO(tp->t_mountp, startblock), type,
|
||||||
XFS_FSB_TO_AGBNO(tp->t_mountp, startblock),
|
XFS_FSB_TO_AGBNO(tp->t_mountp, startblock),
|
||||||
|
@ -728,7 +728,8 @@ xfs_btree_firstrec(
|
|||||||
* Get the block pointer for this level.
|
* Get the block pointer for this level.
|
||||||
*/
|
*/
|
||||||
block = xfs_btree_get_block(cur, level, &bp);
|
block = xfs_btree_get_block(cur, level, &bp);
|
||||||
xfs_btree_check_block(cur, block, level, bp);
|
if (xfs_btree_check_block(cur, block, level, bp))
|
||||||
|
return 0;
|
||||||
/*
|
/*
|
||||||
* It's empty, there is no such record.
|
* It's empty, there is no such record.
|
||||||
*/
|
*/
|
||||||
@ -757,7 +758,8 @@ xfs_btree_lastrec(
|
|||||||
* Get the block pointer for this level.
|
* Get the block pointer for this level.
|
||||||
*/
|
*/
|
||||||
block = xfs_btree_get_block(cur, level, &bp);
|
block = xfs_btree_get_block(cur, level, &bp);
|
||||||
xfs_btree_check_block(cur, block, level, bp);
|
if (xfs_btree_check_block(cur, block, level, bp))
|
||||||
|
return 0;
|
||||||
/*
|
/*
|
||||||
* It's empty, there is no such record.
|
* It's empty, there is no such record.
|
||||||
*/
|
*/
|
||||||
|
@ -136,6 +136,8 @@ __xfs_dir3_data_check(
|
|||||||
*/
|
*/
|
||||||
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
|
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
|
||||||
XFS_WANT_CORRUPTED_RETURN(mp, lastfree == 0);
|
XFS_WANT_CORRUPTED_RETURN(mp, lastfree == 0);
|
||||||
|
XFS_WANT_CORRUPTED_RETURN(mp, endp >=
|
||||||
|
p + be16_to_cpu(dup->length));
|
||||||
XFS_WANT_CORRUPTED_RETURN(mp,
|
XFS_WANT_CORRUPTED_RETURN(mp,
|
||||||
be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) ==
|
be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) ==
|
||||||
(char *)dup - (char *)hdr);
|
(char *)dup - (char *)hdr);
|
||||||
@ -164,6 +166,8 @@ __xfs_dir3_data_check(
|
|||||||
XFS_WANT_CORRUPTED_RETURN(mp, dep->namelen != 0);
|
XFS_WANT_CORRUPTED_RETURN(mp, dep->namelen != 0);
|
||||||
XFS_WANT_CORRUPTED_RETURN(mp,
|
XFS_WANT_CORRUPTED_RETURN(mp,
|
||||||
!xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)));
|
!xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)));
|
||||||
|
XFS_WANT_CORRUPTED_RETURN(mp, endp >=
|
||||||
|
p + ops->data_entsize(dep->namelen));
|
||||||
XFS_WANT_CORRUPTED_RETURN(mp,
|
XFS_WANT_CORRUPTED_RETURN(mp,
|
||||||
be16_to_cpu(*ops->data_entry_tag_p(dep)) ==
|
be16_to_cpu(*ops->data_entry_tag_p(dep)) ==
|
||||||
(char *)dep - (char *)hdr);
|
(char *)dep - (char *)hdr);
|
||||||
|
@ -1638,6 +1638,10 @@ xfs_refcount_recover_cow_leftovers(
|
|||||||
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
|
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
|
||||||
if (error)
|
if (error)
|
||||||
goto out_trans;
|
goto out_trans;
|
||||||
|
if (!agbp) {
|
||||||
|
error = -ENOMEM;
|
||||||
|
goto out_trans;
|
||||||
|
}
|
||||||
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
|
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
|
||||||
|
|
||||||
/* Find all the leftover CoW staging extents. */
|
/* Find all the leftover CoW staging extents. */
|
||||||
|
@ -111,6 +111,9 @@ restart:
|
|||||||
skipped = 0;
|
skipped = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
/* we're done if id overflows back to zero */
|
||||||
|
if (!next_index)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (skipped) {
|
if (skipped) {
|
||||||
|
@ -170,6 +170,8 @@ xfs_reflink_find_shared(
|
|||||||
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
|
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
|
||||||
if (error)
|
if (error)
|
||||||
return error;
|
return error;
|
||||||
|
if (!agbp)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
|
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
|
||||||
|
|
||||||
@ -329,7 +331,7 @@ xfs_reflink_convert_cow_extent(
|
|||||||
xfs_filblks_t count_fsb,
|
xfs_filblks_t count_fsb,
|
||||||
struct xfs_defer_ops *dfops)
|
struct xfs_defer_ops *dfops)
|
||||||
{
|
{
|
||||||
xfs_fsblock_t first_block;
|
xfs_fsblock_t first_block = NULLFSBLOCK;
|
||||||
int nimaps = 1;
|
int nimaps = 1;
|
||||||
|
|
||||||
if (imap->br_state == XFS_EXT_NORM)
|
if (imap->br_state == XFS_EXT_NORM)
|
||||||
|
Loading…
Reference in New Issue
Block a user