linux

mainlining shenanigans

Go to file

Qu Wenruo 6282675e67 btrfs: relocation: fix reloc_root lifespan and access [BUG] There are several different KASAN reports for balance + snapshot workloads. Involved call paths include: should_ignore_root+0x54/0xb0 [btrfs] build_backref_tree+0x11af/0x2280 [btrfs] relocate_tree_blocks+0x391/0xb80 [btrfs] relocate_block_group+0x3e5/0xa00 [btrfs] btrfs_relocate_block_group+0x240/0x4d0 [btrfs] btrfs_relocate_chunk+0x53/0xf0 [btrfs] btrfs_balance+0xc91/0x1840 [btrfs] btrfs_ioctl_balance+0x416/0x4e0 [btrfs] btrfs_ioctl+0x8af/0x3e60 [btrfs] do_vfs_ioctl+0x831/0xb10 create_reloc_root+0x9f/0x460 [btrfs] btrfs_reloc_post_snapshot+0xff/0x6c0 [btrfs] create_pending_snapshot+0xa9b/0x15f0 [btrfs] create_pending_snapshots+0x111/0x140 [btrfs] btrfs_commit_transaction+0x7a6/0x1360 [btrfs] btrfs_mksubvol+0x915/0x960 [btrfs] btrfs_ioctl_snap_create_transid+0x1d5/0x1e0 [btrfs] btrfs_ioctl_snap_create_v2+0x1d3/0x270 [btrfs] btrfs_ioctl+0x241b/0x3e60 [btrfs] do_vfs_ioctl+0x831/0xb10 btrfs_reloc_pre_snapshot+0x85/0xc0 [btrfs] create_pending_snapshot+0x209/0x15f0 [btrfs] create_pending_snapshots+0x111/0x140 [btrfs] btrfs_commit_transaction+0x7a6/0x1360 [btrfs] btrfs_mksubvol+0x915/0x960 [btrfs] btrfs_ioctl_snap_create_transid+0x1d5/0x1e0 [btrfs] btrfs_ioctl_snap_create_v2+0x1d3/0x270 [btrfs] btrfs_ioctl+0x241b/0x3e60 [btrfs] do_vfs_ioctl+0x831/0xb10 [CAUSE] All these call sites are only relying on root->reloc_root, which can undergo btrfs_drop_snapshot(), and since we don't have real refcount based protection to reloc roots, we can reach already dropped reloc root, triggering KASAN. [FIX] To avoid such access to unstable root->reloc_root, we should check BTRFS_ROOT_DEAD_RELOC_TREE bit first. This patch introduces wrappers that provide the correct way to check the bit with memory barriers protection. Most callers don't distinguish merged reloc tree and no reloc tree. The only exception is should_ignore_root(), as merged reloc tree can be ignored, while no reloc tree shouldn't. [CRITICAL SECTION ANALYSIS] Although test_bit()/set_bit()/clear_bit() doesn't imply a barrier, the DEAD_RELOC_TREE bit has extra help from transaction as a higher level barrier, the lifespan of root::reloc_root and DEAD_RELOC_TREE bit are: NULL: reloc_root is NULL PTR: reloc_root is not NULL 0: DEAD_RELOC_ROOT bit not set DEAD: DEAD_RELOC_ROOT bit set (NULL, 0) Initial state __ \| /\ Section A btrfs_init_reloc_root() \/ \| __ (PTR, 0) reloc_root initialized /\ \| \| btrfs_update_reloc_root() \| Section B \| \| (PTR, DEAD) reloc_root has been merged \/ \| __ === btrfs_commit_transaction() ==================== \| /\ clean_dirty_subvols() \| \| \| Section C (NULL, DEAD) reloc_root cleanup starts \/ \| __ btrfs_drop_snapshot() /\ \| \| Section D (NULL, 0) Back to initial state \/ Every have_reloc_root() or test_bit(DEAD_RELOC_ROOT) caller holds transaction handle, so none of such caller can cross transaction boundary. In Section A, every caller just found no DEAD bit, and grab reloc_root. In the cross section A-B, caller may get no DEAD bit, but since reloc_root is still completely valid thus accessing reloc_root is completely safe. No test_bit() caller can cross the boundary of Section B and Section C. In Section C, every caller found the DEAD bit, so no one will access reloc_root. In the cross section C-D, either caller gets the DEAD bit set, avoiding access reloc_root no matter if it's safe or not. Or caller get the DEAD bit cleared, then access reloc_root, which is already NULL, nothing will be wrong. The memory write barriers are between the reloc_root updates and bit set/clear, the pairing read side is before test_bit. Reported-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org> Fixes: `d2311e6985` ("btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> [ barriers ] Signed-off-by: David Sterba <dsterba@suse.com>		2020-01-13 23:10:56 +01:00
arch	Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2019-11-16 16:10:59 -08:00
block	iocost: check active_list of all the ancestors in iocg_activate()	2019-11-14 13:56:54 -07:00
certs	PKCS#7: Refactor verify_pkcs7_signature()	2019-08-05 18:40:18 -04:00
crypto	Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2019-09-28 08:14:15 -07:00
Documentation	Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2019-11-12 10:53:24 -08:00
drivers	Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux	2019-11-17 08:15:41 -08:00
fs	btrfs: relocation: fix reloc_root lifespan and access	2020-01-13 23:10:56 +01:00
include	btrfs: rename btrfs_block_group_cache	2019-11-18 17:51:51 +01:00
init	Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2019-09-28 08:14:15 -07:00
ipc	ipc/sem.c: convert to use built-in RCU list checking	2019-09-25 17:51:41 -07:00
kernel	Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2019-11-17 08:30:38 -08:00
lib	lib/xz: fix XZ_DYNALLOC to avoid useless memory reallocations	2019-11-15 18:34:00 -08:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	mm/debug.c: PageAnon() is true for PageKsm() pages	2019-11-15 18:34:00 -08:00
net	ipmr: Fix skb headroom in ipmr_get_route().	2019-11-16 13:06:54 -08:00
samples	samples/bpf: fix build by setting HAVE_ATTR_TEST to zero	2019-10-31 21:39:15 +01:00
scripts	arm64 fix for -rc8 / final	2019-11-15 09:14:23 -08:00
security	efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN	2019-10-31 09:40:21 +01:00
sound	ALSA: usb-audio: Fix incorrect size check for processing/extension units	2019-11-14 18:01:22 +01:00
tools	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-11-16 15:52:00 -08:00
usr	kbuild: update compile-test header list for v5.4-rc2	2019-10-05 15:29:49 +09:00
virt	KVM: Add a comment describing the /dev/kvm no_compat handling	2019-11-15 10:14:04 +01:00
.clang-format	clang-format: Update with the latest for_each macro list	2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	Modules updates for v5.4	2019-09-22 10:34:46 -07:00
.mailmap	ARM: SoC fixes	2019-11-10 13:41:59 -08:00
COPYING	COPYING: use the new text with points to the license files	2018-03-23 12:41:45 -06:00
CREDITS	MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer	2019-10-10 08:12:51 -07:00
Kbuild	kbuild: do not descend to ./Kbuild when cleaning	2019-08-21 21:03:58 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	IOMMU Fixes for Linux v5.4-rc7	2019-11-17 11:27:44 -08:00
Makefile	Linux 5.4-rc8	2019-11-17 14:47:30 -08:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.