diff for duplicates of <20220407011521.115014-1-sashal@kernel.org> diff --git a/a/1.txt b/N1/1.txt index 08c737e..b5200e7 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,6 +1,61 @@ -A non-text attachment was scrubbed... -Name: not available -Type: application/octet-stream -Size: 2004 bytes -Desc: not available -URL: <http://listman.redhat.com/archives/cluster-devel/attachments/20220406/48cc3156/attachment.obj> +From: Bob Peterson <rpeterso@redhat.com> + +[ Upstream commit 428f651cb80b227af47fc302e4931791f2fb4741 ] + +Before this patch, function read_rindex_entry called compute_bitstructs +before it allocated a glock for the rgrp. But if compute_bitstructs found +a problem with the rgrp, it called gfs2_consist_rgrpd, and that called +gfs2_dump_glock for rgd->rd_gl which had not yet been assigned. + +read_rindex_entry + compute_bitstructs + gfs2_consist_rgrpd + gfs2_dump_glock <---------rgd->rd_gl was not set. + +This patch changes read_rindex_entry so it assigns an rgrp glock before +calling compute_bitstructs so gfs2_dump_glock does not reference an +unassigned pointer. If an error is discovered, the glock must also be +put, so a new goto and label were added. + +Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com +Signed-off-by: Bob Peterson <rpeterso@redhat.com> +Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + fs/gfs2/rgrp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c +index c056ed5c6df3..767d188e5e50 100644 +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -925,15 +925,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) + rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); + spin_lock_init(&rgd->rd_rsspin); + +- error = compute_bitstructs(rgd); +- if (error) +- goto fail; +- + error = gfs2_glock_get(sdp, rgd->rd_addr, + &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); + if (error) + goto fail; + ++ error = compute_bitstructs(rgd); ++ if (error) ++ goto fail_glock; ++ + rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; + rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); + if (rgd->rd_data > sdp->sd_max_rg_data) +@@ -950,6 +950,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) + } + + error = 0; /* someone else read in the rgrp; free it and ignore it */ ++fail_glock: + gfs2_glock_put(rgd->rd_gl); + + fail: +-- +2.35.1 diff --git a/a/content_digest b/N1/content_digest index 3969136..96ab216 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,14 +1,75 @@ "From\0Sasha Levin <sashal@kernel.org>\0" - "Subject\0[Cluster-devel] [PATCH AUTOSEL 5.4 01/17] gfs2: assign rgrp glock before compute_bitstructs\0" + "Subject\0[PATCH AUTOSEL 5.4 01/17] gfs2: assign rgrp glock before compute_bitstructs\0" "Date\0Wed, 6 Apr 2022 21:15:05 -0400\0" - "To\0cluster-devel.redhat.com\0" + "To\0linux-kernel@vger.kernel.org" + " stable@vger.kernel.org\0" + "Cc\0Bob Peterson <rpeterso@redhat.com>" + syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com + Andreas Gruenbacher <agruenba@redhat.com> + Sasha Levin <sashal@kernel.org> + " cluster-devel@redhat.com\0" "\00:1\0" "b\0" - "A non-text attachment was scrubbed...\n" - "Name: not available\n" - "Type: application/octet-stream\n" - "Size: 2004 bytes\n" - "Desc: not available\n" - URL: <http://listman.redhat.com/archives/cluster-devel/attachments/20220406/48cc3156/attachment.obj> + "From: Bob Peterson <rpeterso@redhat.com>\n" + "\n" + "[ Upstream commit 428f651cb80b227af47fc302e4931791f2fb4741 ]\n" + "\n" + "Before this patch, function read_rindex_entry called compute_bitstructs\n" + "before it allocated a glock for the rgrp. But if compute_bitstructs found\n" + "a problem with the rgrp, it called gfs2_consist_rgrpd, and that called\n" + "gfs2_dump_glock for rgd->rd_gl which had not yet been assigned.\n" + "\n" + "read_rindex_entry\n" + " compute_bitstructs\n" + " gfs2_consist_rgrpd\n" + " gfs2_dump_glock <---------rgd->rd_gl was not set.\n" + "\n" + "This patch changes read_rindex_entry so it assigns an rgrp glock before\n" + "calling compute_bitstructs so gfs2_dump_glock does not reference an\n" + "unassigned pointer. If an error is discovered, the glock must also be\n" + "put, so a new goto and label were added.\n" + "\n" + "Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com\n" + "Signed-off-by: Bob Peterson <rpeterso@redhat.com>\n" + "Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>\n" + "Signed-off-by: Sasha Levin <sashal@kernel.org>\n" + "---\n" + " fs/gfs2/rgrp.c | 9 +++++----\n" + " 1 file changed, 5 insertions(+), 4 deletions(-)\n" + "\n" + "diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c\n" + "index c056ed5c6df3..767d188e5e50 100644\n" + "--- a/fs/gfs2/rgrp.c\n" + "+++ b/fs/gfs2/rgrp.c\n" + "@@ -925,15 +925,15 @@ static int read_rindex_entry(struct gfs2_inode *ip)\n" + " \trgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes);\n" + " \tspin_lock_init(&rgd->rd_rsspin);\n" + " \n" + "-\terror = compute_bitstructs(rgd);\n" + "-\tif (error)\n" + "-\t\tgoto fail;\n" + "-\n" + " \terror = gfs2_glock_get(sdp, rgd->rd_addr,\n" + " \t\t\t &gfs2_rgrp_glops, CREATE, &rgd->rd_gl);\n" + " \tif (error)\n" + " \t\tgoto fail;\n" + " \n" + "+\terror = compute_bitstructs(rgd);\n" + "+\tif (error)\n" + "+\t\tgoto fail_glock;\n" + "+\n" + " \trgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr;\n" + " \trgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED);\n" + " \tif (rgd->rd_data > sdp->sd_max_rg_data)\n" + "@@ -950,6 +950,7 @@ static int read_rindex_entry(struct gfs2_inode *ip)\n" + " \t}\n" + " \n" + " \terror = 0; /* someone else read in the rgrp; free it and ignore it */\n" + "+fail_glock:\n" + " \tgfs2_glock_put(rgd->rd_gl);\n" + " \n" + " fail:\n" + "-- \n" + 2.35.1 -10f98fa836ccdce303b81a4c4bf5969e9a14315ebbca104a4376b6cb40b65a9e +a3200dec0a571cc0f2fb49c02a1adf5a206951bda728b7f4e84d89a03ef169a9
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.