diff for duplicates of <20220407011609.115258-1-sashal@kernel.org> diff --git a/a/1.txt b/N1/1.txt index e2f4f09..6ceb1b9 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,6 +1,61 @@ -A non-text attachment was scrubbed... -Name: not available -Type: application/octet-stream -Size: 2004 bytes -Desc: not available -URL: <http://listman.redhat.com/archives/cluster-devel/attachments/20220406/5adc02cc/attachment.obj> +From: Bob Peterson <rpeterso@redhat.com> + +[ Upstream commit 428f651cb80b227af47fc302e4931791f2fb4741 ] + +Before this patch, function read_rindex_entry called compute_bitstructs +before it allocated a glock for the rgrp. But if compute_bitstructs found +a problem with the rgrp, it called gfs2_consist_rgrpd, and that called +gfs2_dump_glock for rgd->rd_gl which had not yet been assigned. + +read_rindex_entry + compute_bitstructs + gfs2_consist_rgrpd + gfs2_dump_glock <---------rgd->rd_gl was not set. + +This patch changes read_rindex_entry so it assigns an rgrp glock before +calling compute_bitstructs so gfs2_dump_glock does not reference an +unassigned pointer. If an error is discovered, the glock must also be +put, so a new goto and label were added. + +Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com +Signed-off-by: Bob Peterson <rpeterso@redhat.com> +Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + fs/gfs2/rgrp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c +index 054fdfd4fb8b..76b11b33592d 100644 +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -926,15 +926,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) + rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); + spin_lock_init(&rgd->rd_rsspin); + +- error = compute_bitstructs(rgd); +- if (error) +- goto fail; +- + error = gfs2_glock_get(sdp, rgd->rd_addr, + &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); + if (error) + goto fail; + ++ error = compute_bitstructs(rgd); ++ if (error) ++ goto fail_glock; ++ + rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; + rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); + if (rgd->rd_data > sdp->sd_max_rg_data) +@@ -951,6 +951,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) + } + + error = 0; /* someone else read in the rgrp; free it and ignore it */ ++fail_glock: + gfs2_glock_put(rgd->rd_gl); + + fail: +-- +2.35.1 diff --git a/a/content_digest b/N1/content_digest index 67c126e..0bf5227 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,14 +1,75 @@ "From\0Sasha Levin <sashal@kernel.org>\0" - "Subject\0[Cluster-devel] [PATCH AUTOSEL 4.19 01/11] gfs2: assign rgrp glock before compute_bitstructs\0" + "Subject\0[PATCH AUTOSEL 4.19 01/11] gfs2: assign rgrp glock before compute_bitstructs\0" "Date\0Wed, 6 Apr 2022 21:15:58 -0400\0" - "To\0cluster-devel.redhat.com\0" + "To\0linux-kernel@vger.kernel.org" + " stable@vger.kernel.org\0" + "Cc\0Bob Peterson <rpeterso@redhat.com>" + syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com + Andreas Gruenbacher <agruenba@redhat.com> + Sasha Levin <sashal@kernel.org> + " cluster-devel@redhat.com\0" "\00:1\0" "b\0" - "A non-text attachment was scrubbed...\n" - "Name: not available\n" - "Type: application/octet-stream\n" - "Size: 2004 bytes\n" - "Desc: not available\n" - URL: <http://listman.redhat.com/archives/cluster-devel/attachments/20220406/5adc02cc/attachment.obj> + "From: Bob Peterson <rpeterso@redhat.com>\n" + "\n" + "[ Upstream commit 428f651cb80b227af47fc302e4931791f2fb4741 ]\n" + "\n" + "Before this patch, function read_rindex_entry called compute_bitstructs\n" + "before it allocated a glock for the rgrp. But if compute_bitstructs found\n" + "a problem with the rgrp, it called gfs2_consist_rgrpd, and that called\n" + "gfs2_dump_glock for rgd->rd_gl which had not yet been assigned.\n" + "\n" + "read_rindex_entry\n" + " compute_bitstructs\n" + " gfs2_consist_rgrpd\n" + " gfs2_dump_glock <---------rgd->rd_gl was not set.\n" + "\n" + "This patch changes read_rindex_entry so it assigns an rgrp glock before\n" + "calling compute_bitstructs so gfs2_dump_glock does not reference an\n" + "unassigned pointer. If an error is discovered, the glock must also be\n" + "put, so a new goto and label were added.\n" + "\n" + "Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com\n" + "Signed-off-by: Bob Peterson <rpeterso@redhat.com>\n" + "Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>\n" + "Signed-off-by: Sasha Levin <sashal@kernel.org>\n" + "---\n" + " fs/gfs2/rgrp.c | 9 +++++----\n" + " 1 file changed, 5 insertions(+), 4 deletions(-)\n" + "\n" + "diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c\n" + "index 054fdfd4fb8b..76b11b33592d 100644\n" + "--- a/fs/gfs2/rgrp.c\n" + "+++ b/fs/gfs2/rgrp.c\n" + "@@ -926,15 +926,15 @@ static int read_rindex_entry(struct gfs2_inode *ip)\n" + " \trgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes);\n" + " \tspin_lock_init(&rgd->rd_rsspin);\n" + " \n" + "-\terror = compute_bitstructs(rgd);\n" + "-\tif (error)\n" + "-\t\tgoto fail;\n" + "-\n" + " \terror = gfs2_glock_get(sdp, rgd->rd_addr,\n" + " \t\t\t &gfs2_rgrp_glops, CREATE, &rgd->rd_gl);\n" + " \tif (error)\n" + " \t\tgoto fail;\n" + " \n" + "+\terror = compute_bitstructs(rgd);\n" + "+\tif (error)\n" + "+\t\tgoto fail_glock;\n" + "+\n" + " \trgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr;\n" + " \trgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED);\n" + " \tif (rgd->rd_data > sdp->sd_max_rg_data)\n" + "@@ -951,6 +951,7 @@ static int read_rindex_entry(struct gfs2_inode *ip)\n" + " \t}\n" + " \n" + " \terror = 0; /* someone else read in the rgrp; free it and ignore it */\n" + "+fail_glock:\n" + " \tgfs2_glock_put(rgd->rd_gl);\n" + " \n" + " fail:\n" + "-- \n" + 2.35.1 -348a8358096bf759fa5f5d8ef714a131ae32ab5fe397dc4f1a05f2ad08f5f2b6 +92fb18cc7ea5ab9fb095a5b94ae0493f19422f1423bf4764c5e64dba995a0dfd
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.