From: <gregkh@linuxfoundation.org>
To: catherine.hoang@oracle.com,djwong@kernel.org,gregkh@linuxfoundation.org,hch@lst.de,xfs-stable@lists.linux.dev
Cc: <stable-commits@vger.kernel.org>
Subject: Patch "xfs: fix a sloppy memory handling bug in xfs_iroot_realloc" has been added to the 6.6-stable tree
Date: Fri, 21 Feb 2025 16:23:28 +0100 [thread overview]
Message-ID: <2025022128-refocus-rubdown-38eb@gregkh> (raw)
In-Reply-To: <20250205214025.72516-4-catherine.hoang@oracle.com>
This is a note to let you know that I've just added the patch titled
xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xfs-fix-a-sloppy-memory-handling-bug-in-xfs_iroot_realloc.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
From stable+bounces-113969-greg=kroah.com@vger.kernel.org Wed Feb 5 22:40:47 2025
From: Catherine Hoang <catherine.hoang@oracle.com>
Date: Wed, 5 Feb 2025 13:40:04 -0800
Subject: xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
To: stable@vger.kernel.org
Cc: xfs-stable@lists.linux.dev
Message-ID: <20250205214025.72516-4-catherine.hoang@oracle.com>
From: "Darrick J. Wong" <djwong@kernel.org>
commit de55149b6639e903c4d06eb0474ab2c05060e61d upstream.
While refactoring code, I noticed that when xfs_iroot_realloc tries to
shrink a bmbt root block, it allocates a smaller new block and then
copies "records" and pointers to the new block. However, bmbt root
blocks cannot ever be leaves, which means that it's not technically
correct to copy records. We /should/ be copying keys.
Note that this has never resulted in actual memory corruption because
sizeof(bmbt_rec) == (sizeof(bmbt_key) + sizeof(bmbt_ptr)). However,
this will no longer be true when we start adding realtime rmap stuff,
so fix this now.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_inode_fork.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -449,15 +449,15 @@ xfs_iroot_realloc(
}
/*
- * Only copy the records and pointers if there are any.
+ * Only copy the keys and pointers if there are any.
*/
if (new_max > 0) {
/*
- * First copy the records.
+ * First copy the keys.
*/
- op = (char *)XFS_BMBT_REC_ADDR(mp, ifp->if_broot, 1);
- np = (char *)XFS_BMBT_REC_ADDR(mp, new_broot, 1);
- memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_rec_t));
+ op = (char *)XFS_BMBT_KEY_ADDR(mp, ifp->if_broot, 1);
+ np = (char *)XFS_BMBT_KEY_ADDR(mp, new_broot, 1);
+ memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_key_t));
/*
* Then copy the pointers.
Patches currently in stable-queue which might be from catherine.hoang@oracle.com are
queue-6.6/xfs-return-bool-from-xfs_attr3_leaf_add.patch
queue-6.6/xfs-fix-a-sloppy-memory-handling-bug-in-xfs_iroot_realloc.patch
queue-6.6/xfs-streamline-xfs_filestream_pick_ag.patch
queue-6.6/xfs-merge-xfs_attr_leaf_try_add-into-xfs_attr_leaf_addname.patch
queue-6.6/xfs-don-t-free-cowblocks-from-under-dirty-pagecache-on-unshare.patch
queue-6.6/xfs-pass-the-exact-range-to-initialize-to-xfs_initialize_perag.patch
queue-6.6/xfs-assert-a-valid-limit-in-xfs_rtfind_forw.patch
queue-6.6/xfs-don-t-use-__gfp_retry_mayfail-in-xfs_initialize_perag.patch
queue-6.6/xfs-use-try_cmpxchg-in-xlog_cil_insert_pcp_aggregate.patch
queue-6.6/xfs-don-t-ifdef-around-the-exact-minlen-allocations.patch
queue-6.6/xfs-reduce-unnecessary-searches-when-searching-for-the-best-extents.patch
queue-6.6/xfs-validate-inumber-in-xfs_iget.patch
queue-6.6/xfs-support-lowmode-allocations-in-xfs_bmap_exact_minlen_extent_alloc.patch
queue-6.6/xfs-skip-background-cowblock-trims-on-inodes-open-for-write.patch
queue-6.6/xfs-remove-empty-declartion-in-header-file.patch
queue-6.6/xfs-fold-xfs_bmap_alloc_userdata-into-xfs_bmapi_allocate.patch
queue-6.6/xfs-update-the-file-system-geometry-after-recoverying-superblock-buffers.patch
queue-6.6/xfs-call-xfs_bmap_exact_minlen_extent_alloc-from-xfs_bmap_btalloc.patch
queue-6.6/xfs-distinguish-extra-split-from-real-enospc-from-xfs_attr_node_try_addname.patch
queue-6.6/xfs-error-out-when-a-superblock-buffer-update-reduces-the-agcount.patch
queue-6.6/xfs-update-the-pag-for-the-last-ag-at-recovery-time.patch
queue-6.6/xfs-check-for-delayed-allocations-before-setting-extsize.patch
queue-6.6/xfs-fix-a-typo.patch
queue-6.6/xfs-distinguish-extra-split-from-real-enospc-from-xfs_attr3_leaf_split.patch
next prev parent reply other threads:[~2025-02-21 15:24 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-05 21:40 [PATCH 6.6 00/24] xfs backports for 6.6.y (from 6.12) Catherine Hoang
2025-02-05 21:40 ` [PATCH 6.6 01/24] xfs: assert a valid limit in xfs_rtfind_forw Catherine Hoang
2025-02-07 22:51 ` Sasha Levin
2025-02-21 15:23 ` Patch "xfs: assert a valid limit in xfs_rtfind_forw" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 02/24] xfs: validate inumber in xfs_iget Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: validate inumber in xfs_iget" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 03/24] xfs: fix a sloppy memory handling bug in xfs_iroot_realloc Catherine Hoang
2025-02-21 15:23 ` gregkh [this message]
2025-02-05 21:40 ` [PATCH 6.6 04/24] xfs: fix a typo Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: fix a typo" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 05/24] xfs: skip background cowblock trims on inodes open for write Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: skip background cowblock trims on inodes open for write" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 06/24] xfs: don't free cowblocks from under dirty pagecache on unshare Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: don't free cowblocks from under dirty pagecache on unshare" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 07/24] xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 08/24] xfs: return bool from xfs_attr3_leaf_add Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: return bool from xfs_attr3_leaf_add" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 09/24] xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 10/24] xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: distinguish extra split from real ENOSPC from xfs_attr_node_try_addname" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 11/24] xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 12/24] xfs: don't ifdef around the exact minlen allocations Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: don't ifdef around the exact minlen allocations" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 13/24] xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 14/24] xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 15/24] xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate() Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()" has been added to the 6.6-stable tree gregkh
2025-02-21 15:33 ` Uros Bizjak
2025-02-21 15:57 ` Greg KH
2025-02-05 21:40 ` [PATCH 6.6 16/24] xfs: Remove empty declartion in header file Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: Remove empty declartion in header file" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 17/24] xfs: pass the exact range to initialize to xfs_initialize_perag Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: pass the exact range to initialize to xfs_initialize_perag" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 18/24] xfs: update the file system geometry after recoverying superblock buffers Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: update the file system geometry after recoverying superblock buffers" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 19/24] xfs: error out when a superblock buffer update reduces the agcount Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: error out when a superblock buffer update reduces the agcount" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 20/24] xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 21/24] xfs: update the pag for the last AG at recovery time Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: update the pag for the last AG at recovery time" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 22/24] xfs: Reduce unnecessary searches when searching for the best extents Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: Reduce unnecessary searches when searching for the best extents" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 23/24] xfs: streamline xfs_filestream_pick_ag Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: streamline xfs_filestream_pick_ag" has been added to the 6.6-stable tree gregkh
2025-02-05 21:40 ` [PATCH 6.6 24/24] xfs: Check for delayed allocations before setting extsize Catherine Hoang
2025-02-21 15:23 ` Patch "xfs: Check for delayed allocations before setting extsize" has been added to the 6.6-stable tree gregkh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025022128-refocus-rubdown-38eb@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=catherine.hoang@oracle.com \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=stable-commits@vger.kernel.org \
--cc=xfs-stable@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.