From: Christoph Hellwig <hch@lst.de>
To: stable@vger.kernel.org
Cc: linux-xfs@vger.kernel.org,
"Darrick J. Wong" <darrick.wong@oracle.com>,
Dave Chinner <david@fromorbit.com>
Subject: [PATCH 23/32] xfs: don't crash if reading a directory results in an unexpected hole
Date: Mon, 9 Jan 2017 16:38:54 +0100 [thread overview]
Message-ID: <1483976343-661-24-git-send-email-hch@lst.de> (raw)
In-Reply-To: <1483976343-661-1-git-send-email-hch@lst.de>
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit 96a3aefb8ffde23180130460b0b2407b328eb727 upstream.
In xfs_dir3_data_read, we can encounter the situation where err == 0 and
*bpp == NULL if the given bno offset happens to be a hole; this leads to
a crash if we try to set the buffer type after the _da_read_buf call.
Holes can happen due to corrupt or malicious entries in the bmbt data,
so be a little more careful when we're handling buffers.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
---
fs/xfs/libxfs/xfs_dir2_data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index 725fc78..e526f5a 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -329,7 +329,7 @@ xfs_dir3_data_read(
err = xfs_da_read_buf(tp, dp, bno, mapped_bno, bpp,
XFS_DATA_FORK, &xfs_dir3_data_buf_ops);
- if (!err && tp)
+ if (!err && tp && *bpp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_DATA_BUF);
return err;
}
--
2.1.4
next prev parent reply other threads:[~2017-01-09 15:40 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-09 15:38 4.9-stable updates for XFS Christoph Hellwig
2017-01-09 15:38 ` [PATCH 01/32] xfs: don't call xfs_sb_quota_from_disk twice Christoph Hellwig
2017-01-09 15:38 ` [PATCH 02/32] xfs: check return value of _trans_reserve_quota_nblks Christoph Hellwig
2017-01-09 15:38 ` [PATCH 03/32] xfs: don't skip cow forks w/ delalloc blocks in cowblocks scan Christoph Hellwig
2017-01-09 15:38 ` [PATCH 04/32] xfs: don't BUG() on mixed direct and mapped I/O Christoph Hellwig
2017-01-09 15:38 ` [PATCH 05/32] xfs: provide helper for counting extents from if_bytes Christoph Hellwig
2017-01-09 15:38 ` [PATCH 06/32] xfs: check minimum block size for CRC filesystems Christoph Hellwig
2017-01-09 15:38 ` [PATCH 07/32] xfs: fix unbalanced inode reclaim flush locking Christoph Hellwig
2017-01-09 15:38 ` [PATCH 08/32] xfs: new inode extent list lookup helpers Christoph Hellwig
2017-01-09 15:38 ` [PATCH 09/32] xfs: factor rmap btree size into the indlen calculations Christoph Hellwig
2017-01-09 15:38 ` [PATCH 10/32] xfs: always succeed when deduping zero bytes Christoph Hellwig
2017-01-09 15:38 ` [PATCH 11/32] xfs: remove prev argument to xfs_bmapi_reserve_delalloc Christoph Hellwig
2017-01-09 15:38 ` [PATCH 12/32] xfs: track preallocation separately in xfs_bmapi_reserve_delalloc() Christoph Hellwig
2017-01-09 15:38 ` [PATCH 13/32] xfs: use new extent lookup helpers in __xfs_reflink_reserve_cow Christoph Hellwig
2017-01-09 15:38 ` [PATCH 14/32] xfs: clean up cow fork reservation and tag inodes correctly Christoph Hellwig
2017-01-09 15:38 ` [PATCH 15/32] xfs: use new extent lookup helpers xfs_file_iomap_begin_delay Christoph Hellwig
2017-01-09 15:38 ` [PATCH 16/32] xfs: pass post-eof speculative prealloc blocks to bmapi Christoph Hellwig
2017-01-09 15:38 ` [PATCH 17/32] xfs: Move AGI buffer type setting to xfs_read_agi Christoph Hellwig
2017-01-09 15:38 ` [PATCH 18/32] xfs: pass state not whichfork to trace_xfs_extlist Christoph Hellwig
2017-01-09 15:38 ` [PATCH 19/32] xfs: handle cow fork in xfs_bmap_trace_exlist Christoph Hellwig
2017-01-09 15:38 ` [PATCH 20/32] xfs: forbid AG btrees with level == 0 Christoph Hellwig
2017-01-09 15:38 ` [PATCH 21/32] xfs: check for bogus values in btree block headers Christoph Hellwig
2017-01-09 15:38 ` [PATCH 22/32] xfs: complain if we don't get nextents bmap records Christoph Hellwig
2017-01-09 15:38 ` Christoph Hellwig [this message]
2017-01-09 15:38 ` [PATCH 24/32] xfs: error out if trying to add attrs and anextents > 0 Christoph Hellwig
2017-01-09 15:38 ` [PATCH 25/32] xfs: don't allow di_size with high bit set Christoph Hellwig
2017-01-09 15:38 ` [PATCH 26/32] xfs: don't cap maximum dedupe request length Christoph Hellwig
2017-01-09 15:38 ` [PATCH 27/32] xfs: ignore leaf attr ichdr.count in verifier during log replay Christoph Hellwig
2017-01-09 15:38 ` [PATCH 28/32] xfs: use GPF_NOFS when allocating btree cursors Christoph Hellwig
2017-01-09 15:39 ` [PATCH 29/32] xfs: fix double-cleanup when CUI recovery fails Christoph Hellwig
2017-01-09 15:39 ` [PATCH 30/32] xfs: use the actual AG length when reserving blocks Christoph Hellwig
2017-01-09 15:39 ` [PATCH 31/32] xfs: fix crash and data corruption due to removal of busy COW extents Christoph Hellwig
2017-01-09 15:39 ` [PATCH 32/32] xfs: fix max_retries _show and _store functions Christoph Hellwig
2017-01-10 0:21 ` 4.9-stable updates for XFS Darrick J. Wong
2017-01-10 10:37 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483976343-661-24-git-send-email-hch@lst.de \
--to=hch@lst.de \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).