From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-xfs@vger.kernel.org,
"Darrick J. Wong" <darrick.wong@oracle.com>
Subject: [PATCH 4.9 40/78] xfs: dont crash on unexpected holes in dir/attr btrees
Date: Mon, 18 Sep 2017 11:11:49 +0200 [thread overview]
Message-ID: <20170918091132.407510627@linuxfoundation.org> (raw)
In-Reply-To: <20170918091126.077483037@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit cd87d867920155911d0d2e6485b769d853547750 upstream.
In quite a few places we call xfs_da_read_buf with a mappedbno that we
don't control, then assume that the function passes back either an error
code or a buffer pointer. Unfortunately, if mappedbno == -2 and bno
maps to a hole, we get a return code of zero and a NULL buffer, which
means that we crash if we actually try to use that buffer pointer. This
happens immediately when we set the buffer type for transaction context.
Therefore, check that we have no error code and a non-NULL bp before
trying to use bp. This patch is a follow-up to an incomplete fix in
96a3aefb8ffde231 ("xfs: don't crash if reading a directory results in an
unexpected hole").
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_attr_leaf.c | 2 +-
fs/xfs/libxfs/xfs_da_btree.c | 2 +-
fs/xfs/libxfs/xfs_dir2_block.c | 2 +-
fs/xfs/libxfs/xfs_dir2_leaf.c | 4 ++--
4 files changed, 5 insertions(+), 5 deletions(-)
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -351,7 +351,7 @@ xfs_attr3_leaf_read(
err = xfs_da_read_buf(tp, dp, bno, mappedbno, bpp,
XFS_ATTR_FORK, &xfs_attr3_leaf_buf_ops);
- if (!err && tp)
+ if (!err && tp && *bpp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_ATTR_LEAF_BUF);
return err;
}
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -263,7 +263,7 @@ xfs_da3_node_read(
err = xfs_da_read_buf(tp, dp, bno, mappedbno, bpp,
which_fork, &xfs_da3_node_buf_ops);
- if (!err && tp) {
+ if (!err && tp && *bpp) {
struct xfs_da_blkinfo *info = (*bpp)->b_addr;
int type;
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -139,7 +139,7 @@ xfs_dir3_block_read(
err = xfs_da_read_buf(tp, dp, mp->m_dir_geo->datablk, -1, bpp,
XFS_DATA_FORK, &xfs_dir3_block_buf_ops);
- if (!err && tp)
+ if (!err && tp && *bpp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_BLOCK_BUF);
return err;
}
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -268,7 +268,7 @@ xfs_dir3_leaf_read(
err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
XFS_DATA_FORK, &xfs_dir3_leaf1_buf_ops);
- if (!err && tp)
+ if (!err && tp && *bpp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_LEAF1_BUF);
return err;
}
@@ -285,7 +285,7 @@ xfs_dir3_leafn_read(
err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
XFS_DATA_FORK, &xfs_dir3_leafn_buf_ops);
- if (!err && tp)
+ if (!err && tp && *bpp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_LEAFN_BUF);
return err;
}
next parent reply other threads:[~2017-09-18 9:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20170918091126.077483037@linuxfoundation.org>
2017-09-18 9:11 ` Greg Kroah-Hartman [this message]
2017-09-18 9:11 ` [PATCH 4.9 41/78] xfs: check _btree_check_block value Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 42/78] xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 43/78] xfs: check _alloc_read_agf buffer pointer before using Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 45/78] xfs: fix multi-AG deadlock in xfs_bunmapi Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 48/78] xfs: clear MS_ACTIVE after finishing log recovery Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 49/78] xfs: dont leak quotacheck dquots when cow recovery Greg Kroah-Hartman
2017-09-18 9:11 ` [PATCH 4.9 50/78] iomap: fix integer truncation issues in the zeroing and dirtying helpers Greg Kroah-Hartman
2017-09-18 9:12 ` [PATCH 4.9 53/78] xfs: remove xfs_trans_ail_delete_bulk Greg Kroah-Hartman
2017-09-18 9:12 ` [PATCH 4.9 73/78] xfs: disable per-inode DAX flag Greg Kroah-Hartman
2017-09-18 9:12 ` [PATCH 4.9 75/78] xfs: dont set v3 xflags for v2 inodes Greg Kroah-Hartman
2017-09-18 9:12 ` [PATCH 4.9 76/78] xfs: open code end_buffer_async_write in xfs_finish_page_writeback Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170918091132.407510627@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=darrick.wong@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).