From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Theodore Tso" <tytso@mit.edu>,
Lukas Czerner <lczerner@redhat.com>,
Lingzhu Xiang <lxiang@redhat.com>, CAI Qian <caiqian@redhat.com>
Subject: [ 41/68] ext4: use atomic64_t for the per-flexbg free_clusters count
Date: Tue, 2 Apr 2013 15:13:30 -0700 [thread overview]
Message-ID: <20130402221334.687311313@linuxfoundation.org> (raw)
In-Reply-To: <20130402221329.915209206@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 90ba983f6889e65a3b506b30dc606aa9d1d46cd2 upstream.
A user who was using a 8TB+ file system and with a very large flexbg
size (> 65536) could cause the atomic_t used in the struct flex_groups
to overflow. This was detected by PaX security patchset:
http://forums.grsecurity.net/viewtopic.php?f=3&t=3289&p=12551#p12551
This bug was introduced in commit 9f24e4208f7e, so it's been around
since 2.6.30. :-(
Fix this by using an atomic64_t for struct orlav_stats's
free_clusters.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Lingzhu Xiang <lxiang@redhat.com>
Reviewed-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 6 +++---
fs/ext4/ialloc.c | 4 ++--
fs/ext4/mballoc.c | 12 ++++++------
fs/ext4/resize.c | 4 ++--
fs/ext4/super.c | 4 ++--
5 files changed, 15 insertions(+), 15 deletions(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -316,9 +316,9 @@ struct ext4_group_desc
*/
struct flex_groups {
- atomic_t free_inodes;
- atomic_t free_clusters;
- atomic_t used_dirs;
+ atomic64_t free_clusters;
+ atomic_t free_inodes;
+ atomic_t used_dirs;
};
#define EXT4_BG_INODE_UNINIT 0x0001 /* Inode table/bitmap not in use */
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -305,8 +305,8 @@ error_return:
}
struct orlov_stats {
+ __u64 free_clusters;
__u32 free_inodes;
- __u32 free_clusters;
__u32 used_dirs;
};
@@ -323,7 +323,7 @@ static void get_orlov_stats(struct super
if (flex_size > 1) {
stats->free_inodes = atomic_read(&flex_group[g].free_inodes);
- stats->free_clusters = atomic_read(&flex_group[g].free_clusters);
+ stats->free_clusters = atomic64_read(&flex_group[g].free_clusters);
stats->used_dirs = atomic_read(&flex_group[g].used_dirs);
return;
}
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -2813,8 +2813,8 @@ ext4_mb_mark_diskspace_used(struct ext4_
if (sbi->s_log_groups_per_flex) {
ext4_group_t flex_group = ext4_flex_group(sbi,
ac->ac_b_ex.fe_group);
- atomic_sub(ac->ac_b_ex.fe_len,
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_sub(ac->ac_b_ex.fe_len,
+ &sbi->s_flex_groups[flex_group].free_clusters);
}
err = ext4_handle_dirty_metadata(handle, NULL, bitmap_bh);
@@ -4667,8 +4667,8 @@ do_more:
if (sbi->s_log_groups_per_flex) {
ext4_group_t flex_group = ext4_flex_group(sbi, block_group);
- atomic_add(count_clusters,
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_add(count_clusters,
+ &sbi->s_flex_groups[flex_group].free_clusters);
}
ext4_mb_unload_buddy(&e4b);
@@ -4812,8 +4812,8 @@ int ext4_group_add_blocks(handle_t *hand
if (sbi->s_log_groups_per_flex) {
ext4_group_t flex_group = ext4_flex_group(sbi, block_group);
- atomic_add(EXT4_NUM_B2C(sbi, blocks_freed),
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_add(EXT4_NUM_B2C(sbi, blocks_freed),
+ &sbi->s_flex_groups[flex_group].free_clusters);
}
ext4_mb_unload_buddy(&e4b);
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1219,8 +1219,8 @@ static void ext4_update_super(struct sup
sbi->s_log_groups_per_flex) {
ext4_group_t flex_group;
flex_group = ext4_flex_group(sbi, group_data[0].group);
- atomic_add(EXT4_NUM_B2C(sbi, free_blocks),
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_add(EXT4_NUM_B2C(sbi, free_blocks),
+ &sbi->s_flex_groups[flex_group].free_clusters);
atomic_add(EXT4_INODES_PER_GROUP(sb) * flex_gd->count,
&sbi->s_flex_groups[flex_group].free_inodes);
}
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1907,8 +1907,8 @@ static int ext4_fill_flex_info(struct su
flex_group = ext4_flex_group(sbi, i);
atomic_add(ext4_free_inodes_count(sb, gdp),
&sbi->s_flex_groups[flex_group].free_inodes);
- atomic_add(ext4_free_group_clusters(sb, gdp),
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_add(ext4_free_group_clusters(sb, gdp),
+ &sbi->s_flex_groups[flex_group].free_clusters);
atomic_add(ext4_used_dirs_count(sb, gdp),
&sbi->s_flex_groups[flex_group].used_dirs);
}
next prev parent reply other threads:[~2013-04-02 22:25 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-02 22:12 [ 00/68] 3.4.39-stable review Greg Kroah-Hartman
2013-04-02 22:12 ` [ 01/68] signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer Greg Kroah-Hartman
2013-04-02 22:12 ` [ 02/68] kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER Greg Kroah-Hartman
2013-04-02 22:12 ` [ 03/68] SUNRPC: Add barriers to ensure read ordering in rpc_wake_up_task_queue_locked Greg Kroah-Hartman
2013-04-02 22:12 ` [ 04/68] tile: expect new initramfs name from hypervisor file system Greg Kroah-Hartman
2013-04-02 22:12 ` [ 05/68] Bluetooth: Fix not closing SCO sockets in the BT_CONNECT2 state Greg Kroah-Hartman
2013-04-02 22:12 ` [ 06/68] Bluetooth: Add support for Dell[QCA 0cf3:0036] Greg Kroah-Hartman
2013-04-02 22:12 ` [ 07/68] Bluetooth: Add support for Dell[QCA 0cf3:817a] Greg Kroah-Hartman
2013-04-02 22:12 ` [ 08/68] staging: comedi: s626: fix continuous acquisition Greg Kroah-Hartman
2013-04-02 22:12 ` [ 09/68] sysfs: fix race between readdir and lseek Greg Kroah-Hartman
2013-04-02 22:12 ` [ 10/68] sysfs: handle failure path correctly for readdir() Greg Kroah-Hartman
2013-04-02 22:13 ` [ 11/68] can: sja1000: fix define conflict on SH Greg Kroah-Hartman
2013-04-02 22:13 ` [ 12/68] ath9k_hw: revert chainmask to user configuration after calibration Greg Kroah-Hartman
2013-04-02 22:13 ` [ 13/68] HID: usbhid: quirk for Realtek Multi-card reader Greg Kroah-Hartman
2013-04-02 22:13 ` [ 14/68] rtlwifi: usb: add missing freeing of skbuff Greg Kroah-Hartman
2013-04-02 22:13 ` [ 15/68] b43: N-PHY: increase initial value of "mind" in RSSI calibration Greg Kroah-Hartman
2013-04-02 22:13 ` [ 16/68] b43: A fix for DMA transmission sequence errors Greg Kroah-Hartman
2013-04-02 22:13 ` [ 17/68] b43: N-PHY: use more bits for offset in RSSI calibration Greg Kroah-Hartman
2013-04-02 22:13 ` [ 18/68] tg3: fix length overflow in VPD firmware parsing Greg Kroah-Hartman
2013-04-02 22:13 ` [ 19/68] iommu/amd: Make sure dma_ops are set for hotplug devices Greg Kroah-Hartman
2013-04-02 22:13 ` [ 20/68] xen/blkback: correctly respond to unknown, non-native requests Greg Kroah-Hartman
2013-04-02 22:13 ` [ 21/68] xen-blkback: fix dispatch_rw_block_io() error path Greg Kroah-Hartman
2013-04-02 22:13 ` [ 22/68] tty: atmel_serial_probe(): index of atmel_ports[] fix Greg Kroah-Hartman
2013-04-02 22:13 ` [ 23/68] usb: ftdi_sio: Add support for Mitsubishi FX-USB-AW/-BD Greg Kroah-Hartman
2013-04-02 22:13 ` [ 24/68] vt: synchronize_rcu() under spinlock is not nice Greg Kroah-Hartman
2013-04-02 22:13 ` [ 25/68] mwifiex: cancel cmd timer and free curr_cmd in shutdown process Greg Kroah-Hartman
2013-04-08 18:01 ` Bing Zhao
2013-04-02 22:13 ` [ 26/68] pnfs-block: removing DM device maybe cause oops when call dev_remove Greg Kroah-Hartman
2013-04-02 22:13 ` [ 27/68] net/irda: add missing error path release_sock call Greg Kroah-Hartman
2013-04-02 22:13 ` [ 28/68] usb: xhci: Fix TRB transfer length macro used for Event TRB Greg Kroah-Hartman
2013-04-02 22:13 ` [ 29/68] Btrfs: fix race between mmap writes and compression Greg Kroah-Hartman
2013-04-02 22:13 ` [ 30/68] Btrfs: limit the global reserve to 512mb Greg Kroah-Hartman
2013-04-02 22:13 ` [ 31/68] Btrfs: dont drop path when printing out tree errors in scrub Greg Kroah-Hartman
2013-04-02 22:13 ` [ 32/68] usb: gadget: udc-core: fix a regression during gadget driver unbinding Greg Kroah-Hartman
2013-04-02 22:13 ` [ 33/68] loop: prevent bdev freeing while device in use Greg Kroah-Hartman
2013-04-02 22:13 ` [ 34/68] ARM: cns3xxx: fix mapping of private memory region Greg Kroah-Hartman
2013-04-02 22:13 ` [ 35/68] nfsd4: reject "negative" acl lengths Greg Kroah-Hartman
2013-04-02 22:13 ` [ 36/68] drm/i915: Dont clobber crtc->fb when queue_flip fails Greg Kroah-Hartman
2013-04-02 22:13 ` [ 37/68] Btrfs: fix space leak when we fail to reserve metadata space Greg Kroah-Hartman
2013-04-02 22:13 ` [ 38/68] efivars: explicitly calculate length of VariableName Greg Kroah-Hartman
2013-04-02 22:13 ` [ 39/68] efivars: Handle duplicate names from get_next_variable() Greg Kroah-Hartman
2013-04-02 22:13 ` [ 40/68] ext4: convert number of blocks to clusters properly Greg Kroah-Hartman
2013-04-02 22:13 ` Greg Kroah-Hartman [this message]
2013-04-02 22:13 ` [ 42/68] tracing: Protect tracer flags with trace_types_lock Greg Kroah-Hartman
2013-04-02 22:13 ` [ 43/68] tracing: Prevent buffer overwrite disabled for latency tracers Greg Kroah-Hartman
2013-04-02 22:13 ` [ 44/68] net: remove a WARN_ON() in net_enable_timestamp() Greg Kroah-Hartman
2013-04-02 22:13 ` [ 45/68] sky2: Receive Overflows not counted Greg Kroah-Hartman
2013-04-02 22:13 ` [ 46/68] sky2: Threshold for Pause Packet is set wrong Greg Kroah-Hartman
2013-04-02 22:13 ` [ 47/68] tcp: preserve ACK clocking in TSO Greg Kroah-Hartman
2013-04-02 22:13 ` [ 48/68] tcp: undo spurious timeout after SACK reneging Greg Kroah-Hartman
2013-04-02 22:13 ` [ 49/68] 8021q: fix a potential use-after-free Greg Kroah-Hartman
2013-04-02 22:13 ` [ 50/68] thermal: shorten too long mcast group name Greg Kroah-Hartman
2013-04-02 22:13 ` [ 51/68] unix: fix a race condition in unix_release() Greg Kroah-Hartman
2013-04-02 22:13 ` [ 52/68] af_unix: dont send SCM_CREDENTIAL when dest socket is NULL Greg Kroah-Hartman
2013-04-02 22:13 ` [ 53/68] bonding: remove already created master sysfs link on failure Greg Kroah-Hartman
2013-04-02 22:13 ` [ 54/68] bonding: fix miimon and arp_interval delayed work race conditions Greg Kroah-Hartman
2013-04-02 22:13 ` [ 55/68] bonding: fix disabling of arp_interval and miimon Greg Kroah-Hartman
2013-04-02 22:13 ` [ 56/68] drivers: net: ethernet: davinci_emac: use netif_wake_queue() while restarting tx queue Greg Kroah-Hartman
2013-04-02 22:13 ` [ 57/68] drivers: net: ethernet: cpsw: " Greg Kroah-Hartman
2013-04-02 22:13 ` [ 58/68] net: fix *_DIAG_MAX constants Greg Kroah-Hartman
2013-04-02 22:13 ` [ 59/68] aoe: reserve enough headroom on skbs Greg Kroah-Hartman
2013-04-02 22:13 ` [ 60/68] atl1e: drop pci-msi support because of packet corruption Greg Kroah-Hartman
2013-04-02 22:13 ` [ 61/68] DM9000B: driver initialization upgrade Greg Kroah-Hartman
2013-04-02 22:13 ` [ 62/68] ipv6: dont accept multicast traffic with scope 0 Greg Kroah-Hartman
2013-04-02 22:13 ` [ 63/68] ipv6: fix bad free of addrconf_init_net Greg Kroah-Hartman
2013-04-02 22:13 ` [ 64/68] ipv6: dont accept node local multicast traffic from the wire Greg Kroah-Hartman
2013-04-02 22:13 ` [ 65/68] ks8851: Fix interpretation of rxlen field Greg Kroah-Hartman
2013-04-02 22:13 ` [ 66/68] net: add a synchronize_net() in netdev_rx_handler_unregister() Greg Kroah-Hartman
2013-04-02 22:13 ` [ 67/68] pch_gbe: fix ip_summed checksum reporting on rx Greg Kroah-Hartman
2013-04-02 22:13 ` [ 68/68] smsc75xx: fix jumbo frame support Greg Kroah-Hartman
2013-04-03 15:19 ` [ 00/68] 3.4.39-stable review Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130402221334.687311313@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=caiqian@redhat.com \
--cc=lczerner@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lxiang@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox