From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Liu Bo <bo.liu@linux.alibaba.com>,
David Sterba <dsterba@suse.com>
Subject: [PATCH 4.16 03/26] btrfs: fix unaligned access in readdir
Date: Wed, 25 Apr 2018 12:33:12 +0200 [thread overview]
Message-ID: <20180425103314.976907494@linuxfoundation.org> (raw)
In-Reply-To: <20180425103314.842517924@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Sterba <dsterba@suse.com>
commit 92d32170847bfff2dd08af2c016085779f2fd2a1 upstream.
The last update to readdir introduced a temporary buffer to store the
emitted readdir data, but as there are file names of variable length,
there's a lot of unaligned access.
This was observed on a sparc64 machine:
Kernel unaligned access at TPC[102f3080] btrfs_real_readdir+0x51c/0x718 [btrfs]
Fixes: 23b5ec74943 ("btrfs: fix readdir deadlock with pagefault")
CC: stable@vger.kernel.org # 4.14+
Reported-and-tested-by: René Rebe <rene@exactcode.com>
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -44,6 +44,7 @@
#include <linux/uio.h>
#include <linux/magic.h>
#include <linux/iversion.h>
+#include <asm/unaligned.h>
#include "ctree.h"
#include "disk-io.h"
#include "transaction.h"
@@ -5951,11 +5952,13 @@ static int btrfs_filldir(void *addr, int
struct dir_entry *entry = addr;
char *name = (char *)(entry + 1);
- ctx->pos = entry->offset;
- if (!dir_emit(ctx, name, entry->name_len, entry->ino,
- entry->type))
+ ctx->pos = get_unaligned(&entry->offset);
+ if (!dir_emit(ctx, name, get_unaligned(&entry->name_len),
+ get_unaligned(&entry->ino),
+ get_unaligned(&entry->type)))
return 1;
- addr += sizeof(struct dir_entry) + entry->name_len;
+ addr += sizeof(struct dir_entry) +
+ get_unaligned(&entry->name_len);
ctx->pos++;
}
return 0;
@@ -6045,14 +6048,15 @@ again:
}
entry = addr;
- entry->name_len = name_len;
+ put_unaligned(name_len, &entry->name_len);
name_ptr = (char *)(entry + 1);
read_extent_buffer(leaf, name_ptr, (unsigned long)(di + 1),
name_len);
- entry->type = btrfs_filetype_table[btrfs_dir_type(leaf, di)];
+ put_unaligned(btrfs_filetype_table[btrfs_dir_type(leaf, di)],
+ &entry->type);
btrfs_dir_item_key_to_cpu(leaf, di, &location);
- entry->ino = location.objectid;
- entry->offset = found_key.offset;
+ put_unaligned(location.objectid, &entry->ino);
+ put_unaligned(found_key.offset, &entry->offset);
entries++;
addr += sizeof(struct dir_entry) + name_len;
total_len += sizeof(struct dir_entry) + name_len;
next prev parent reply other threads:[~2018-04-25 10:33 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-25 10:33 [PATCH 4.16 00/26] 4.16.5-stable review Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 01/26] cifs: smbd: Check for iov length on sending the last iov Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 02/26] cifs: do not allow creating sockets except with SMB1 posix exensions Greg Kroah-Hartman
2018-04-25 10:33 ` Greg Kroah-Hartman [this message]
2018-04-25 10:33 ` [PATCH 4.16 04/26] btrfs: Fix race condition between delayed refs and blockgroup removal Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 05/26] x86/acpi: Prevent X2APIC id 0xffffffff from being accounted Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 06/26] clocksource/imx-tpm: Correct -ETIME return condition check Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 07/26] posix-cpu-timers: Ensure set_process_cpu_timer is always evaluated Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 08/26] x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 09/26] drm/vc4: Fix memory leak during BO teardown Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 10/26] drm/i915/gvt: throw error on unhandled vfio ioctls Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 11/26] drm/i915/gvt: Add drm_format_mod update Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 12/26] drm/i915/bios: filter out invalid DDC pins from VBT child devices Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 13/26] drm/i915/audio: Fix audio detection issue on GLK Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 14/26] drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 15/26] drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 16/26] alarmtimer: Init nanosleep alarm timer on stack Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 17/26] mm,vmscan: Allow preallocating memory for register_shrinker() Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 18/26] netfilter: x_tables: cap allocations at 512 mbyte Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 19/26] netfilter: x_tables: add counters allocation wrapper Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 20/26] netfilter: compat: prepare xt_compat_init_offsets to return errors Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 21/26] netfilter: compat: reject huge allocation requests Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 22/26] netfilter: x_tables: limit allocation requests for blob rule heads Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 23/26] perf: Fix sample_max_stack maximum check Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 24/26] perf: Return proper values for user stack errors Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 25/26] RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Greg Kroah-Hartman
2018-04-25 10:33 ` [PATCH 4.16 26/26] Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Greg Kroah-Hartman
2018-04-25 15:34 ` [PATCH 4.16 00/26] 4.16.5-stable review Guenter Roeck
2018-04-25 15:43 ` Greg Kroah-Hartman
2018-04-25 15:44 ` kernelci.org bot
2018-04-25 18:36 ` Shuah Khan
2018-04-26 5:59 ` Greg Kroah-Hartman
2018-04-25 21:42 ` Dan Rue
2018-04-26 6:59 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180425103314.976907494@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bo.liu@linux.alibaba.com \
--cc=dsterba@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).