From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:46938 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935233AbdAJKdA (ORCPT ); Tue, 10 Jan 2017 05:33:00 -0500 Subject: Patch "xfs: don't crash if reading a directory results in an unexpected hole" has been added to the 4.9-stable tree To: hch@lst.de, darrick.wong@oracle.com, david@fromorbit.com, dchinner@redhat.com, gregkh@linuxfoundation.org Cc: , From: Date: Tue, 10 Jan 2017 11:33:00 +0100 In-Reply-To: <1483976343-661-24-git-send-email-hch@lst.de> Message-ID: <1484044380899@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled xfs: don't crash if reading a directory results in an unexpected hole to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: xfs-don-t-crash-if-reading-a-directory-results-in-an-unexpected-hole.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From hch@lst.de Tue Jan 10 11:29:59 2017 From: Christoph Hellwig Date: Mon, 9 Jan 2017 16:38:54 +0100 Subject: xfs: don't crash if reading a directory results in an unexpected hole To: stable@vger.kernel.org Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" , Dave Chinner Message-ID: <1483976343-661-24-git-send-email-hch@lst.de> From: "Darrick J. Wong" commit 96a3aefb8ffde23180130460b0b2407b328eb727 upstream. In xfs_dir3_data_read, we can encounter the situation where err == 0 and *bpp == NULL if the given bno offset happens to be a hole; this leads to a crash if we try to set the buffer type after the _da_read_buf call. Holes can happen due to corrupt or malicious entries in the bmbt data, so be a little more careful when we're handling buffers. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner Cc: Christoph Hellwig Signed-off-by: Greg Kroah-Hartman --- fs/xfs/libxfs/xfs_dir2_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/xfs/libxfs/xfs_dir2_data.c +++ b/fs/xfs/libxfs/xfs_dir2_data.c @@ -329,7 +329,7 @@ xfs_dir3_data_read( err = xfs_da_read_buf(tp, dp, bno, mapped_bno, bpp, XFS_DATA_FORK, &xfs_dir3_data_buf_ops); - if (!err && tp) + if (!err && tp && *bpp) xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_DATA_BUF); return err; } Patches currently in stable-queue which might be from hch@lst.de are queue-4.9/xfs-always-succeed-when-deduping-zero-bytes.patch queue-4.9/xfs-fix-crash-and-data-corruption-due-to-removal-of-busy-cow-extents.patch queue-4.9/xfs-don-t-allow-di_size-with-high-bit-set.patch queue-4.9/xfs-new-inode-extent-list-lookup-helpers.patch queue-4.9/xfs-don-t-call-xfs_sb_quota_from_disk-twice.patch queue-4.9/xfs-factor-rmap-btree-size-into-the-indlen-calculations.patch queue-4.9/xfs-check-return-value-of-_trans_reserve_quota_nblks.patch queue-4.9/xfs-complain-if-we-don-t-get-nextents-bmap-records.patch queue-4.9/xfs-check-for-bogus-values-in-btree-block-headers.patch queue-4.9/xfs-use-gpf_nofs-when-allocating-btree-cursors.patch queue-4.9/xfs-fix-max_retries-_show-and-_store-functions.patch queue-4.9/xfs-fix-double-cleanup-when-cui-recovery-fails.patch queue-4.9/xfs-don-t-skip-cow-forks-w-delalloc-blocks-in-cowblocks-scan.patch queue-4.9/xfs-track-preallocation-separately-in-xfs_bmapi_reserve_delalloc.patch queue-4.9/xfs-use-the-actual-ag-length-when-reserving-blocks.patch queue-4.9/xfs-ignore-leaf-attr-ichdr.count-in-verifier-during-log-replay.patch queue-4.9/xfs-pass-post-eof-speculative-prealloc-blocks-to-bmapi.patch queue-4.9/xfs-don-t-cap-maximum-dedupe-request-length.patch queue-4.9/xfs-pass-state-not-whichfork-to-trace_xfs_extlist.patch queue-4.9/xfs-move-agi-buffer-type-setting-to-xfs_read_agi.patch queue-4.9/xfs-check-minimum-block-size-for-crc-filesystems.patch queue-4.9/xfs-handle-cow-fork-in-xfs_bmap_trace_exlist.patch queue-4.9/pci-msi-check-for-null-affinity-mask-in-pci_irq_get_affinity.patch queue-4.9/xfs-error-out-if-trying-to-add-attrs-and-anextents-0.patch queue-4.9/xfs-don-t-bug-on-mixed-direct-and-mapped-i-o.patch queue-4.9/xfs-use-new-extent-lookup-helpers-xfs_file_iomap_begin_delay.patch queue-4.9/xfs-fix-unbalanced-inode-reclaim-flush-locking.patch queue-4.9/genirq-affinity-fix-node-generation-from-cpumask.patch queue-4.9/xfs-use-new-extent-lookup-helpers-in-__xfs_reflink_reserve_cow.patch queue-4.9/xfs-don-t-crash-if-reading-a-directory-results-in-an-unexpected-hole.patch queue-4.9/xfs-remove-prev-argument-to-xfs_bmapi_reserve_delalloc.patch queue-4.9/xfs-clean-up-cow-fork-reservation-and-tag-inodes-correctly.patch queue-4.9/xfs-forbid-ag-btrees-with-level-0.patch queue-4.9/xfs-provide-helper-for-counting-extents-from-if_bytes.patch