linux/fs/xfs/libxfs
Qian Cai 4982bff1ac xfs: fix an undefined behaviour in _da3_path_shift
In xfs_da3_path_shift() "blk" can be assigned to state->path.blk[-1] if
state->path.active is 1 (which is a valid state) when it tries to add an
entry to a single dir leaf block and then to shift forward to see if
there's a sibling block that would be a better place to put the new
entry. This causes a UBSAN warning given negative array indices are
undefined behavior in C. In practice the warning is entirely harmless
given that "blk" is never dereferenced in this case, but it is still
better to fix up the warning and slightly improve the code.

 UBSAN: Undefined behaviour in fs/xfs/libxfs/xfs_da_btree.c:1989:14
 index -1 is out of range for type 'xfs_da_state_blk_t [5]'
 Call trace:
  dump_backtrace+0x0/0x2c8
  show_stack+0x20/0x2c
  dump_stack+0xe8/0x150
  __ubsan_handle_out_of_bounds+0xe4/0xfc
  xfs_da3_path_shift+0x860/0x86c [xfs]
  xfs_da3_node_lookup_int+0x7c8/0x934 [xfs]
  xfs_dir2_node_addname+0x2c8/0xcd0 [xfs]
  xfs_dir_createname+0x348/0x38c [xfs]
  xfs_create+0x6b0/0x8b4 [xfs]
  xfs_generic_create+0x12c/0x1f8 [xfs]
  xfs_vn_mknod+0x3c/0x4c [xfs]
  xfs_vn_create+0x34/0x44 [xfs]
  do_last+0xd4c/0x10c8
  path_openat+0xbc/0x2f4
  do_filp_open+0x74/0xf4
  do_sys_openat2+0x98/0x180
  __arm64_sys_openat+0xf8/0x170
  do_el0_svc+0x170/0x240
  el0_sync_handler+0x150/0x250
  el0_sync+0x164/0x180

Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2020-03-02 20:55:51 -08:00
..
xfs_ag_resv.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_ag_resv.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_ag.c xfs: make xfs_buf_get_uncached return an error code 2020-01-26 14:32:26 -08:00
xfs_ag.h xfs: add a new ioctl to describe allocation group geometry 2019-04-14 18:15:57 -07:00
xfs_alloc_btree.c xfs: track active state of allocation btree cursors 2019-10-21 09:04:58 -07:00
xfs_alloc_btree.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_alloc.c xfs: add agf freeblocks verify in xfs_agf_verify 2020-03-02 20:55:50 -08:00
xfs_alloc.h xfs: cleanup use of the XFS_ALLOC_ flags 2019-11-03 10:22:31 -08:00
xfs_attr_leaf.c xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag 2020-01-09 10:55:18 -08:00
xfs_attr_leaf.h xfs: streamline xfs_attr3_leaf_inactive 2020-01-16 08:07:23 -08:00
xfs_attr_remote.c xfs: make xfs_buf_read return an error code 2020-01-26 14:32:26 -08:00
xfs_attr_remote.h xfs: refactor remote attr value buffer invalidation 2020-01-16 08:07:23 -08:00
xfs_attr_sf.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_attr.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_attr.h xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_bit.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_bit.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_bmap_btree.c xfs: fix sign handling problem in xfs_bmbt_diff_two_keys 2019-08-28 08:31:01 -07:00
xfs_bmap_btree.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_bmap.c xfs: make xfs_*read_agf return EAGAIN to ALLOC_FLAG_TRYLOCK callers 2020-01-26 14:32:26 -08:00
xfs_bmap.h xfs: use a struct iomap in xfs_writepage_ctx 2019-10-21 08:51:59 -07:00
xfs_btree.c xfs: remove the xfs_btree_get_buf[ls] functions 2020-01-26 14:32:26 -08:00
xfs_btree.h xfs: remove the xfs_btree_get_buf[ls] functions 2020-01-26 14:32:26 -08:00
xfs_cksum.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_da_btree.c xfs: fix an undefined behaviour in _da3_path_shift 2020-03-02 20:55:51 -08:00
xfs_da_btree.h xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag 2020-01-09 10:55:18 -08:00
xfs_da_format.h xfs: Add __packed to xfs_dir2_sf_entry_t definition 2020-01-15 08:45:51 -08:00
xfs_defer.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_defer.h xfs: streamline defer op type handling 2018-12-12 08:47:16 -08:00
xfs_dir2_block.c xfs: remove the mappedbno argument to xfs_da_read_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_data.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_leaf.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_node.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_priv.h libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2_sf.c libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2.c libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2.h xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() 2019-11-13 11:13:45 -08:00
xfs_dquot_buf.c xfs: remove the xfs_disk_dquot_t and xfs_dquot_t 2019-11-13 11:13:45 -08:00
xfs_errortag.h xfs: cache unlinked pointers in an rhashtable 2019-02-11 16:07:01 -08:00
xfs_format.h xfs: introduce XFS_MAX_FILEOFF 2020-01-14 08:02:51 -08:00
xfs_fs.h New code for 5.5: 2019-12-02 14:46:22 -08:00
xfs_health.h xfs: introduce new v5 bulkstat structure 2019-07-03 20:36:26 -07:00
xfs_ialloc_btree.c xfs: create simplified inode walk function 2019-07-02 09:40:05 -07:00
xfs_ialloc_btree.h xfs: create simplified inode walk function 2019-07-02 09:40:05 -07:00
xfs_ialloc.c xfs: make xfs_trans_get_buf return an error code 2020-01-26 14:32:26 -08:00
xfs_ialloc.h xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_iext_tree.c xfs: fix inode fork extent count overflow 2019-10-21 09:04:58 -07:00
xfs_inode_buf.c xfs: remove the kuid/kgid conversion wrappers 2020-03-02 20:55:50 -08:00
xfs_inode_buf.h xfs: remove the icdinode di_uid/di_gid members 2020-03-02 20:55:50 -08:00
xfs_inode_fork.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_inode_fork.h xfs: refactor "does this fork map blocks" predicate 2019-11-10 10:22:51 -08:00
xfs_log_format.h xfs: make struct xfs_buf_log_format have a consistent size 2020-01-16 08:07:23 -08:00
xfs_log_recover.h xfs: remove unused typedef definitions 2019-11-13 18:22:40 -08:00
xfs_log_rlimit.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_quota_defs.h xfs: change some error-less functions to void types 2019-05-01 20:26:30 -07:00
xfs_refcount_btree.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_refcount_btree.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_refcount.c xfs: remove unnecessary null pointer checks from _read_agf callers 2020-01-26 14:32:27 -08:00
xfs_refcount.h xfs: remove unnecessary int returns from deferred refcount functions 2019-08-28 08:31:02 -07:00
xfs_rmap_btree.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_rmap_btree.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_rmap.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_rmap.h xfs: reinitialize rm_flags when unpacking an offset into an rmap irec 2019-08-28 08:31:02 -07:00
xfs_rtbitmap.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_sb.c xfs: make xfs_trans_get_buf return an error code 2020-01-26 14:32:26 -08:00
xfs_sb.h xfs: change some error-less functions to void types 2019-05-01 20:26:30 -07:00
xfs_shared.h xfs: remove all *_ITER_CONTINUE values 2019-08-30 22:43:56 -07:00
xfs_symlink_remote.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_trans_inode.c xfs: use a struct timespec64 for the in-core crtime 2019-11-13 11:13:45 -08:00
xfs_trans_resv.c xfs: Make the symbol 'xfs_rtalloc_log_count' static 2019-12-20 08:07:31 -08:00
xfs_trans_resv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_space.h xfs: separate inode geometry 2019-06-12 08:37:40 -07:00
xfs_types.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_types.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00