korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-22 22:04:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
6958d11f77
linux/fs/xfs
History
Brian Foster 6958d11f77 xfs: don't trip over uninitialized buffer on extent read of corrupted inode 
We've had rather rare reports of bmap btree block corruption where
the bmap root block has a level count of zero. The root cause of the
corruption is so far unknown. We do have verifier checks to detect
this form of on-disk corruption, but this doesn't cover a memory
corruption variant of the problem. The latter is a reasonable
possibility because the root block is part of the inode fork and can
reside in-core for some time before inode extents are read.

If this occurs, it leads to a system crash such as the following:

 BUG: unable to handle kernel paging request at ffffffff00000221
 PF error: [normal kernel read fault]
 ...
 RIP: 0010:xfs_trans_brelse+0xf/0x200 [xfs]
 ...
 Call Trace:
  xfs_iread_extents+0x379/0x540 [xfs]
  xfs_file_iomap_begin_delay+0x11a/0xb40 [xfs]
  ? xfs_attr_get+0xd1/0x120 [xfs]
  ? iomap_write_begin.constprop.40+0x2d0/0x2d0
  xfs_file_iomap_begin+0x4c4/0x6d0 [xfs]
  ? __vfs_getxattr+0x53/0x70
  ? iomap_write_begin.constprop.40+0x2d0/0x2d0
  iomap_apply+0x63/0x130
  ? iomap_write_begin.constprop.40+0x2d0/0x2d0
  iomap_file_buffered_write+0x62/0x90
  ? iomap_write_begin.constprop.40+0x2d0/0x2d0
  xfs_file_buffered_aio_write+0xe4/0x3b0 [xfs]
  __vfs_write+0x150/0x1b0
  vfs_write+0xba/0x1c0
  ksys_pwrite64+0x64/0xa0
  do_syscall_64+0x5a/0x1d0
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

The crash occurs because xfs_iread_extents() attempts to release an
uninitialized buffer pointer as the level == 0 value prevented the
buffer from ever being allocated or read. Change the level > 0
assert to an explicit error check in xfs_iread_extents() to avoid
crashing the kernel in the event of localized, in-core inode
corruption.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-03-17 15:21:49 -07:00
..
libxfs xfs: don't trip over uninitialized buffer on extent read of corrupted inode 2019-03-17 15:21:49 -07:00
scrub xfs: fix backwards endian conversion in scrub 2019-02-25 10:16:42 -08:00
Kconfig xfs: implement the metadata repair ioctl flag 2018-05-15 18:12:50 -07:00
kmem.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
kmem.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
Makefile xfs: move the repair extent list into its own file 2018-07-29 22:37:09 -07:00
mrlock.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_acl.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_acl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_aops.c for-5.1/block-20190302 2019-03-08 14:12:17 -08:00
xfs_aops.h xfs: remove the io_type field from the writeback context and ioend 2019-02-17 11:55:53 -08:00
xfs_attr_inactive.c xfs: remove all boilerplate defer init/finish code 2018-07-26 10:15:15 -07:00
xfs_attr_list.c xfs: don't overflow xattr listent buffer 2019-02-14 09:36:52 -08:00
xfs_bmap_item.c xfs: pass transaction to xfs_defer_add() 2018-08-02 23:05:14 -07:00
xfs_bmap_item.h xfs: use transaction for intent recovery instead of raw dfops 2018-08-02 23:05:13 -07:00
xfs_bmap_util.c xfs: introduce an always_cow mode 2019-02-21 07:55:07 -08:00
xfs_bmap_util.h xfs: flush removing page cache in xfs_reflink_remap_prep 2018-11-21 10:10:53 -08:00
xfs_buf_item.c xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers 2018-11-20 10:36:01 -08:00
xfs_buf_item.h xfs: refactor xfs_buf_log_item reference count handling 2018-09-29 13:45:26 +10:00
xfs_buf.c xfs: fix xfs_buf magic number endian checks 2019-02-18 09:38:41 -08:00
xfs_buf.h xfs: fix xfs_buf magic number endian checks 2019-02-18 09:38:41 -08:00
xfs_dir2_readdir.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_discard.c xfs: trivial xfs_btree_del_cursor cleanups 2018-07-23 09:08:00 -07:00
xfs_discard.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_dquot_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_dquot_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_dquot.c xfs: remove dead error handling code in xfs_dquot_disk_alloc() 2018-08-07 10:57:13 -07:00
xfs_dquot.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_error.c xfs: cache unlinked pointers in an rhashtable 2019-02-11 16:07:01 -08:00
xfs_error.h xfs: Introduce XFS_PTAG_VERIFIER_ERROR panic mask 2019-02-11 16:07:00 -08:00
xfs_export.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_export.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extent_busy.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extent_busy.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extfree_item.c xfs: remove xfs_rmap_ag_owner and friends 2018-12-12 08:47:16 -08:00
xfs_extfree_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_file.c for-5.1/block-20190302 2019-03-08 14:12:17 -08:00
xfs_filestream.c xfs: replace dop_low with transaction flag 2018-08-02 23:05:13 -07:00
xfs_filestream.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsmap.c xfs: trivial xfs_btree_del_cursor cleanups 2018-07-23 09:08:00 -07:00
xfs_fsmap.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsops.c xfs: reserve blocks for ifree transaction during log recovery 2019-02-14 22:42:57 -08:00
xfs_fsops.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_globals.c xfs: Introduce XFS_PTAG_VERIFIER_ERROR panic mask 2019-02-11 16:07:00 -08:00
xfs_icache.c xfs: introduce a new xfs_inode_has_cow_data helper 2018-07-30 07:57:48 -07:00
xfs_icache.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_icreate_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_icreate_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_inode_item.c xfs: remove if_real_bytes 2018-07-30 07:57:48 -07:00
xfs_inode_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_inode.c xfs: don't ever put nlink > 0 inodes on the unlinked list 2019-02-14 22:42:57 -08:00
xfs_inode.h xfs: cache unlinked pointers in an rhashtable 2019-02-11 16:07:01 -08:00
xfs_ioctl32.c xfs: Fix x32 ioctls when cmd numbers differ from ia32. 2018-12-18 10:55:21 -08:00
xfs_ioctl32.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ioctl.c xfs: Fix error code in 'xfs_ioc_getbmap()' 2018-11-06 07:50:50 -08:00
xfs_ioctl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_iomap.c xfs: rework breaking of shared extents in xfs_file_iomap_begin 2019-02-25 09:26:18 -08:00
xfs_iomap.h xfs: fix SEEK_DATA for speculative COW fork preallocation 2019-02-21 07:55:07 -08:00
xfs_iops.c xfs: fix reporting supported extra file attributes for statx() 2019-03-01 08:57:25 -08:00
xfs_iops.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_itable.c xfs: precalculate inodes and blocks per inode cluster 2018-12-12 08:47:17 -08:00
xfs_itable.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_linux.h xfs: replace do_mod with native operations 2018-06-08 10:07:52 -07:00
xfs_log_cil.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_log_priv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_log_recover.c xfs: fix xfs_buf magic number endian checks 2019-02-18 09:38:41 -08:00
xfs_log.c xfs: fix a comment in xfs_log_reserve 2018-08-03 08:17:54 -07:00
xfs_log.h xfs: refactor log recovery check 2018-08-01 07:40:48 -07:00
xfs_message.c xfs: print buffer offsets when dumping corrupt buffers 2018-11-06 07:50:50 -08:00
xfs_message.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_mount.c xfs: cache unlinked pointers in an rhashtable 2019-02-11 16:07:01 -08:00
xfs_mount.h xfs: introduce an always_cow mode 2019-02-21 07:55:07 -08:00
xfs_mru_cache.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_mru_cache.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ondisk.h xfs: compile time offset checks for common v4/v5 metadata 2019-02-11 16:07:01 -08:00
xfs_pnfs.c xfs: make xfs_bmbt_to_iomap more useful 2019-02-21 07:55:07 -08:00
xfs_pnfs.h xfs: prepare xfs_break_layouts() for another layout type 2018-05-22 07:19:08 -07:00
xfs_qm_bhv.c fs/xfs: fix f_ffree value for statfs when project quota is set 2018-11-26 15:01:37 -08:00
xfs_qm_syscalls.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_qm.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_qm.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_quota.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_quotaops.c xfs: clean up IRELE/iput callsites 2018-07-26 10:15:16 -07:00
xfs_refcount_item.c xfs: pass transaction to xfs_defer_add() 2018-08-02 23:05:14 -07:00
xfs_refcount_item.h xfs: use transaction for intent recovery instead of raw dfops 2018-08-02 23:05:13 -07:00
xfs_reflink.c xfs: fix uninitialized error variables 2019-02-25 10:16:41 -08:00
xfs_reflink.h xfs: don't pass iomap flags to xfs_reflink_allocate_cow 2019-02-25 09:04:31 -08:00
xfs_rmap_item.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_rmap_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_rtalloc.c xfs: reallocate realtime summary cache on growfs 2018-12-21 18:45:18 -08:00
xfs_rtalloc.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_stats.c xfs: use offsetof() in place of offset macros for __xfsstats 2018-10-18 17:21:39 +11:00
xfs_stats.h xfs: use offsetof() in place of offset macros for __xfsstats 2018-10-18 17:21:39 +11:00
xfs_super.c xfs: introduce an always_cow mode 2019-02-21 07:55:07 -08:00
xfs_super.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_symlink.c xfs: zero length symlinks are not valid 2018-12-12 08:47:15 -08:00
xfs_symlink.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysctl.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_sysctl.h xfs: introduce an always_cow mode 2019-02-21 07:55:07 -08:00
xfs_sysfs.c xfs: introduce an always_cow mode 2019-02-21 07:55:07 -08:00
xfs_sysfs.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trace.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trace.h xfs: merge COW handling into xfs_file_iomap_begin_delay 2019-02-21 07:55:07 -08:00
xfs_trans_ail.c xfs: clear ail delwri queued bufs on unmount of shutdown fs 2018-10-18 17:21:49 +11:00
xfs_trans_bmap.c xfs: remove duplicated xfs_defer.h 2019-02-11 16:07:00 -08:00
xfs_trans_buf.c xfs: clarify documentation for the function to reverify buffers 2019-02-11 16:07:01 -08:00
xfs_trans_dquot.c xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_extfree.c xfs: remove duplicated xfs_defer.h 2019-02-11 16:07:00 -08:00
xfs_trans_inode.c vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
xfs_trans_priv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_refcount.c xfs: remove duplicated xfs_defer.h 2019-02-11 16:07:00 -08:00
xfs_trans_rmap.c xfs: remove duplicated xfs_defer.h 2019-02-11 16:07:00 -08:00
xfs_trans.c xfs: avoid lockdep false positives in xfs_trans_alloc 2018-09-29 13:46:21 +10:00
xfs_trans.h xfs: const-ify xfs_owner_info arguments 2018-12-12 08:47:16 -08:00
xfs_xattr.c xfs: don't overflow xattr listent buffer 2019-02-14 09:36:52 -08:00
xfs.h xfs: remove b_last_holder & associated macros 2018-08-12 08:37:31 -07:00