linux/fs/xfs/libxfs
Darrick J. Wong e8db2aafce xfs: fix memory corruption during remote attr value buffer invalidation
While running generic/103, I observed what looks like memory corruption
and (with slub debugging turned on) a slub redzone warning on i386 when
inactivating an inode with a 64k remote attr value.

On a v5 filesystem, maximally sized remote attr values require one block
more than 64k worth of space to hold both the remote attribute value
header (64 bytes).  On a 4k block filesystem this results in a 68k
buffer; on a 64k block filesystem, this would be a 128k buffer.  Note
that even though we'll never use more than 65,600 bytes of this buffer,
XFS_MAX_BLOCKSIZE is 64k.

This is a problem because the definition of struct xfs_buf_log_format
allows for XFS_MAX_BLOCKSIZE worth of dirty bitmap (64k).  On i386 when we
invalidate a remote attribute, xfs_trans_binval zeroes all 68k worth of
the dirty map, writing right off the end of the log item and corrupting
memory.  We've gotten away with this on x86_64 for years because the
compiler inserts a u32 padding on the end of struct xfs_buf_log_format.

Fortunately for us, remote attribute values are written to disk with
xfs_bwrite(), which is to say that they are not logged.  Fix the problem
by removing all places where we could end up creating a buffer log item
for a remote attribute value and leave a note explaining why.  Next,
replace the open-coded buffer invalidation with a call to the helper we
created in the previous patch that does better checking for bad metadata
before marking the buffer stale.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2020-01-16 08:07:23 -08:00
..
xfs_ag_resv.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_ag_resv.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_ag.c xfs: remove unused flags arg from xfs_get_aghdr_buf() 2019-10-06 15:39:05 -07:00
xfs_ag.h xfs: add a new ioctl to describe allocation group geometry 2019-04-14 18:15:57 -07:00
xfs_alloc_btree.c xfs: track active state of allocation btree cursors 2019-10-21 09:04:58 -07:00
xfs_alloc_btree.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_alloc.c xfs: refactor agfl length computation function 2019-12-19 07:53:48 -08:00
xfs_alloc.h xfs: cleanup use of the XFS_ALLOC_ flags 2019-11-03 10:22:31 -08:00
xfs_attr_leaf.c xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag 2020-01-09 10:55:18 -08:00
xfs_attr_leaf.h xfs: remove the mappedbno argument to xfs_attr3_leaf_read 2019-11-22 08:17:09 -08:00
xfs_attr_remote.c xfs: fix memory corruption during remote attr value buffer invalidation 2020-01-16 08:07:23 -08:00
xfs_attr_remote.h xfs: refactor remote attr value buffer invalidation 2020-01-16 08:07:23 -08:00
xfs_attr_sf.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_attr.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_attr.h xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_bit.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_bit.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_bmap_btree.c xfs: fix sign handling problem in xfs_bmbt_diff_two_keys 2019-08-28 08:31:01 -07:00
xfs_bmap_btree.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_bmap.c libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_bmap.h xfs: use a struct iomap in xfs_writepage_ctx 2019-10-21 08:51:59 -07:00
xfs_btree.c xfs: remove shadow variable in xfs_btree_lshift 2020-01-07 10:21:08 -08:00
xfs_btree.h xfs: actually check xfs_btree_check_block return in xfs_btree_islastblock 2019-11-11 12:42:52 -08:00
xfs_cksum.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_da_btree.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_da_btree.h xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag 2020-01-09 10:55:18 -08:00
xfs_da_format.h xfs: Add __packed to xfs_dir2_sf_entry_t definition 2020-01-15 08:45:51 -08:00
xfs_defer.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_defer.h xfs: streamline defer op type handling 2018-12-12 08:47:16 -08:00
xfs_dir2_block.c xfs: remove the mappedbno argument to xfs_da_read_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_data.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_leaf.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_node.c xfs: remove the mappedbno argument to xfs_da_get_buf 2019-11-22 08:17:10 -08:00
xfs_dir2_priv.h libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2_sf.c libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2.c libxfs: resync with the userspace libxfs 2019-12-19 07:53:47 -08:00
xfs_dir2.h xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() 2019-11-13 11:13:45 -08:00
xfs_dquot_buf.c xfs: remove the xfs_disk_dquot_t and xfs_dquot_t 2019-11-13 11:13:45 -08:00
xfs_errortag.h xfs: cache unlinked pointers in an rhashtable 2019-02-11 16:07:01 -08:00
xfs_format.h xfs: introduce XFS_MAX_FILEOFF 2020-01-14 08:02:51 -08:00
xfs_fs.h New code for 5.5: 2019-12-02 14:46:22 -08:00
xfs_health.h xfs: introduce new v5 bulkstat structure 2019-07-03 20:36:26 -07:00
xfs_ialloc_btree.c xfs: create simplified inode walk function 2019-07-02 09:40:05 -07:00
xfs_ialloc_btree.h xfs: create simplified inode walk function 2019-07-02 09:40:05 -07:00
xfs_ialloc.c xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_ialloc.h xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_iext_tree.c xfs: fix inode fork extent count overflow 2019-10-21 09:04:58 -07:00
xfs_inode_buf.c xfs: don't reset the "inode core" in xfs_iread 2019-11-13 11:13:45 -08:00
xfs_inode_buf.h xfs: merge the projid fields in struct xfs_icdinode 2019-11-13 11:13:45 -08:00
xfs_inode_fork.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_inode_fork.h xfs: refactor "does this fork map blocks" predicate 2019-11-10 10:22:51 -08:00
xfs_log_format.h xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_log_recover.h xfs: remove unused typedef definitions 2019-11-13 18:22:40 -08:00
xfs_log_rlimit.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_quota_defs.h xfs: change some error-less functions to void types 2019-05-01 20:26:30 -07:00
xfs_refcount_btree.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_refcount_btree.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_refcount.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_refcount.h xfs: remove unnecessary int returns from deferred refcount functions 2019-08-28 08:31:02 -07:00
xfs_rmap_btree.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_rmap_btree.h xfs: pass transaction lock while setting up agresv on cyclic metadata 2018-07-29 22:37:08 -07:00
xfs_rmap.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_rmap.h xfs: reinitialize rm_flags when unpacking an offset into an rmap irec 2019-08-28 08:31:02 -07:00
xfs_rtbitmap.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_sb.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_sb.h xfs: change some error-less functions to void types 2019-05-01 20:26:30 -07:00
xfs_shared.h xfs: remove all *_ITER_CONTINUE values 2019-08-30 22:43:56 -07:00
xfs_symlink_remote.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_trans_inode.c xfs: use a struct timespec64 for the in-core crtime 2019-11-13 11:13:45 -08:00
xfs_trans_resv.c xfs: Make the symbol 'xfs_rtalloc_log_count' static 2019-12-20 08:07:31 -08:00
xfs_trans_resv.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trans_space.h xfs: separate inode geometry 2019-06-12 08:37:40 -07:00
xfs_types.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_types.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00