korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-25 07:14:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
ff4ab5e02a
linux/fs/xfs
History
Darrick J. Wong ff4ab5e02a xfs: fix an incore inode UAF in xfs_bui_recover 
In xfs_bui_item_recover, there exists a use-after-free bug with regards
to the inode that is involved in the bmap replay operation.  If the
mapping operation does not complete, we call xfs_bmap_unmap_extent to
create a deferred op to finish the unmapping work, and we retain a
pointer to the incore inode.

Unfortunately, the very next thing we do is commit the transaction and
drop the inode.  If reclaim tears down the inode before we try to finish
the defer ops, we dereference garbage and blow up.  Therefore, create a
way to join inodes to the defer ops freezer so that we can maintain the
xfs_inode reference until we're done with the inode.

Note: This imposes the requirement that there be enough memory to keep
every incore inode in memory throughout recovery.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2020-10-07 08:40:28 -07:00
..
libxfs xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
scrub xfs: check dabtree node hash values when loading child blocks 2020-09-23 08:58:51 -07:00
Kconfig xfs: deprecate the V4 format 2020-09-15 20:52:43 -07:00
kmem.c xfs: remove kmem_realloc() 2020-09-06 18:05:51 -07:00
kmem.h xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
Makefile xfs: refactor log recovery item sorting into a generic dispatch structure 2020-05-08 08:49:58 -07:00
mrlock.h
xfs_acl.c xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
xfs_acl.h xfs: improve xfs_forget_acl 2020-03-02 20:55:55 -08:00
xfs_aops.c New code for 5.8: 2020-06-02 19:21:40 -07:00
xfs_aops.h
xfs_attr_inactive.c xfs: cleanup xfs_idestroy_fork 2020-05-19 09:40:59 -07:00
xfs_attr_list.c xfs: Convert xfs_attr_sf macros to inline functions 2020-09-15 20:52:42 -07:00
xfs_bio_io.c
xfs_bmap_item.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_bmap_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_bmap_util.c xfs: ensure that fpunch, fcollapse, and finsert operations are aligned to rt extent size 2020-09-15 20:52:42 -07:00
xfs_bmap_util.h
xfs_buf_item_recover.c xfs: fix finobt btree block recovery ordering 2020-09-30 07:28:52 -07:00
xfs_buf_item.c xfs: remove xlog_recover_iodone 2020-09-15 20:52:39 -07:00
xfs_buf_item.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_buf.c xfs: reuse _xfs_buf_read for re-reading the superblock 2020-09-15 20:52:39 -07:00
xfs_buf.h xfs: reuse _xfs_buf_read for re-reading the superblock 2020-09-15 20:52:39 -07:00
xfs_dir2_readdir.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_discard.c xfs: remove XFS_BUF_TO_AGF 2020-03-11 09:11:39 -07:00
xfs_discard.h
xfs_dquot_item_recover.c xfs: rename the ondisk dquot d_flags to d_type 2020-07-28 20:24:14 -07:00
xfs_dquot_item.c xfs: stop using q_core.d_id in the quota code 2020-07-28 20:24:14 -07:00
xfs_dquot_item.h xfs: factor out quotaoff intent AIL removal and memory free 2020-03-18 08:12:23 -07:00
xfs_dquot.c xfs: fix some comments 2020-09-25 11:34:07 -07:00
xfs_dquot.h xfs: refactor default quota grace period setting code 2020-09-15 20:52:40 -07:00
xfs_error.c xfs: random buffer write failure errortag 2020-05-07 08:27:48 -07:00
xfs_error.h xfs: xfs_buf_corruption_error should take __this_address 2020-03-12 07:58:12 -07:00
xfs_export.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_export.h
xfs_extent_busy.c
xfs_extent_busy.h
xfs_extfree_item.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_extfree_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_file.c xfs: force the log after remapping a synchronous-writes file 2020-09-15 20:52:42 -07:00
xfs_filestream.c xfs: drop the obsolete comment on filestream locking 2020-09-25 11:34:08 -07:00
xfs_filestream.h
xfs_fsmap.c xfs: prohibit fs freezing when using empty transactions 2020-03-26 08:19:24 -07:00
xfs_fsmap.h
xfs_fsops.c xfs: remove unused shutdown types 2020-05-07 08:27:48 -07:00
xfs_fsops.h
xfs_globals.c
xfs_health.c
xfs_icache.c xfs: Remove unneeded semicolon 2020-09-15 20:52:42 -07:00
xfs_icache.h xfs: remove SYNC_WAIT and SYNC_TRYLOCK 2020-07-14 08:47:33 -07:00
xfs_icreate_item.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_icreate_item.h
xfs_inode_item_recover.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_inode_item.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_inode_item.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_inode.c xfs: drop extra transaction roll from inode extent truncate 2020-09-21 09:54:29 -07:00
xfs_inode.h xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_ioctl32.c xfs: lift cursor copy in/out into xfs_ioc_attr_list 2020-03-02 20:55:54 -08:00
xfs_ioctl32.h xfs: rename compat_time_t to old_time32_t 2020-01-06 08:57:36 -08:00
xfs_ioctl.c xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
xfs_ioctl.h xfs: embedded the attrlist cursor into struct xfs_attr_list_context 2020-03-02 20:55:55 -08:00
xfs_iomap.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_iomap.h
xfs_iops.c xfs: directly call xfs_generic_create() for ->create() and ->mkdir() 2020-09-25 11:34:08 -07:00
xfs_iops.h
xfs_itable.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_itable.h
xfs_iwalk.c xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_iwalk.h
xfs_linux.h xfs: remove the unused SYNCHRONIZE macro 2020-09-25 11:34:07 -07:00
xfs_log_cil.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_log_priv.h xfs: Modify xlog_ticket_alloc() to use kernel's MM API 2020-07-28 20:24:14 -07:00
xfs_log_recover.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_log.c xfs: clean up calculation of LR header blocks 2020-09-23 09:24:17 -07:00
xfs_log.h xfs: refactor and split xfs_log_done() 2020-03-27 08:32:53 -07:00
xfs_message.c xfs: refactor ratelimited buffer error messages into helper 2020-05-07 08:27:46 -07:00
xfs_message.h xfs: refactor ratelimited buffer error messages into helper 2020-05-07 08:27:46 -07:00
xfs_mount.c xfs: remove xfs_getsb 2020-09-15 20:52:39 -07:00
xfs_mount.h xfs: remove xfs_getsb 2020-09-15 20:52:39 -07:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_ondisk.h xfs: Remove typedef xfs_attr_shortform_t 2020-09-15 20:52:42 -07:00
xfs_pnfs.c xfs: define printk_once variants for xfs messages 2020-05-04 09:03:15 -07:00
xfs_pnfs.h
xfs_pwork.c block: remove the bd_queue field from struct block_device 2020-07-01 08:08:20 -06:00
xfs_pwork.h
xfs_qm_bhv.c xfs: rename XFS_DQ_{USER,GROUP,PROJ} to XFS_DQTYPE_* 2020-07-28 20:24:14 -07:00
xfs_qm_syscalls.c xfs: refactor default quota grace period setting code 2020-09-15 20:52:40 -07:00
xfs_qm.c xfs: remove the unused parameter id from xfs_qm_dqattach_one 2020-09-25 11:34:07 -07:00
xfs_qm.h xfs: refactor quota expiration timer modification 2020-09-15 20:52:40 -07:00
xfs_quota.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_quotaops.c xfs: create xfs_dqtype_t to represent quota types 2020-07-28 20:24:14 -07:00
xfs_refcount_item.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_refcount_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_reflink.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_reflink.h xfs: move helpers that lock and unlock two inodes against userspace IO 2020-07-06 10:46:57 -07:00
xfs_rmap_item.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_rmap_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_rtalloc.c xfs: Set xfs_buf's b_ops member when zeroing bitmap/summary files 2020-09-23 08:58:51 -07:00
xfs_rtalloc.h
xfs_stats.c xfs: Use scnprintf() for avoiding potential buffer overflow 2020-03-12 07:58:13 -07:00
xfs_stats.h
xfs_super.c xfs: remove deprecated mount options 2020-09-25 11:34:08 -07:00
xfs_super.h
xfs_symlink.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_symlink.h xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_sysctl.c xfs: remove deprecated sysctl options 2020-09-25 11:34:08 -07:00
xfs_sysctl.h
xfs_sysfs.c
xfs_sysfs.h xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init 2020-08-07 11:50:17 -07:00
xfs_trace.c xfs: support bulk loading of staged btrees 2020-03-18 08:12:23 -07:00
xfs_trace.h xfs: trace timestamp limits 2020-09-15 20:52:41 -07:00
xfs_trans_ail.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_trans_buf.c xfs: simplify xfs_trans_getsb 2020-09-15 20:52:39 -07:00
xfs_trans_dquot.c xfs: widen ondisk quota expiration timestamps to handle y2038+ 2020-09-15 20:52:41 -07:00
xfs_trans_priv.h xfs: refactor adding recovered intent items to the log 2020-05-08 08:50:00 -07:00
xfs_trans.c xfs: do the assert for all the log done items in xfs_trans_cancel 2020-09-25 11:34:07 -07:00
xfs_trans.h xfs: proper replay of deferred ops queued during log recovery 2020-10-07 08:40:28 -07:00
xfs_xattr.c xfs: remove duplicate headers 2020-05-08 08:51:34 -07:00
xfs.h