* Patch "xfs: filter out obviously bad btree pointers" has been added to the 4.10-stable tree
@ 2017-04-01 17:32 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-04-01 17:32 UTC (permalink / raw)
To: darrick.wong, gregkh, sandeen; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
xfs: filter out obviously bad btree pointers
to the 4.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xfs-filter-out-obviously-bad-btree-pointers.patch
and it can be found in the queue-4.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From d5a91baeb6033c3392121e4d5c011cdc08dfa9f7 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Thu, 2 Feb 2017 15:13:58 -0800
Subject: xfs: filter out obviously bad btree pointers
From: Darrick J. Wong <darrick.wong@oracle.com>
commit d5a91baeb6033c3392121e4d5c011cdc08dfa9f7 upstream.
Don't let anybody load an obviously bad btree pointer. Since the values
come from disk, we must return an error, not just ASSERT.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_bmap.c | 5 +----
fs/xfs/libxfs/xfs_btree.c | 3 ++-
fs/xfs/libxfs/xfs_btree.h | 2 +-
3 files changed, 4 insertions(+), 6 deletions(-)
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -1278,7 +1278,6 @@ xfs_bmap_read_extents(
/* REFERENCED */
xfs_extnum_t room; /* number of entries there's room for */
- bno = NULLFSBLOCK;
mp = ip->i_mount;
ifp = XFS_IFORK_PTR(ip, whichfork);
exntf = (whichfork != XFS_DATA_FORK) ? XFS_EXTFMT_NOSTATE :
@@ -1291,9 +1290,7 @@ xfs_bmap_read_extents(
ASSERT(level > 0);
pp = XFS_BMAP_BROOT_PTR_ADDR(mp, block, 1, ifp->if_broot_bytes);
bno = be64_to_cpu(*pp);
- ASSERT(bno != NULLFSBLOCK);
- ASSERT(XFS_FSB_TO_AGNO(mp, bno) < mp->m_sb.sb_agcount);
- ASSERT(XFS_FSB_TO_AGBNO(mp, bno) < mp->m_sb.sb_agblocks);
+
/*
* Go down the tree until leaf level is reached, following the first
* pointer (leftmost) at each level.
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -810,7 +810,8 @@ xfs_btree_read_bufl(
xfs_daddr_t d; /* real disk block address */
int error;
- ASSERT(fsbno != NULLFSBLOCK);
+ if (!XFS_FSB_SANITY_CHECK(mp, fsbno))
+ return -EFSCORRUPTED;
d = XFS_FSB_TO_DADDR(mp, fsbno);
error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, d,
mp->m_bsize, lock, &bp, ops);
--- a/fs/xfs/libxfs/xfs_btree.h
+++ b/fs/xfs/libxfs/xfs_btree.h
@@ -456,7 +456,7 @@ static inline int xfs_btree_get_level(st
#define XFS_FILBLKS_MAX(a,b) max_t(xfs_filblks_t, (a), (b))
#define XFS_FSB_SANITY_CHECK(mp,fsb) \
- (XFS_FSB_TO_AGNO(mp, fsb) < mp->m_sb.sb_agcount && \
+ (fsb && XFS_FSB_TO_AGNO(mp, fsb) < mp->m_sb.sb_agcount && \
XFS_FSB_TO_AGBNO(mp, fsb) < mp->m_sb.sb_agblocks)
/*
Patches currently in stable-queue which might be from darrick.wong@oracle.com are
queue-4.10/xfs-correct-null-checks-and-error-processing-in-xfs_initialize_perag.patch
queue-4.10/xfs-mark-speculative-prealloc-cow-fork-extents-unwritten.patch
queue-4.10/xfs-fix-toctou-race-when-locking-an-inode-to-access-the-data-map.patch
queue-4.10/xfs-use-iomap-new-flag-for-newly-allocated-delalloc-blocks.patch
queue-4.10/xfs-handle-indlen-shortage-on-delalloc-extent-merge.patch
queue-4.10/xfs-reject-all-unaligned-direct-writes-to-reflinked-files.patch
queue-4.10/xfs-allow-unwritten-extents-in-the-cow-fork.patch
queue-4.10/xfs-tune-down-agno-asserts-in-the-bmap-code.patch
queue-4.10/xfs-verify-free-block-header-fields.patch
queue-4.10/xfs-check-for-obviously-bad-level-values-in-the-bmbt-root.patch
queue-4.10/xfs-don-t-fail-xfs_extent_busy-allocation.patch
queue-4.10/xfs-sync-eofblocks-scans-under-iolock-are-livelock-prone.patch
queue-4.10/xfs-pull-up-iolock-from-xfs_free_eofblocks.patch
queue-4.10/xfs-fail-_dir_open-when-readahead-fails.patch
queue-4.10/xfs-reset-b_first_retry_time-when-clear-the-retry-status-of-xfs_buf_t.patch
queue-4.10/xfs-update-ctime-and-mtime-on-clone-destinatation-inodes.patch
queue-4.10/xfs-split-indlen-reservations-fairly-when-under-reserved.patch
queue-4.10/xfs-filter-out-obviously-bad-btree-pointers.patch
queue-4.10/xfs-use-xfs_icluster_size_fsb-to-calculate-inode-chunk-alignment.patch
queue-4.10/xfs-only-reclaim-unwritten-cow-extents-periodically.patch
queue-4.10/xfs-try-any-ag-when-allocating-the-first-btree-block-when-reflinking.patch
queue-4.10/xfs-fix-and-streamline-error-handling-in-xfs_end_io.patch
queue-4.10/xfs-fix-eofblocks-race-with-file-extending-async-dio-writes.patch
queue-4.10/xfs-fix-uninitialized-variable-in-_reflink_convert_cow.patch
queue-4.10/xfs-don-t-reserve-blocks-for-right-shift-transactions.patch
queue-4.10/xfs-use-xfs_icluster_size_fsb-to-calculate-inode-alignment-mask.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-01 17:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-01 17:32 Patch "xfs: filter out obviously bad btree pointers" has been added to the 4.10-stable tree gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.