From: Christoph Hellwig <hch@lst.de>
To: sandeen@sandeen.net
Cc: linux-xfs@vger.kernel.org,
"Darrick J. Wong" <darrick.wong@oracle.com>,
Dave Chinner <dchinner@redhat.com>
Subject: [PATCH 35/58] xfs: don't ever return a stale pointer from __xfs_dir3_free_read
Date: Thu, 7 May 2020 14:18:28 +0200 [thread overview]
Message-ID: <20200507121851.304002-36-hch@lst.de> (raw)
In-Reply-To: <20200507121851.304002-1-hch@lst.de>
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Source kernel commit: 1cb5deb5bc095c070c09a4540c45f9c9ba24be43
If we decide that a directory free block is corrupt, we must take care
not to leak a buffer pointer to the caller. After xfs_trans_brelse
returns, the buffer can be freed or reused, which means that we have to
set *bpp back to NULL.
Callers are supposed to notice the nonzero return value and not use the
buffer pointer, but we should code more defensively, even if all current
callers handle this situation correctly.
Fixes: de14c5f541e7 ("xfs: verify free block header fields")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
libxfs/xfs_dir2_node.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libxfs/xfs_dir2_node.c b/libxfs/xfs_dir2_node.c
index 56eae67e..48c06da2 100644
--- a/libxfs/xfs_dir2_node.c
+++ b/libxfs/xfs_dir2_node.c
@@ -225,6 +225,7 @@ __xfs_dir3_free_read(
if (fa) {
__xfs_buf_mark_corrupt(*bpp, fa);
xfs_trans_brelse(tp, *bpp);
+ *bpp = NULL;
return -EFSCORRUPTED;
}
--
2.26.2
next prev parent reply other threads:[~2020-05-07 12:20 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-07 12:17 libxfs 5.7 resync Christoph Hellwig
2020-05-07 12:17 ` [PATCH 01/58] xfs: add agf freeblocks verify in xfs_agf_verify Christoph Hellwig
2020-05-07 12:17 ` [PATCH 02/58] xfs: ensure that the inode uid/gid match values match the icdinode ones Christoph Hellwig
2020-05-07 12:17 ` [PATCH 03/58] xfs: remove the icdinode di_uid/di_gid members Christoph Hellwig
2020-05-07 12:17 ` [PATCH 04/58] xfs: remove the kuid/kgid conversion wrappers Christoph Hellwig
2020-05-07 12:17 ` [PATCH 05/58] xfs: fix an undefined behaviour in _da3_path_shift Christoph Hellwig
2020-05-07 12:17 ` [PATCH 06/58] xfs: open code insert range extent split helper Christoph Hellwig
2020-05-07 12:18 ` [PATCH 07/58] xfs: remove the ATTR_INCOMPLETE flag Christoph Hellwig
2020-05-07 12:18 ` [PATCH 08/58] xfs: merge xfs_attr_remove into xfs_attr_set Christoph Hellwig
2020-05-07 12:18 ` [PATCH 09/58] xfs: remove the name == NULL check from xfs_attr_args_init Christoph Hellwig
2020-05-07 12:18 ` [PATCH 10/58] xfs: remove the MAXNAMELEN " Christoph Hellwig
2020-05-07 12:18 ` [PATCH 11/58] xfs: turn xfs_da_args.value into a void pointer Christoph Hellwig
2020-05-07 12:18 ` [PATCH 12/58] xfs: pass an initialized xfs_da_args structure to xfs_attr_set Christoph Hellwig
2020-05-07 12:18 ` [PATCH 13/58] xfs: pass an initialized xfs_da_args to xfs_attr_get Christoph Hellwig
2020-05-07 12:18 ` [PATCH 14/58] xfs: remove the xfs_inode argument to xfs_attr_get_ilocked Christoph Hellwig
2020-05-07 12:18 ` [PATCH 15/58] xfs: remove ATTR_KERNOVAL Christoph Hellwig
2020-05-07 12:18 ` [PATCH 16/58] xfs: remove ATTR_ALLOC and XFS_DA_OP_ALLOCVAL Christoph Hellwig
2020-05-07 12:18 ` [PATCH 17/58] xfs: replace ATTR_KERNOTIME with XFS_DA_OP_NOTIME Christoph Hellwig
2020-05-07 12:18 ` [PATCH 18/58] xfs: factor out a xfs_attr_match helper Christoph Hellwig
2020-05-07 12:18 ` [PATCH 19/58] xfs: cleanup struct xfs_attr_list_context Christoph Hellwig
2020-05-07 12:18 ` [PATCH 20/58] xfs: remove the unused ATTR_ENTRY macro Christoph Hellwig
2020-05-07 12:18 ` [PATCH 21/58] xfs: move the legacy xfs_attr_list to xfs_ioctl.c Christoph Hellwig
2020-05-07 12:18 ` [PATCH 22/58] xfs: rename xfs_attr_list_int to xfs_attr_list Christoph Hellwig
2020-05-07 12:18 ` [PATCH 23/58] xfs: clean up the ATTR_REPLACE checks Christoph Hellwig
2020-05-07 12:18 ` [PATCH 24/58] xfs: clean up the attr flag confusion Christoph Hellwig
2020-05-07 12:18 ` [PATCH 25/58] xfs: remove XFS_DA_OP_INCOMPLETE Christoph Hellwig
2020-05-07 12:18 ` [PATCH 26/58] xfs: embedded the attrlist cursor into struct xfs_attr_list_context Christoph Hellwig
2020-05-07 12:18 ` [PATCH 27/58] xfs: remove the agfl_bno member from struct xfs_agfl Christoph Hellwig
2020-05-07 12:18 ` [PATCH 28/58] xfs: remove the xfs_agfl_t typedef Christoph Hellwig
2020-05-07 12:18 ` [PATCH 29/58] xfs: remove XFS_BUF_TO_AGI Christoph Hellwig
2020-05-07 12:18 ` [PATCH 30/58] xfs: remove XFS_BUF_TO_AGF Christoph Hellwig
2020-05-07 12:18 ` [PATCH 31/58] xfs: remove XFS_BUF_TO_SBP Christoph Hellwig
2020-05-07 12:18 ` [PATCH 32/58] xfs: fix xfs_rmap_has_other_keys usage of ECANCELED Christoph Hellwig
2020-05-07 12:18 ` [PATCH 33/58] xfs: add a function to deal with corrupt buffers post-verifiers Christoph Hellwig
2020-05-07 12:18 ` [PATCH 34/58] xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails Christoph Hellwig
2020-05-07 12:18 ` Christoph Hellwig [this message]
2020-05-07 12:18 ` [PATCH 36/58] xfs: check owner of dir3 free blocks Christoph Hellwig
2020-05-07 12:18 ` [PATCH 37/58] xfs: check owner of dir3 data blocks Christoph Hellwig
2020-05-07 12:18 ` [PATCH 38/58] xfs: check owner of dir3 blocks Christoph Hellwig
2020-05-07 12:18 ` [PATCH 39/58] xfs: introduce new private btree cursor names Christoph Hellwig
2020-05-07 12:18 ` [PATCH 40/58] xfs: convert btree cursor ag-private member name Christoph Hellwig
2020-05-07 12:18 ` [PATCH 41/58] xfs: convert btree cursor inode-private member names Christoph Hellwig
2020-05-07 12:18 ` [PATCH 42/58] xfs: rename btree cursor private btree member flags Christoph Hellwig
2020-05-07 12:18 ` [PATCH 43/58] xfs: make btree cursor private union anonymous Christoph Hellwig
2020-05-07 12:18 ` [PATCH 44/58] xfs: make the btree cursor union members named structure Christoph Hellwig
2020-05-07 12:18 ` [PATCH 45/58] xfs: make the btree ag cursor private union anonymous Christoph Hellwig
2020-05-07 12:18 ` [PATCH 46/58] xfs: xfs_dabuf_map should return ENOMEM when map allocation fails Christoph Hellwig
2020-05-07 12:18 ` [PATCH 47/58] xfs: fix incorrect test in xfs_alloc_ag_vextent_lastblock Christoph Hellwig
2020-05-07 12:18 ` [PATCH 48/58] xfs: introduce fake roots for ag-rooted btrees Christoph Hellwig
2020-05-07 12:18 ` [PATCH 49/58] xfs: introduce fake roots for inode-rooted btrees Christoph Hellwig
2020-05-07 12:18 ` [PATCH 50/58] xfs: support bulk loading of staged btrees Christoph Hellwig
2020-05-07 12:18 ` [PATCH 51/58] xfs: add support for free space btree staging cursors Christoph Hellwig
2020-05-07 12:18 ` [PATCH 52/58] xfs: add support for inode " Christoph Hellwig
2020-05-07 12:18 ` [PATCH 53/58] xfs: add support for refcount " Christoph Hellwig
2020-05-07 12:18 ` [PATCH 54/58] xfs: add support for rmap " Christoph Hellwig
2020-05-07 12:18 ` [PATCH 55/58] xfs: add a new xfs_sb_version_has_v3inode helper Christoph Hellwig
2020-05-07 12:18 ` [PATCH 56/58] xfs: only check the superblock version for dinode size calculation Christoph Hellwig
2020-05-07 12:18 ` [PATCH 57/58] xfs: remove the di_version field from struct icdinode Christoph Hellwig
2020-05-07 12:18 ` [PATCH 58/58] xfs: validate the realtime geometry in xfs_validate_sb_common Christoph Hellwig
2020-05-07 12:47 ` libxfs 5.7 resync Eric Sandeen
2020-05-07 15:48 ` Darrick J. Wong
2020-05-07 15:54 ` Darrick J. Wong
2020-05-07 15:54 ` Christoph Hellwig
2020-05-07 16:07 ` Darrick J. Wong
2020-05-07 16:11 ` Christoph Hellwig
2020-05-07 16:12 ` Eric Sandeen
2020-05-07 16:14 ` Christoph Hellwig
2020-05-07 16:22 ` Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200507121851.304002-36-hch@lst.de \
--to=hch@lst.de \
--cc=darrick.wong@oracle.com \
--cc=dchinner@redhat.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.