Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 bugfixes from Ted Ts'o:
"Miscellaneous ext4 bug fixes for v4.5"
* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: fix crashes in dioread_nolock mode
ext4: fix bh->b_state corruption
ext4: fix memleak in ext4_readdir()
ext4: remove unused parameter "newblock" in convert_initialized_extent()
ext4: don't read blocks from disk after extents being swapped
ext4: fix potential integer overflow
ext4: add a line break for proc mb_groups display
ext4: ioctl: fix erroneous return value
ext4: fix scheduling in atomic on group checksum failure
ext4 crypto: move context consistency check to ext4_file_open()
ext4 crypto: revalidate dentry after adding or removing the key
+176
-39
+4
-3
fs/ext4/balloc.c
+4
-3
fs/ext4/balloc.c
···
191
191
/* If checksum is bad mark all blocks used to prevent allocation
192
192
* essentially implementing a per-group read-only flag. */
193
193
if (!ext4_group_desc_csum_verify(sb, block_group, gdp)) {
194
-
ext4_error(sb, "Checksum bad for group %u", block_group);
195
194
grp = ext4_get_group_info(sb, block_group);
196
195
if (!EXT4_MB_GRP_BBITMAP_CORRUPT(grp))
197
196
percpu_counter_sub(&sbi->s_freeclusters_counter,
···
441
442
}
442
443
ext4_lock_group(sb, block_group);
443
444
if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
444
-
445
445
err = ext4_init_block_bitmap(sb, bh, block_group, desc);
446
446
set_bitmap_uptodate(bh);
447
447
set_buffer_uptodate(bh);
448
448
ext4_unlock_group(sb, block_group);
449
449
unlock_buffer(bh);
450
-
if (err)
450
+
if (err) {
451
+
ext4_error(sb, "Failed to init block bitmap for group "
452
+
"%u: %d", block_group, err);
451
453
goto out;
454
+
}
452
455
goto verify;
453
456
}
454
457
ext4_unlock_group(sb, block_group);
+56
fs/ext4/crypto.c
+56
fs/ext4/crypto.c
···
467
467
return size;
468
468
return 0;
469
469
}
470
+
471
+
/*
472
+
* Validate dentries for encrypted directories to make sure we aren't
473
+
* potentially caching stale data after a key has been added or
474
+
* removed.
475
+
*/
476
+
static int ext4_d_revalidate(struct dentry *dentry, unsigned int flags)
477
+
{
478
+
struct inode *dir = d_inode(dentry->d_parent);
479
+
struct ext4_crypt_info *ci = EXT4_I(dir)->i_crypt_info;
480
+
int dir_has_key, cached_with_key;
481
+
482
+
if (!ext4_encrypted_inode(dir))
483
+
return 0;
484
+
485
+
if (ci && ci->ci_keyring_key &&
486
+
(ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
487
+
(1 << KEY_FLAG_REVOKED) |
488
+
(1 << KEY_FLAG_DEAD))))
489
+
ci = NULL;
490
+
491
+
/* this should eventually be an flag in d_flags */
492
+
cached_with_key = dentry->d_fsdata != NULL;
493
+
dir_has_key = (ci != NULL);
494
+
495
+
/*
496
+
* If the dentry was cached without the key, and it is a
497
+
* negative dentry, it might be a valid name. We can't check
498
+
* if the key has since been made available due to locking
499
+
* reasons, so we fail the validation so ext4_lookup() can do
500
+
* this check.
501
+
*
502
+
* We also fail the validation if the dentry was created with
503
+
* the key present, but we no longer have the key, or vice versa.
504
+
*/
505
+
if ((!cached_with_key && d_is_negative(dentry)) ||
506
+
(!cached_with_key && dir_has_key) ||
507
+
(cached_with_key && !dir_has_key)) {
508
+
#if 0 /* Revalidation debug */
509
+
char buf[80];
510
+
char *cp = simple_dname(dentry, buf, sizeof(buf));
511
+
512
+
if (IS_ERR(cp))
513
+
cp = (char *) "???";
514
+
pr_err("revalidate: %s %p %d %d %d\n", cp, dentry->d_fsdata,
515
+
cached_with_key, d_is_negative(dentry),
516
+
dir_has_key);
517
+
#endif
518
+
return 0;
519
+
}
520
+
return 1;
521
+
}
522
+
523
+
const struct dentry_operations ext4_encrypted_d_ops = {
524
+
.d_revalidate = ext4_d_revalidate,
525
+
};
+11
-2
fs/ext4/dir.c
+11
-2
fs/ext4/dir.c
···
111
111
int dir_has_error = 0;
112
112
struct ext4_str fname_crypto_str = {.name = NULL, .len = 0};
113
113
114
+
if (ext4_encrypted_inode(inode)) {
115
+
err = ext4_get_encryption_info(inode);
116
+
if (err && err != -ENOKEY)
117
+
return err;
118
+
}
119
+
114
120
if (is_dx_dir(inode)) {
115
121
err = ext4_dx_readdir(file, ctx);
116
122
if (err != ERR_BAD_DX_DIR) {
···
163
157
index, 1);
164
158
file->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT;
165
159
bh = ext4_bread(NULL, inode, map.m_lblk, 0);
166
-
if (IS_ERR(bh))
167
-
return PTR_ERR(bh);
160
+
if (IS_ERR(bh)) {
161
+
err = PTR_ERR(bh);
162
+
bh = NULL;
163
+
goto errout;
164
+
}
168
165
}
169
166
170
167
if (!bh) {
+1
fs/ext4/ext4.h
+1
fs/ext4/ext4.h
···
2302
2302
int ext4_decrypt(struct page *page);
2303
2303
int ext4_encrypted_zeroout(struct inode *inode, ext4_lblk_t lblk,
2304
2304
ext4_fsblk_t pblk, ext4_lblk_t len);
2305
+
extern const struct dentry_operations ext4_encrypted_d_ops;
2305
2306
2306
2307
#ifdef CONFIG_EXT4_FS_ENCRYPTION
2307
2308
int ext4_init_crypto(void);
+2
-2
fs/ext4/extents.c
+2
-2
fs/ext4/extents.c
···
3928
3928
convert_initialized_extent(handle_t *handle, struct inode *inode,
3929
3929
struct ext4_map_blocks *map,
3930
3930
struct ext4_ext_path **ppath, int flags,
3931
-
unsigned int allocated, ext4_fsblk_t newblock)
3931
+
unsigned int allocated)
3932
3932
{
3933
3933
struct ext4_ext_path *path = *ppath;
3934
3934
struct ext4_extent *ex;
···
4347
4347
(flags & EXT4_GET_BLOCKS_CONVERT_UNWRITTEN)) {
4348
4348
allocated = convert_initialized_extent(
4349
4349
handle, inode, map, &path,
4350
-
flags, allocated, newblock);
4350
+
flags, allocated);
4351
4351
goto out2;
4352
4352
} else if (!ext4_ext_is_unwritten(ex))
4353
4353
goto out;
+9
fs/ext4/file.c
+9
fs/ext4/file.c
···
350
350
struct super_block *sb = inode->i_sb;
351
351
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
352
352
struct vfsmount *mnt = filp->f_path.mnt;
353
+
struct inode *dir = filp->f_path.dentry->d_parent->d_inode;
353
354
struct path path;
354
355
char buf[64], *cp;
355
356
int ret;
···
393
392
return -EACCES;
394
393
if (ext4_encryption_info(inode) == NULL)
395
394
return -ENOKEY;
395
+
}
396
+
if (ext4_encrypted_inode(dir) &&
397
+
!ext4_is_child_context_consistent_with_parent(dir, inode)) {
398
+
ext4_warning(inode->i_sb,
399
+
"Inconsistent encryption contexts: %lu/%lu\n",
400
+
(unsigned long) dir->i_ino,
401
+
(unsigned long) inode->i_ino);
402
+
return -EPERM;
396
403
}
397
404
/*
398
405
* Set up the jbd2_inode if we are opening the inode for
+4
-2
fs/ext4/ialloc.c
+4
-2
fs/ext4/ialloc.c
···
76
76
/* If checksum is bad mark all blocks and inodes use to prevent
77
77
* allocation, essentially implementing a per-group read-only flag. */
78
78
if (!ext4_group_desc_csum_verify(sb, block_group, gdp)) {
79
-
ext4_error(sb, "Checksum bad for group %u", block_group);
80
79
grp = ext4_get_group_info(sb, block_group);
81
80
if (!EXT4_MB_GRP_BBITMAP_CORRUPT(grp))
82
81
percpu_counter_sub(&sbi->s_freeclusters_counter,
···
190
191
set_buffer_verified(bh);
191
192
ext4_unlock_group(sb, block_group);
192
193
unlock_buffer(bh);
193
-
if (err)
194
+
if (err) {
195
+
ext4_error(sb, "Failed to init inode bitmap for group "
196
+
"%u: %d", block_group, err);
194
197
goto out;
198
+
}
195
199
return bh;
196
200
}
197
201
ext4_unlock_group(sb, block_group);
+50
-22
fs/ext4/inode.c
+50
-22
fs/ext4/inode.c
···
686
686
return retval;
687
687
}
688
688
689
+
/*
690
+
* Update EXT4_MAP_FLAGS in bh->b_state. For buffer heads attached to pages
691
+
* we have to be careful as someone else may be manipulating b_state as well.
692
+
*/
693
+
static void ext4_update_bh_state(struct buffer_head *bh, unsigned long flags)
694
+
{
695
+
unsigned long old_state;
696
+
unsigned long new_state;
697
+
698
+
flags &= EXT4_MAP_FLAGS;
699
+
700
+
/* Dummy buffer_head? Set non-atomically. */
701
+
if (!bh->b_page) {
702
+
bh->b_state = (bh->b_state & ~EXT4_MAP_FLAGS) | flags;
703
+
return;
704
+
}
705
+
/*
706
+
* Someone else may be modifying b_state. Be careful! This is ugly but
707
+
* once we get rid of using bh as a container for mapping information
708
+
* to pass to / from get_block functions, this can go away.
709
+
*/
710
+
do {
711
+
old_state = READ_ONCE(bh->b_state);
712
+
new_state = (old_state & ~EXT4_MAP_FLAGS) | flags;
713
+
} while (unlikely(
714
+
cmpxchg(&bh->b_state, old_state, new_state) != old_state));
715
+
}
716
+
689
717
/* Maximum number of blocks we map for direct IO at once. */
690
718
#define DIO_MAX_BLOCKS 4096
691
719
···
750
722
ext4_io_end_t *io_end = ext4_inode_aio(inode);
751
723
752
724
map_bh(bh, inode->i_sb, map.m_pblk);
753
-
bh->b_state = (bh->b_state & ~EXT4_MAP_FLAGS) | map.m_flags;
725
+
ext4_update_bh_state(bh, map.m_flags);
754
726
if (io_end && io_end->flag & EXT4_IO_END_UNWRITTEN)
755
727
set_buffer_defer_completion(bh);
756
728
bh->b_size = inode->i_sb->s_blocksize * map.m_len;
···
1713
1685
return ret;
1714
1686
1715
1687
map_bh(bh, inode->i_sb, map.m_pblk);
1716
-
bh->b_state = (bh->b_state & ~EXT4_MAP_FLAGS) | map.m_flags;
1688
+
ext4_update_bh_state(bh, map.m_flags);
1717
1689
1718
1690
if (buffer_unwritten(bh)) {
1719
1691
/* A delayed write to unwritten bh should be marked
···
3281
3253
* case, we allocate an io_end structure to hook to the iocb.
3282
3254
*/
3283
3255
iocb->private = NULL;
3284
-
ext4_inode_aio_set(inode, NULL);
3285
-
if (!is_sync_kiocb(iocb)) {
3286
-
io_end = ext4_init_io_end(inode, GFP_NOFS);
3287
-
if (!io_end) {
3288
-
ret = -ENOMEM;
3289
-
goto retake_lock;
3290
-
}
3291
-
/*
3292
-
* Grab reference for DIO. Will be dropped in ext4_end_io_dio()
3293
-
*/
3294
-
iocb->private = ext4_get_io_end(io_end);
3295
-
/*
3296
-
* we save the io structure for current async direct
3297
-
* IO, so that later ext4_map_blocks() could flag the
3298
-
* io structure whether there is a unwritten extents
3299
-
* needs to be converted when IO is completed.
3300
-
*/
3301
-
ext4_inode_aio_set(inode, io_end);
3302
-
}
3303
-
3304
3256
if (overwrite) {
3305
3257
get_block_func = ext4_get_block_overwrite;
3306
3258
} else {
3259
+
ext4_inode_aio_set(inode, NULL);
3260
+
if (!is_sync_kiocb(iocb)) {
3261
+
io_end = ext4_init_io_end(inode, GFP_NOFS);
3262
+
if (!io_end) {
3263
+
ret = -ENOMEM;
3264
+
goto retake_lock;
3265
+
}
3266
+
/*
3267
+
* Grab reference for DIO. Will be dropped in
3268
+
* ext4_end_io_dio()
3269
+
*/
3270
+
iocb->private = ext4_get_io_end(io_end);
3271
+
/*
3272
+
* we save the io structure for current async direct
3273
+
* IO, so that later ext4_map_blocks() could flag the
3274
+
* io structure whether there is a unwritten extents
3275
+
* needs to be converted when IO is completed.
3276
+
*/
3277
+
ext4_inode_aio_set(inode, io_end);
3278
+
}
3307
3279
get_block_func = ext4_get_block_write;
3308
3280
dio_flags = DIO_LOCKING;
3309
3281
}
+1
-1
fs/ext4/ioctl.c
+1
-1
fs/ext4/ioctl.c
+1
-1
fs/ext4/mballoc.c
+1
-1
fs/ext4/mballoc.c
···
2285
2285
if (group == 0)
2286
2286
seq_puts(seq, "#group: free frags first ["
2287
2287
" 2^0 2^1 2^2 2^3 2^4 2^5 2^6 "
2288
-
" 2^7 2^8 2^9 2^10 2^11 2^12 2^13 ]");
2288
+
" 2^7 2^8 2^9 2^10 2^11 2^12 2^13 ]\n");
2289
2289
2290
2290
i = (sb->s_blocksize_bits + 2) * sizeof(sg.info.bb_counters[0]) +
2291
2291
sizeof(struct ext4_group_info);
+12
-3
fs/ext4/move_extent.c
+12
-3
fs/ext4/move_extent.c
···
265
265
ext4_lblk_t orig_blk_offset, donor_blk_offset;
266
266
unsigned long blocksize = orig_inode->i_sb->s_blocksize;
267
267
unsigned int tmp_data_size, data_size, replaced_size;
268
-
int err2, jblocks, retries = 0;
268
+
int i, err2, jblocks, retries = 0;
269
269
int replaced_count = 0;
270
270
int from = data_offset_in_page << orig_inode->i_blkbits;
271
271
int blocks_per_page = PAGE_CACHE_SIZE >> orig_inode->i_blkbits;
272
272
struct super_block *sb = orig_inode->i_sb;
273
+
struct buffer_head *bh = NULL;
273
274
274
275
/*
275
276
* It needs twice the amount of ordinary journal buffers because
···
381
380
}
382
381
/* Perform all necessary steps similar write_begin()/write_end()
383
382
* but keeping in mind that i_size will not change */
384
-
*err = __block_write_begin(pagep[0], from, replaced_size,
385
-
ext4_get_block);
383
+
if (!page_has_buffers(pagep[0]))
384
+
create_empty_buffers(pagep[0], 1 << orig_inode->i_blkbits, 0);
385
+
bh = page_buffers(pagep[0]);
386
+
for (i = 0; i < data_offset_in_page; i++)
387
+
bh = bh->b_this_page;
388
+
for (i = 0; i < block_len_in_page; i++) {
389
+
*err = ext4_get_block(orig_inode, orig_blk_offset + i, bh, 0);
390
+
if (*err < 0)
391
+
break;
392
+
}
386
393
if (!*err)
387
394
*err = block_commit_write(pagep[0], from, from + replaced_size);
388
395
+24
-2
fs/ext4/namei.c
+24
-2
fs/ext4/namei.c
···
1558
1558
struct ext4_dir_entry_2 *de;
1559
1559
struct buffer_head *bh;
1560
1560
1561
+
if (ext4_encrypted_inode(dir)) {
1562
+
int res = ext4_get_encryption_info(dir);
1563
+
1564
+
/*
1565
+
* This should be a properly defined flag for
1566
+
* dentry->d_flags when we uplift this to the VFS.
1567
+
* d_fsdata is set to (void *) 1 if if the dentry is
1568
+
* created while the directory was encrypted and we
1569
+
* don't have access to the key.
1570
+
*/
1571
+
dentry->d_fsdata = NULL;
1572
+
if (ext4_encryption_info(dir))
1573
+
dentry->d_fsdata = (void *) 1;
1574
+
d_set_d_op(dentry, &ext4_encrypted_d_ops);
1575
+
if (res && res != -ENOKEY)
1576
+
return ERR_PTR(res);
1577
+
}
1578
+
1561
1579
if (dentry->d_name.len > EXT4_NAME_LEN)
1562
1580
return ERR_PTR(-ENAMETOOLONG);
1563
1581
···
1603
1585
return ERR_PTR(-EFSCORRUPTED);
1604
1586
}
1605
1587
if (!IS_ERR(inode) && ext4_encrypted_inode(dir) &&
1606
-
(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
1607
-
S_ISLNK(inode->i_mode)) &&
1588
+
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
1608
1589
!ext4_is_child_context_consistent_with_parent(dir,
1609
1590
inode)) {
1591
+
int nokey = ext4_encrypted_inode(inode) &&
1592
+
!ext4_encryption_info(inode);
1593
+
1610
1594
iput(inode);
1595
+
if (nokey)
1596
+
return ERR_PTR(-ENOKEY);
1611
1597
ext4_warning(inode->i_sb,
1612
1598
"Inconsistent encryption contexts: %lu/%lu\n",
1613
1599
(unsigned long) dir->i_ino,