tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'xfs-4.13-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:

- fix firstfsb variables that we left uninitialized, which could lead
to locking problems.

- check for NULL metadata buffer pointers before using them.

- don't allow btree cursor manipulation if the btree block is corrupt.
Better to just shut down.

- fix infinite loop problems in quotacheck.

- fix buffer overrun when validating directory blocks.

- fix deadlock problem in bunmapi.

* tag 'xfs-4.13-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: fix multi-AG deadlock in xfs_bunmapi
xfs: check that dir block entries don't off the end of the buffer
xfs: fix quotacheck dquot id overflow infinite loop
xfs: check _alloc_read_agf buffer pointer before using
xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write
xfs: check _btree_check_block value

Linus Torvalds 19993e73 81554693

+39 -3
+21
fs/xfs/libxfs/xfs_bmap.c
··· 5435 5435 xfs_fsblock_t sum; 5436 5436 xfs_filblks_t len = *rlen; /* length to unmap in file */ 5437 5437 xfs_fileoff_t max_len; 5438 + xfs_agnumber_t prev_agno = NULLAGNUMBER, agno; 5438 5439 5439 5440 trace_xfs_bunmap(ip, bno, len, flags, _RET_IP_); 5440 5441 ··· 5535 5534 */ 5536 5535 del = got; 5537 5536 wasdel = isnullstartblock(del.br_startblock); 5537 + 5538 + /* 5539 + * Make sure we don't touch multiple AGF headers out of order 5540 + * in a single transaction, as that could cause AB-BA deadlocks. 5541 + */ 5542 + if (!wasdel) { 5543 + agno = XFS_FSB_TO_AGNO(mp, del.br_startblock); 5544 + if (prev_agno != NULLAGNUMBER && prev_agno > agno) 5545 + break; 5546 + prev_agno = agno; 5547 + } 5538 5548 if (got.br_startoff < start) { 5539 5549 del.br_startoff = start; 5540 5550 del.br_blockcount -= start - got.br_startoff; ··· 6510 6498 { 6511 6499 xfs_fsblock_t firstfsb; 6512 6500 int error = 0; 6501 + 6502 + /* 6503 + * firstfsb is tied to the transaction lifetime and is used to 6504 + * ensure correct AG locking order and schedule work item 6505 + * continuations. XFS_BUI_MAX_FAST_EXTENTS (== 1) restricts us 6506 + * to only making one bmap call per transaction, so it should 6507 + * be safe to have it as a local variable here. 6508 + */ 6509 + firstfsb = NULLFSBLOCK; 6513 6510 6514 6511 trace_xfs_bmap_deferred(tp->t_mountp, 6515 6512 XFS_FSB_TO_AGNO(tp->t_mountp, startblock), type,
+4 -2
fs/xfs/libxfs/xfs_btree.c
··· 728 728 * Get the block pointer for this level. 729 729 */ 730 730 block = xfs_btree_get_block(cur, level, &bp); 731 - xfs_btree_check_block(cur, block, level, bp); 731 + if (xfs_btree_check_block(cur, block, level, bp)) 732 + return 0; 732 733 /* 733 734 * It's empty, there is no such record. 734 735 */ ··· 758 757 * Get the block pointer for this level. 759 758 */ 760 759 block = xfs_btree_get_block(cur, level, &bp); 761 - xfs_btree_check_block(cur, block, level, bp); 760 + if (xfs_btree_check_block(cur, block, level, bp)) 761 + return 0; 762 762 /* 763 763 * It's empty, there is no such record. 764 764 */
+4
fs/xfs/libxfs/xfs_dir2_data.c
··· 136 136 */ 137 137 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) { 138 138 XFS_WANT_CORRUPTED_RETURN(mp, lastfree == 0); 139 + XFS_WANT_CORRUPTED_RETURN(mp, endp >= 140 + p + be16_to_cpu(dup->length)); 139 141 XFS_WANT_CORRUPTED_RETURN(mp, 140 142 be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) == 141 143 (char *)dup - (char *)hdr); ··· 166 164 XFS_WANT_CORRUPTED_RETURN(mp, dep->namelen != 0); 167 165 XFS_WANT_CORRUPTED_RETURN(mp, 168 166 !xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber))); 167 + XFS_WANT_CORRUPTED_RETURN(mp, endp >= 168 + p + ops->data_entsize(dep->namelen)); 169 169 XFS_WANT_CORRUPTED_RETURN(mp, 170 170 be16_to_cpu(*ops->data_entry_tag_p(dep)) == 171 171 (char *)dep - (char *)hdr);
+4
fs/xfs/libxfs/xfs_refcount.c
··· 1638 1638 error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp); 1639 1639 if (error) 1640 1640 goto out_trans; 1641 + if (!agbp) { 1642 + error = -ENOMEM; 1643 + goto out_trans; 1644 + } 1641 1645 cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL); 1642 1646 1643 1647 /* Find all the leftover CoW staging extents. */
+3
fs/xfs/xfs_qm.c
··· 111 111 skipped = 0; 112 112 break; 113 113 } 114 + /* we're done if id overflows back to zero */ 115 + if (!next_index) 116 + break; 114 117 } 115 118 116 119 if (skipped) {
+3 -1
fs/xfs/xfs_reflink.c
··· 170 170 error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp); 171 171 if (error) 172 172 return error; 173 + if (!agbp) 174 + return -ENOMEM; 173 175 174 176 cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL); 175 177 ··· 331 329 xfs_filblks_t count_fsb, 332 330 struct xfs_defer_ops *dfops) 333 331 { 334 - xfs_fsblock_t first_block; 332 + xfs_fsblock_t first_block = NULLFSBLOCK; 335 333 int nimaps = 1; 336 334 337 335 if (imap->br_state == XFS_EXT_NORM)