提交 · e79a33270d05f711e985b9524a392fd45ad3e93f · openanolis / cloud-kernel

22 6月, 2017 1 次提交

btrfs: Check name_len with boundary in verify dir_item · e79a3327

由 Su Yue 提交于 6月 06, 2017

Originally, verify_dir_item verifies name_len of dir_item with fixed
values but not item boundary.
If corrupted name_len was not bigger than the fixed value, for example
255, the function will think the dir_item is fine. And then reading
beyond boundary will cause crash.

Example:
	1. Corrupt one dir_item name_len to be 255.
        2. Run 'ls -lar /mnt/test/ > /dev/null'
dmesg:
[   48.451449] BTRFS info (device vdb1): disk space caching is enabled
[   48.451453] BTRFS info (device vdb1): has skinny extents
[   48.489420] general protection fault: 0000 [#1] SMP
[   48.489571] Modules linked in: ext4 jbd2 mbcache btrfs xor raid6_pq
[   48.489716] CPU: 1 PID: 2710 Comm: ls Not tainted 4.10.0-rc1 #5
[   48.489853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
[   48.490008] task: ffff880035df1bc0 task.stack: ffffc90004800000
[   48.490008] RIP: 0010:read_extent_buffer+0xd2/0x190 [btrfs]
[   48.490008] RSP: 0018:ffffc90004803d98 EFLAGS: 00010202
[   48.490008] RAX: 000000000000001b RBX: 000000000000001b RCX: 0000000000000000
[   48.490008] RDX: ffff880079dbf36c RSI: 0005080000000000 RDI: ffff880079dbf368
[   48.490008] RBP: ffffc90004803dc8 R08: ffff880078e8cc48 R09: ffff880000000000
[   48.490008] R10: 0000160000000000 R11: 0000000000001000 R12: ffff880079dbf288
[   48.490008] R13: ffff880078e8ca88 R14: 0000000000000003 R15: ffffc90004803e20
[   48.490008] FS:  00007fef50c60800(0000) GS:ffff88007d400000(0000) knlGS:0000000000000000
[   48.490008] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   48.490008] CR2: 000055f335ac2ff8 CR3: 000000007356d000 CR4: 00000000001406e0
[   48.490008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   48.490008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   48.490008] Call Trace:
[   48.490008]  btrfs_real_readdir+0x3b7/0x4a0 [btrfs]
[   48.490008]  iterate_dir+0x181/0x1b0
[   48.490008]  SyS_getdents+0xa7/0x150
[   48.490008]  ? fillonedir+0x150/0x150
[   48.490008]  entry_SYSCALL_64_fastpath+0x18/0xad
[   48.490008] RIP: 0033:0x7fef5032546b
[   48.490008] RSP: 002b:00007ffeafcdb830 EFLAGS: 00000206 ORIG_RAX: 000000000000004e
[   48.490008] RAX: ffffffffffffffda RBX: 00007fef5061db38 RCX: 00007fef5032546b
[   48.490008] RDX: 0000000000008000 RSI: 000055f335abaff0 RDI: 0000000000000003
[   48.490008] RBP: 00007fef5061dae0 R08: 00007fef5061db48 R09: 0000000000000000
[   48.490008] R10: 000055f335abafc0 R11: 0000000000000206 R12: 00007fef5061db38
[   48.490008] R13: 0000000000008040 R14: 00007fef5061db38 R15: 000000000000270e
[   48.490008] RIP: read_extent_buffer+0xd2/0x190 [btrfs] RSP: ffffc90004803d98
[   48.499455] ---[ end trace 321920d8e8339505 ]---

Fix it by adding a parameter @slot and check name_len with item boundary
by calling btrfs_is_name_len_valid.
Signed-off-by: NSu Yue <suy.fnst@cn.fujitsu.com>
rev
Signed-off-by: NDavid Sterba <dsterba@suse.com>

e79a3327

18 4月, 2017 1 次提交

btrfs: convert extent_map.refs from atomic_t to refcount_t · 490b54d6

由 Elena Reshetova 提交于 3月 03, 2017

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: NElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: NHans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: NKees Cook <keescook@chromium.org>
Signed-off-by: NDavid Windsor <dwindsor@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

490b54d6

28 2月, 2017 5 次提交
- N
  btrfs: Make btrfs_add_link take btrfs_inode · db0a669f
  由 Nikolay Borisov 提交于 2月 20, 2017
```
Signed-off-by: NNikolay Borisov <nborisov@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
  db0a669f
- N
  btrfs: make btrfs_log_inode_parent take btrfs_inode · 19df27a9
  由 Nikolay Borisov 提交于 2月 20, 2017
```
Signed-off-by: NNikolay Borisov <nborisov@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
  19df27a9
- N
  btrfs: Make check_parent_dirs_for_sync take btrfs_inode · aefa6115
  由 Nikolay Borisov 提交于 2月 20, 2017
```
Signed-off-by: NNikolay Borisov <nborisov@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
  aefa6115
- N
  btrfs: Make btrfs_i_size_write take btrfs_inode · 6ef06d27
  由 Nikolay Borisov 提交于 2月 20, 2017
```
Signed-off-by: NNikolay Borisov <nborisov@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
  6ef06d27
- N
  btrfs: Make btrfs_log_all_parents take btrfs_inode · d0a0b78d
  由 Nikolay Borisov 提交于 2月 20, 2017
```
Signed-off-by: NNikolay Borisov <nborisov@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
  d0a0b78d
24 2月, 2017 1 次提交

Btrfs: do not create explicit holes when replaying log tree if NO_HOLES enabled · 3168021c

由 Filipe Manana 提交于 2月 01, 2017

We log holes explicitly by using file extent items, however when replaying
a log tree, if a logged file extent item corresponds to a hole and the
NO_HOLES feature is enabled we do not need to copy the file extent item
into the fs/subvolume tree, as the absence of such file extent items is
the purpose of the NO_HOLES feature. So skip the copying of file extent
items representing holes when the NO_HOLES feature is enabled.
Signed-off-by: NFilipe Manana <fdmanana@suse.com>

3168021c

17 2月, 2017 3 次提交

btrfs: remove unused parameter from __add_inode_ref · d75eefdf

由 David Sterba 提交于 2月 10, 2017

Unused since the helper has been split, eb used in the caller.
Reviewed-by: NLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

d75eefdf

btrfs: merge two superblock writing helpers · eece6a9c

由 David Sterba 提交于 2月 10, 2017

write_all_supers and write_ctree_super are almost equal, the parameter
'trans' is unused so we can drop it and have just one helper.
Reviewed-by: NLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

eece6a9c

btrfs: remove unused parameter from clean_tree_block · 7c302b49

由 David Sterba 提交于 2月 10, 2017

Added but never needed.
Reviewed-by: NLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

7c302b49

14 2月, 2017 28 次提交

btrfs: fix over-80 lines introduced by previous cleanups · f85b7379

由 David Sterba 提交于 1月 20, 2017

This goes as a separate patch because fixing that inside the patches
caused too many many conflicts.
Signed-off-by: NDavid Sterba <dsterba@suse.com>

f85b7379

btrfs: Make count_inode_refs take btrfs_inode · f329e319

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

f329e319

btrfs: Make count_inode_extrefs take btrfs_inode · 36283658

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

36283658

btrfs: Make btrfs_log_inode take btrfs_inode · a59108a7

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

a59108a7

btrfs: Make log_inode_item take btrfs_inode · 6d889a3b

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

6d889a3b

btrfs: Make __add_inode_ref take btrfs_inode · 94c91a1f

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

94c91a1f

btrfs: Make drop_one_dir_item take btrfs_inode · 207e7d92

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

207e7d92

btrfs: Make btrfs_unlink_inode take btrfs_inode · 4ec5934e

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

4ec5934e

btrfs: Make log_new_dir_dentries take btrfs_inode · 51cc0d32

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

51cc0d32

btrfs: Make log_directory_changes take btrfs_inode · dbf39ea4

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

dbf39ea4

btrfs: Make log_dir_items take btrfs_inode · 684a5773

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

684a5773

N
btrfs: Make btrfs_log_changed_extents take btrfs_inode · 9d122629
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
9d122629
N
btrfs: Make btrfs_get_logged_extents take btrfs_inode · 22346637
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
22346637
N
btrfs: Make btrfs_log_trailing_hole take btrfs_inode · a0308dd7
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
a0308dd7

btrfs: Make btrfs_log_all_xattrs take btrfs_inode · 1a93c36a

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

1a93c36a

btrfs: Make copy_items take btrfs_inode · 44d70e19

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

44d70e19

N
btrfs: Make btrfs_check_ref_name_override take btrfs_inode · 4791c8f1
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
4791c8f1

btrfs: Make logged_inode_size take btrfs_inode · 481b01c0

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

481b01c0

btrfs: Make btrfs_del_inode_ref take btrfs_inode · a491abb2

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

a491abb2

N
btrfs: Make btrfs_del_dir_entries_in_log take btrfs_inode · 49f34d1f
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
49f34d1f

btrfs: Make btrfs_log_new_name take btrfs_inode · 9ca5fbfb

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

9ca5fbfb

btrfs: Make btrfs_inode_in_log take btrfs_inode · 0f8939b8

由 Nikolay Borisov 提交于 1月 18, 2017

Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

0f8939b8

N
btrfs: Make btrfs_record_snapshot_destroy take btrfs_inode · 43663557
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
43663557
N
btrfs: Make btrfs_record_unlink_dir take btrfs_inode · 4176bdbf
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
4176bdbf
N
btrfs: Make btrfs_must_commit_transaction take btrfs_inode · ab1717b2
由 Nikolay Borisov 提交于 1月 18, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
ab1717b2
N
btrfs: Make btrfs_commit_inode_delayed_items take btrfs_inode · 5f4b32e9
由 Nikolay Borisov 提交于 1月 10, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
5f4b32e9
N
btrfs: Make btrfs_commit_inode_delayed_inode take btrfs_inode · aa79021f
由 Nikolay Borisov 提交于 1月 10, 2017
```
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
```
aa79021f

btrfs: Make btrfs_ino take a struct btrfs_inode · 4a0cc7ca

由 Nikolay Borisov 提交于 1月 10, 2017

Currently btrfs_ino takes a struct inode and this causes a lot of
internal btrfs functions which consume this ino to take a VFS inode,
rather than btrfs' own struct btrfs_inode. In order to fix this "leak"
of VFS structs into the internals of btrfs first it's necessary to
eliminate all uses of struct inode for the purpose of inode. This patch
does that by using BTRFS_I to convert an inode to btrfs_inode. With
this problem eliminated subsequent patches will start eliminating the
passing of struct inode altogether, eventually resulting in a lot cleaner
code.
Signed-off-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
[ fix btrfs_get_extent tracepoint prototype ]
Signed-off-by: NDavid Sterba <dsterba@suse.com>

4a0cc7ca

03 1月, 2017 1 次提交

Btrfs: fix lockdep warning about log_mutex · 781feef7

由 Liu Bo 提交于 11月 30, 2016

While checking INODE_REF/INODE_EXTREF for a corner case, we may acquire a
different inode's log_mutex with holding the current inode's log_mutex, and
lockdep has complained this with a possilble deadlock warning.

Fix this by using mutex_lock_nested() when processing the other inode's
log_mutex.
Reviewed-by: NFilipe Manana <fdmanana@suse.com>
Signed-off-by: NLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>

781feef7

openanolis / cloud-kernel 1 年多 前同步成功

openanolis / cloud-kernel
1 年多前同步成功