mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-27 19:29:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/xfs
History
Christoph Hellwig 7fcd3efa1e xfs: remove filestream item xfs_inode reference 
The filestreams allocator stores an xfs_fstrm_item structure in the MRU to
cache inode number to agno mappings for a particular length of time.  Each
xfs_fstrm_item contains the internal MRU structure, an inode pointer and
agno value.

The inode pointer stored in the xfs_fstrm_item is not referenced, however,
which means the inode itself can be removed and reclaimed before the MRU
item is freed. If this occurs, xfs_fstrm_free_func() can access freed or
unrelated memory through xfs_fstrm_item->ip and crash.

The obvious solution is to grab an inode reference for xfs_fstrm_item.
The filestream mechanism only actually uses the inode pointer as a means
to access the xfs_mount, however.  Rather than add unnecessary
complexity, simplify the implementation to store an xfs_mount pointer in
struct xfs_mru_cache, and pass it to the free callback.  This also
requires updates to the tracepoint class to provide the associated data
via parameters rather than the inode and a minor hack to peek at the MRU
key to establish the inode number at free time.

Based on debugging work and an earlier patch from Brian Foster, who
also wrote most of this changelog.

Reported-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-09 10:23:39 -07:00
..
libxfs xfs: clean up xfs_mount allocation and dynamic initializers 2018-03-26 08:54:15 -07:00
scrub xfs: xfs_scrub_iallocbt_xref_rmap_inodes should use xref_set_corrupt 2018-03-23 18:05:09 -07:00
Kconfig fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at 2018-01-01 12:45:37 -07:00
kmem.c xfs: fall back to vmalloc when allocation log vector buffers 2018-03-11 20:27:55 -07:00
kmem.h xfs: fall back to vmalloc when allocation log vector buffers 2018-03-11 20:27:55 -07:00
Makefile xfs: use a b+tree for the in-core extent list 2017-11-06 11:53:41 -08:00
mrlock.h
xfs.h xfs: always define STATIC to static noinline 2017-11-06 11:53:58 -08:00
xfs_acl.c xfs: don't change inode mode if ACL update fails 2017-10-11 10:21:06 -07:00
xfs_acl.h xfs: Don't clear SGID when inheriting ACLs 2017-06-27 18:23:21 -07:00
xfs_aops.c xfs: minor cleanup for xfs_get_blocks 2018-03-15 10:31:38 -07:00
xfs_aops.h xfs: perform dax_device lookup at mount 2017-08-31 09:31:47 -07:00
xfs_attr.h xfs: scrub extended attributes 2017-10-26 15:38:26 -07:00
xfs_attr_inactive.c xfs: fail if xattr inactivation hits a hole 2017-10-26 15:38:22 -07:00
xfs_attr_list.c xfs: remove u_int* type usage 2017-11-09 15:50:29 -08:00
xfs_bmap_item.c xfs: fix intent use-after-free on abort 2018-04-02 20:08:27 -07:00
xfs_bmap_item.h xfs: log recovery should replay deferred ops in order 2017-11-27 09:34:08 -08:00
xfs_bmap_util.c xfs: remove xfs_zero_range 2018-03-15 10:31:38 -07:00
xfs_bmap_util.h xfs: simplify the xfs_getbmap interface 2017-10-26 15:38:20 -07:00
xfs_buf.c xfs: Correctly invert xfs_buftarg LRU isolation logic 2018-03-11 20:27:56 -07:00
xfs_buf.h Use list_head infra-structure for buffer's log items list 2018-01-29 07:27:22 -08:00
xfs_buf_item.c xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_buf_item.h Use list_head infra-structure for buffer's log items list 2018-01-29 07:27:22 -08:00
xfs_dir2_readdir.c xfs: directory scrubber must walk through data block to offset 2018-01-17 21:00:46 -08:00
xfs_discard.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_discard.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_dquot.c xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_dquot.h
xfs_dquot_item.c xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_dquot_item.h
xfs_error.c xfs: refactor inode buffer verifier error logging 2018-03-23 18:05:07 -07:00
xfs_error.h xfs: refactor inode buffer verifier error logging 2018-03-23 18:05:07 -07:00
xfs_export.c xfs: merge _xfs_log_force_lsn and xfs_log_force_lsn 2018-03-14 11:12:52 -07:00
xfs_export.h
xfs_extent_busy.c xfs: merge _xfs_log_force and xfs_log_force 2018-03-14 11:12:52 -07:00
xfs_extent_busy.h
xfs_extfree_item.c xfs: fix intent use-after-free on abort 2018-04-02 20:08:27 -07:00
xfs_extfree_item.h
xfs_file.c xfs: remove xfs_zero_range 2018-03-15 10:31:38 -07:00
xfs_filestream.c xfs: remove filestream item xfs_inode reference 2018-04-09 10:23:39 -07:00
xfs_filestream.h
xfs_fsmap.c xfs: move two more RT specific functions into CONFIG_XFS_RT 2017-10-16 12:26:50 -07:00
xfs_fsmap.h
xfs_fsops.c xfs: convert XFS_AGFL_SIZE to a helper function 2018-03-11 20:27:56 -07:00
xfs_fsops.h xfs: hoist xfs_fs_geometry to libxfs 2018-01-08 10:54:48 -08:00
xfs_globals.c
xfs_icache.c xfs: catch inode allocation state mismatch corruption 2018-03-23 18:05:09 -07:00
xfs_icache.h xfs: remove leftover CoW reservations when remounting ro 2017-12-21 08:47:32 -08:00
xfs_icreate_item.c
xfs_icreate_item.h
xfs_inode.c xfs: Remove "committed" argument of xfs_dir_ialloc 2018-04-02 15:47:43 -07:00
xfs_inode.h xfs: Remove "committed" argument of xfs_dir_ialloc 2018-04-02 15:47:43 -07:00
xfs_inode_item.c xfs: remove an outdated comment for xfs_inode_item_committing 2018-03-14 11:12:51 -07:00
xfs_inode_item.h xfs: remove inode log format typedef 2017-11-01 15:03:16 -07:00
xfs_ioctl.c xfs: refactor the geometry structure filling function 2018-01-08 10:54:48 -08:00
xfs_ioctl.h xfs: remove u_int* type usage 2017-11-09 15:50:29 -08:00
xfs_ioctl32.c xfs: refactor the geometry structure filling function 2018-01-08 10:54:48 -08:00
xfs_ioctl32.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_iomap.c xfs: don't block on the ilock for RWF_NOWAIT 2018-03-01 14:12:45 -08:00
xfs_iomap.h xfs: update i_size after unwritten conversion in dio completion 2017-09-26 10:55:19 -07:00
xfs_iops.c xfs: remove xfs_zero_range 2018-03-15 10:31:38 -07:00
xfs_iops.h
xfs_itable.c xfs: remove if_rdev 2017-10-26 15:38:27 -07:00
xfs_itable.h xfs: create inode pointer verifiers 2017-10-26 15:38:23 -07:00
xfs_linux.h xfs: use %px for data pointers when debugging 2018-01-12 14:09:08 -08:00
xfs_log.c xfs: unwind the try_again loop in xfs_log_force 2018-03-23 18:05:06 -07:00
xfs_log.h xfs: merge _xfs_log_force_lsn and xfs_log_force_lsn 2018-03-14 11:12:52 -07:00
xfs_log_cil.c xfs: fall back to vmalloc when allocation log vector buffers 2018-03-11 20:27:55 -07:00
xfs_log_priv.h locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 2017-10-25 11:01:08 +02:00
xfs_log_recover.c xfs: do not log/recover swapext extent owner changes for deleted inodes 2018-03-29 10:19:15 -07:00
xfs_message.c
xfs_message.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_mount.c xfs: clean up xfs_mount allocation and dynamic initializers 2018-03-26 08:54:15 -07:00
xfs_mount.h xfs: detect agfl count corruption and reset agfl 2018-03-23 18:05:06 -07:00
xfs_mru_cache.c xfs: remove filestream item xfs_inode reference 2018-04-09 10:23:39 -07:00
xfs_mru_cache.h xfs: remove filestream item xfs_inode reference 2018-04-09 10:23:39 -07:00
xfs_ondisk.h xfs: Don't log uninitialised fields in inode structures 2017-10-11 10:21:06 -07:00
xfs_pnfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_pnfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_qm.c xfs: Remove "committed" argument of xfs_dir_ialloc 2018-04-02 15:47:43 -07:00
xfs_qm.h
xfs_qm_bhv.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_qm_syscalls.c
xfs_quota.h
xfs_quotaops.c VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb) 2017-07-17 08:45:34 +01:00
xfs_refcount_item.c xfs: fix intent use-after-free on abort 2018-04-02 20:08:27 -07:00
xfs_refcount_item.h xfs: log recovery should replay deferred ops in order 2017-11-27 09:34:08 -08:00
xfs_reflink.c xfs: minor cleanup for xfs_reflink_end_cow 2018-03-15 10:31:38 -07:00
xfs_reflink.h xfs: separate function to check if inode shares extents 2017-06-19 14:11:35 -07:00
xfs_rmap_item.c xfs: fix intent use-after-free on abort 2018-04-02 20:08:27 -07:00
xfs_rmap_item.h
xfs_rtalloc.c xfs: remove the ip argument to xfs_defer_finish 2017-09-01 10:55:30 -07:00
xfs_rtalloc.h xfs: cross-reference the realtime bitmap 2018-01-17 21:00:46 -08:00
xfs_stats.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_stats.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_super.c xfs: clean up xfs_mount allocation and dynamic initializers 2018-03-26 08:54:15 -07:00
xfs_super.h xfs: add scrub to XFS_BUILD_OPTIONS 2018-02-01 21:06:15 -08:00
xfs_symlink.c xfs: Remove "committed" argument of xfs_dir_ialloc 2018-04-02 15:47:43 -07:00
xfs_symlink.h xfs: allow reading of already-locked remote symbolic link 2017-06-20 10:45:22 -07:00
xfs_sysctl.c
xfs_sysctl.h
xfs_sysfs.c xfs: replace log_badcrc_factor knob with error injection tag 2017-06-27 18:23:21 -07:00
xfs_sysfs.h
xfs_trace.c fs: xfs: remove duplicate includes 2017-12-08 17:51:05 -08:00
xfs_trace.h xfs: remove filestream item xfs_inode reference 2018-04-09 10:23:39 -07:00
xfs_trans.c xfs: merge _xfs_log_force_lsn and xfs_log_force_lsn 2018-03-14 11:12:52 -07:00
xfs_trans.h Use list_head infra-structure for buffer's log items list 2018-01-29 07:27:22 -08:00
xfs_trans_ail.c xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_trans_bmap.c
xfs_trans_buf.c xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_trans_dquot.c
xfs_trans_extfree.c
xfs_trans_inode.c xfs: implement the lazytime mount option 2018-03-11 20:27:55 -07:00
xfs_trans_priv.h xfs: Rename xa_ elements to ail_ 2018-03-11 20:27:56 -07:00
xfs_trans_refcount.c
xfs_trans_rmap.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_xattr.c