mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-06 16:49:22 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/btrfs
History
Filipe Manana bf005ed0fb Btrfs: fix use-after-free during inode eviction 
commit 421f0922a2 upstream.

At inode.c:evict_inode_truncate_pages(), when we iterate over the
inode's extent states, we access an extent state record's "state" field
after we unlocked the inode's io tree lock. This can lead to a
use-after-free issue because after we unlock the io tree that extent
state record might have been freed due to being merged into another
adjacent extent state record (a previous inflight bio for a read
operation finished in the meanwhile which unlocked a range in the io
tree and cause a merge of extent state records, as explained in the
comment before the while loop added in commit 6ca0709756 ("Btrfs: fix
hang during inode eviction due to concurrent readahead")).

Fix this by keeping a copy of the extent state's flags in a local
variable and using it after unlocking the io tree.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201189
Fixes: b9d0b38928 ("btrfs: Add handler for invalidate page")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-13 11:15:17 -08:00
..
tests btrfs: tests/qgroup: Fix wrong tree backref level 2018-05-30 07:52:26 +02:00
acl.c btrfs: preserve i_mode if __btrfs_set_acl() fails 2017-08-21 17:47:42 +02:00
async-thread.c btrfs: constify tracepoint arguments 2017-08-16 14:19:53 +02:00
async-thread.h btrfs: constify tracepoint arguments 2017-08-16 14:19:53 +02:00
backref.c btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes 2018-03-21 12:06:44 +01:00
backref.h btrfs: backref, add tracepoints for prelim_ref insertion and merging 2017-08-16 16:12:01 +02:00
btrfs_inode.h btrfs: separate defrag and property compression 2017-08-16 16:12:05 +02:00
check-integrity.c Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux 2017-09-09 13:27:51 -07:00
check-integrity.h
compression.c Merge branch 'for-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux 2017-09-29 12:57:35 -07:00
compression.h Merge branch 'zstd-minimal' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2017-09-14 17:30:49 -07:00
ctree.c btrfs: fix reading stale metadata blocks after degraded raid1 mounts 2018-05-22 18:54:01 +02:00
ctree.h btrfs: use kvzalloc to allocate btrfs_fs_info 2018-05-30 07:52:08 +02:00
dedupe.h
delayed-inode.c Btrfs: fix stale entries in readdir 2018-01-31 14:03:42 +01:00
delayed-inode.h btrfs: convert btrfs_delayed_item.refs from atomic_t to refcount_t 2017-04-18 14:07:23 +02:00
delayed-ref.c Btrfs: return old and new total ref mods when adding delayed refs 2017-06-29 20:17:01 +02:00
delayed-ref.h Btrfs: return old and new total ref mods when adding delayed refs 2017-06-29 20:17:01 +02:00
dev-replace.c btrfs: replace: Reset on-disk dev stats value after replace 2018-09-15 09:45:32 +02:00
dev-replace.h btrfs: constify device path passed to relevant helpers 2017-02-28 14:26:07 +01:00
dir-item.c btrfs: fix validation of XATTR_ITEM dir items 2017-06-29 20:06:11 +02:00
disk-io.c btrfs: use correct compare function of dirty_metadata_bytes 2018-09-05 09:26:33 +02:00
disk-io.h btrfs: use named constant for bdev blocksize 2017-08-16 16:12:04 +02:00
export.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
export.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extent-tree.c btrfs: don't use ctl->free_space for max_extent_size 2018-11-13 11:15:15 -08:00
extent_io.c Btrfs: fix file data corruption after cloning a range and fsync 2018-08-09 12:16:39 +02:00
extent_io.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extent_map.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extent_map.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file-item.c Merge branch 'for-4.13-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux 2017-07-05 16:41:23 -07:00
file.c btrfs: move the dio_sem higher up the callchain 2018-11-13 11:15:17 -08:00
free-space-cache.c btrfs: set max_extent_size properly 2018-11-13 11:15:15 -08:00
free-space-cache.h btrfs: free-space-cache, clean up unnecessary root arguments 2017-02-17 12:03:56 +01:00
free-space-tree.c btrfs: pass fs_info to btrfs_del_root instead of tree_root 2017-08-21 17:49:54 +02:00
free-space-tree.h btrfs: expose internal free space tree routine only if sanity tests are enabled 2017-08-18 16:36:29 +02:00
hash.c crypto: Work around deallocated stack frame reference gcc bug on sparc. 2017-06-08 17:36:03 +08:00
hash.h
inode-item.c
inode-map.c btrfs: qgroup: Introduce extent changeset for qgroup reserve functions 2017-06-29 20:17:02 +02:00
inode-map.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
inode.c Btrfs: fix use-after-free during inode eviction 2018-11-13 11:15:17 -08:00
ioctl.c btrfs: Ensure btrfs_trim_fs can trim the whole filesystem 2018-11-13 11:15:13 -08:00
Kconfig btrfs: Add zstd support 2017-08-15 09:02:09 -07:00
locking.c
locking.h
lzo.c btrfs: switch to kvmalloc and GFP_KERNEL in lzo/zlib alloc_workspace 2017-06-19 18:26:02 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
math.h
ordered-data.c btrfs: fix integer overflow in calc_reclaim_items_nr 2017-06-29 20:17:02 +02:00
ordered-data.h btrfs: fix integer overflow in calc_reclaim_items_nr 2017-06-29 20:17:02 +02:00
orphan.c
print-tree.c Btrfs: add one more sanity check for shared ref type 2017-08-21 17:47:43 +02:00
print-tree.h btrfs: get fs_info from eb in btrfs_print_tree, remove argument 2017-08-16 16:12:03 +02:00
props.c btrfs: property: Set incompat flag if lzo/zstd compression is set 2018-05-22 18:54:01 +02:00
props.h
qgroup.c btrfs: qgroup: Dirty all qgroups before rescan 2018-11-13 11:15:14 -08:00
qgroup.h btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled 2018-11-13 11:15:13 -08:00
raid56.c Btrfs: make raid6 rebuild retry more 2018-06-21 04:03:02 +09:00
raid56.h
rcu-string.h
reada.c btrfs: remove unused member err from reada_extent 2017-06-19 18:25:59 +02:00
relocation.c btrfs: Handle owner mismatch gracefully when walking up tree 2018-11-13 11:15:13 -08:00
root-tree.c Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-09-14 18:54:01 -07:00
scrub.c btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() 2018-08-24 13:09:18 +02:00
send.c Btrfs: send, fix issuing write op when processing hole in no data mode 2018-05-30 07:52:09 +02:00
send.h
struct-funcs.c btrfs: struct-funcs, constify readers 2017-08-16 14:19:53 +02:00
super.c Btrfs: fix btrfs_write_inode vs delayed iput deadlock 2018-09-05 09:26:34 +02:00
sysfs.c Revert "btrfs: use proper endianness accessors for super_copy" 2018-03-19 08:42:47 +01:00
sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
transaction.c btrfs: don't run delayed_iputs in commit 2018-11-13 11:15:17 -08:00
transaction.h btrfs: remove unused qgroup members from btrfs_trans_handle 2017-04-18 14:07:25 +02:00
tree-defrag.c
tree-log.c btrfs: move the dio_sem higher up the callchain 2018-11-13 11:15:17 -08:00
tree-log.h btrfs: Make btrfs_del_inode_ref take btrfs_inode 2017-02-14 15:50:54 +01:00
ulist.c btrfs: ulist: rename ulist_fini to ulist_release 2017-02-17 12:03:50 +01:00
ulist.h btrfs: ulist: rename ulist_fini to ulist_release 2017-02-17 12:03:50 +01:00
uuid-tree.c
volumes.c btrfs: btrfs_shrink_device should call commit transaction at the end 2018-10-10 08:54:19 +02:00
volumes.h btrfs: Fix memory barriers usage with device stats counters 2018-03-21 12:06:44 +01:00
xattr.c btrfs: Check name_len with boundary in verify dir_item 2017-06-21 19:16:04 +02:00
xattr.h
zlib.c btrfs: switch to kvmalloc and GFP_KERNEL in lzo/zlib alloc_workspace 2017-06-19 18:26:02 +02:00
zstd.c btrfs: Add zstd support 2017-08-15 09:02:09 -07:00