mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 23:24:50 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/btrfs
History
Miao Xie c404e0dc2c Btrfs: fix use-after-free in the finishing procedure of the device replace 
During device replace test, we hit a null pointer deference (It was very easy
to reproduce it by running xfstests' btrfs/011 on the devices with the virtio
scsi driver). There were two bugs that caused this problem:
- We might allocate new chunks on the replaced device after we updated
  the mapping tree. And we forgot to replace the source device in those
  mapping of the new chunks.
- We might get the mapping information which including the source device
  before the mapping information update. And then submit the bio which was
  based on that mapping information after we freed the source device.

For the first bug, we can fix it by doing mapping tree update and source
device remove in the same context of the chunk mutex. The chunk mutex is
used to protect the allocable device list, the above method can avoid
the new chunk allocation, and after we remove the source device, all
the new chunks will be allocated on the new device. So it can fix
the first bug.

For the second bug, we need make sure all flighting bios are finished and
no new bios are produced during we are removing the source device. To fix
this problem, we introduced a global @bio_counter, we not only inc/dec
@bio_counter outsize of map_blocks, but also inc it before submitting bio
and dec @bio_counter when ending bios.

Since Raid56 is a little different and device replace dosen't support raid56
yet, it is not addressed in the patch and I add comments to make sure we will
fix it in the future.

Reported-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>
2014-03-10 15:15:39 -04:00
..
tests Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
acl.c btrfs: remove dead code 2014-01-28 13:19:50 -08:00
async-thread.c Btrfs: fix __btrfs_start_workers retval 2013-11-20 20:42:11 -05:00
async-thread.h Btrfs: eliminate races in worker stopping code 2013-10-04 16:02:13 -04:00
backref.c Btrfs: fix memory leaks on walking backrefs failure 2014-01-29 07:06:26 -08:00
backref.h Btrfs: allocate prelim_ref with a slab allocater 2013-09-01 08:16:27 -04:00
btrfs_inode.h Btrfs: add support for inode properties 2014-01-28 13:20:24 -08:00
check-integrity.c Btrfs: use btrfs_crc32c everywhere instead of libcrc32c 2014-02-03 09:01:27 -08:00
check-integrity.h block: submit_bio_wait() conversions 2013-11-24 16:33:41 -07:00
compression.c Btrfs: fix data corruption when reading/updating compressed extents 2014-02-08 17:57:15 -08:00
compression.h btrfs: make static code static & remove dead code 2013-05-06 15:55:23 -04:00
ctree.c Btrfs: fix btrfs_search_slot_for_read backwards iteration 2014-01-29 07:06:28 -08:00
ctree.h Btrfs: fix use-after-free in the finishing procedure of the device replace 2014-03-10 15:15:39 -04:00
delayed-inode.c Btrfs: introduce the delayed inode ref deletion for the single link inode 2014-01-28 13:20:09 -08:00
delayed-inode.h Btrfs: introduce the delayed inode ref deletion for the single link inode 2014-01-28 13:20:09 -08:00
delayed-ref.c Btrfs: attach delayed ref updates to delayed ref heads 2014-01-28 13:20:25 -08:00
delayed-ref.h Btrfs: attach delayed ref updates to delayed ref heads 2014-01-28 13:20:25 -08:00
dev-replace.c Btrfs: fix use-after-free in the finishing procedure of the device replace 2014-03-10 15:15:39 -04:00
dev-replace.h Btrfs: add new sources for device replace code 2012-12-12 17:15:41 -05:00
dir-item.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
disk-io.c Btrfs: fix use-after-free in the finishing procedure of the device replace 2014-03-10 15:15:39 -04:00
disk-io.h Btrfs: add a sanity test for btrfs_split_item 2013-11-11 21:51:02 -05:00
export.c btrfs: remove fs/btrfs/compat.h 2013-11-11 22:03:19 -05:00
export.h
extent-tree.c Btrfs: don't loop forever if we can't run because of the tree mod log 2014-02-08 17:57:15 -08:00
extent_io.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
extent_io.h Btrfs: move the extent buffer radix tree into the fs_info 2014-01-28 13:19:55 -08:00
extent_map.c Btrfs: fix extent_map block_len after merging 2014-01-28 13:19:51 -08:00
extent_map.h btrfs: Enclose macros with complex values within parenthesis 2013-11-11 22:12:06 -05:00
file-item.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
file.c Btrfs: don't use ram_bytes for uncompressed inline items 2014-01-29 07:06:29 -08:00
free-space-cache.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
free-space-cache.h Btrfs: remove path arg from btrfs_truncate_free_space_cache 2013-11-11 21:51:33 -05:00
hash.c Btrfs: fix btrfs boot when compiled as built-in 2014-01-28 13:20:31 -08:00
hash.h Btrfs: fix btrfs boot when compiled as built-in 2014-01-28 13:20:31 -08:00
inode-item.c btrfs: cleanup: removed unused 'btrfs_get_inode_ref_index' 2014-01-28 13:19:39 -08:00
inode-map.c btrfs: Use WARN_ON()'s return value in place of WARN_ON(1) 2013-11-11 22:11:53 -05:00
inode-map.h
inode.c Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol 2014-02-14 13:44:32 -08:00
ioctl.c btrfs: Return EXDEV for cross file system snapshot 2014-03-10 15:15:37 -04:00
Kconfig Btrfs: fix btrfs boot when compiled as built-in 2014-01-28 13:20:31 -08:00
locking.c btrfs: make static code static & remove dead code 2013-05-06 15:55:23 -04:00
locking.h Btrfs: remove btrfs_try_spin_lock 2013-03-14 14:57:10 -04:00
lzo.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
Makefile Btrfs: fix btrfs boot when compiled as built-in 2014-01-28 13:20:31 -08:00
math.h Btrfs: cleanup duplicated division functions 2012-12-11 13:31:30 -05:00
ordered-data.c Btrfs: don't mix the ordered extents of all files together during logging the inodes 2014-03-10 15:15:36 -04:00
ordered-data.h Btrfs: don't mix the ordered extents of all files together during logging the inodes 2014-03-10 15:15:36 -04:00
orphan.c btrfs: expand btrfs_find_item() to include find_orphan_item functionality 2014-01-28 13:19:37 -08:00
print-tree.c Btrfs: don't use ram_bytes for uncompressed inline items 2014-01-29 07:06:29 -08:00
print-tree.h btrfs: make static code static & remove dead code 2013-05-06 15:55:23 -04:00
props.c Btrfs: add support for inode properties 2014-01-28 13:20:24 -08:00
props.h Btrfs: add support for inode properties 2014-01-28 13:20:24 -08:00
qgroup.c Btrfs: fix qgroup rescan to work with skinny metadata 2014-01-28 13:20:27 -08:00
raid56.c btrfs: remove fs/btrfs/compat.h 2013-11-11 22:03:19 -05:00
raid56.h Btrfs: RAID5 and RAID6 2013-02-01 14:24:23 -05:00
rcu-string.h Btrfs: use rcu to protect device->name 2012-06-14 21:29:16 -04:00
reada.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
relocation.c Btrfs: fix an oops when we fail to relocate tree blocks 2014-01-28 13:20:14 -08:00
root-tree.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
scrub.c Btrfs: fix to search previous metadata extent item since skinny metadata 2014-01-28 13:20:33 -08:00
send.c Btrfs: use right clone root offset for compressed extents 2014-02-15 08:04:27 -08:00
send.h btrfs: make static code static & remove dead code 2013-05-06 15:55:23 -04:00
struct-funcs.c Btrfs: rewrite BTRFS_SETGET_FUNCS 2012-07-23 16:28:06 -04:00
super.c Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol 2014-02-14 13:44:32 -08:00
sysfs.c btrfs: fix null pointer deference at btrfs_sysfs_add_one+0x105 2014-02-15 08:03:09 -08:00
sysfs.h btrfs: publish allocation data in sysfs 2014-01-28 13:19:29 -08:00
transaction.c btrfs: Add noinode_cache mount option 2014-01-28 13:20:33 -08:00
transaction.h Btrfs: make fsync latency less sucky 2014-01-28 13:20:25 -08:00
tree-defrag.c Btrfs: cleanup dead code of defragment 2013-11-11 21:59:45 -05:00
tree-log.c Btrfs: don't mix the ordered extents of all files together during logging the inodes 2014-03-10 15:15:36 -04:00
tree-log.h btrfs: make static code static & remove dead code 2013-05-06 15:55:23 -04:00
ulist.c Btrfs: do not export ulist functions 2014-01-29 07:06:27 -08:00
ulist.h Btrfs: do not export ulist functions 2014-01-29 07:06:27 -08:00
uuid-tree.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00
volumes.c Btrfs: fix use-after-free in the finishing procedure of the device replace 2014-03-10 15:15:39 -04:00
volumes.h Btrfs: fix use-after-free in the finishing procedure of the device replace 2014-03-10 15:15:39 -04:00
xattr.c Btrfs: add support for inode properties 2014-01-28 13:20:24 -08:00
xattr.h
zlib.c Btrfs: convert printk to btrfs_ and fix BTRFS prefix 2014-01-28 13:20:05 -08:00