mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-03 07:38:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/xfs/libxfs
History
Darrick J. Wong ff4ab5e02a xfs: fix an incore inode UAF in xfs_bui_recover 
In xfs_bui_item_recover, there exists a use-after-free bug with regards
to the inode that is involved in the bmap replay operation.  If the
mapping operation does not complete, we call xfs_bmap_unmap_extent to
create a deferred op to finish the unmapping work, and we retain a
pointer to the incore inode.

Unfortunately, the very next thing we do is commit the transaction and
drop the inode.  If reclaim tears down the inode before we try to finish
the defer ops, we dereference garbage and blow up.  Therefore, create a
way to join inodes to the defer ops freezer so that we can maintain the
xfs_inode reference until we're done with the inode.

Note: This imposes the requirement that there be enough memory to keep
every incore inode in memory throughout recovery.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2020-10-07 08:40:28 -07:00
..
xfs_ag.c xfs: store inode btree block counts in AGI header 2020-09-15 20:52:39 -07:00
xfs_ag.h
xfs_ag_resv.c
xfs_ag_resv.h xfs: get rid of unnecessary xfs_perag_{get,put} pairs 2020-07-14 08:47:33 -07:00
xfs_alloc.c xfs: Remove kmem_zone_alloc() usage 2020-07-28 20:24:14 -07:00
xfs_alloc.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_alloc_btree.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_alloc_btree.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_attr.c xfs: Convert xfs_attr_sf macros to inline functions 2020-09-15 20:52:42 -07:00
xfs_attr.h xfs: Add xfs_has_attr and subroutines 2020-07-28 20:24:14 -07:00
xfs_attr_leaf.c xfs: Convert xfs_attr_sf macros to inline functions 2020-09-15 20:52:42 -07:00
xfs_attr_leaf.h xfs: Add xfs_has_attr and subroutines 2020-07-28 20:24:14 -07:00
xfs_attr_remote.c xfs: remove the redundant crc feature check in xfs_attr3_rmt_verify 2020-09-25 11:34:07 -07:00
xfs_attr_remote.h xfs: Refactor xfs_attr_rmtval_remove 2020-07-28 20:28:11 -07:00
xfs_attr_sf.h xfs: Convert xfs_attr_sf macros to inline functions 2020-09-15 20:52:42 -07:00
xfs_bit.c
xfs_bit.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_bmap.c xfs: don't free rt blocks when we're doing a REMAP bunmapi call 2020-09-23 08:58:51 -07:00
xfs_bmap.h xfs: redesign the reflink remap loop to fix blkres depletion crash 2020-07-06 10:46:57 -07:00
xfs_bmap_btree.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_bmap_btree.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_btree.c xfs: support bulk loading of staged btrees 2020-03-18 08:12:23 -07:00
xfs_btree.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_btree_staging.c xfs: support bulk loading of staged btrees 2020-03-18 08:12:23 -07:00
xfs_btree_staging.h xfs: xfs_btree_staging.h: delete duplicated words 2020-07-28 20:24:14 -07:00
xfs_cksum.h
xfs_da_btree.c xfs: Refactor xfs_da_state_alloc() helper 2020-07-28 20:24:14 -07:00
xfs_da_btree.h xfs: Refactor xfs_da_state_alloc() helper 2020-07-28 20:24:14 -07:00
xfs_da_format.h xfs: code cleanup in xfs_attr_leaf_entsize_{remote,local} 2020-09-25 11:34:08 -07:00
xfs_defer.c xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_defer.h xfs: fix an incore inode UAF in xfs_bui_recover 2020-10-07 08:40:28 -07:00
xfs_dir2.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_dir2.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_dir2_block.c xfs: move the per-fork nextents fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_dir2_data.c xfs: check owner of dir3 data blocks 2020-03-12 07:58:12 -07:00
xfs_dir2_leaf.c xfs: add a function to deal with corrupt buffers post-verifiers 2020-03-12 07:58:12 -07:00
xfs_dir2_node.c xfs: Refactor xfs_da_state_alloc() helper 2020-07-28 20:24:14 -07:00
xfs_dir2_priv.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_dir2_sf.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_dquot_buf.c xfs: widen ondisk quota expiration timestamps to handle y2038+ 2020-09-15 20:52:41 -07:00
xfs_errortag.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_format.h xfs: enable big timestamps 2020-09-15 20:52:41 -07:00
xfs_fs.h xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_health.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_ialloc.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_ialloc.h xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_ialloc_btree.c xfs: support inode btree blockcounts in online repair 2020-09-15 20:52:40 -07:00
xfs_ialloc_btree.h xfs: add support for inode btree staging cursors 2020-03-18 08:12:23 -07:00
xfs_iext_tree.c xfs: remove kmem_realloc() 2020-09-06 18:05:51 -07:00
xfs_inode_buf.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_inode_buf.h xfs: use the existing type definition for di_projid 2020-09-25 11:34:07 -07:00
xfs_inode_fork.c xfs: remove kmem_realloc() 2020-09-06 18:05:51 -07:00
xfs_inode_fork.h xfs: cleanup xfs_idestroy_fork 2020-05-19 09:40:59 -07:00
xfs_log_format.h xfs: redefine xfs_ictimestamp_t 2020-09-15 20:52:41 -07:00
xfs_log_recover.h xfs: remove xlog_recover_iodone 2020-09-15 20:52:39 -07:00
xfs_log_rlimit.c
xfs_quota_defs.h xfs: widen ondisk quota expiration timestamps to handle y2038+ 2020-09-15 20:52:41 -07:00
xfs_refcount.c xfs: make the btree ag cursor private union anonymous 2020-03-13 10:37:15 -07:00
xfs_refcount.h
xfs_refcount_btree.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_refcount_btree.h xfs: add support for refcount btree staging cursors 2020-03-18 08:12:23 -07:00
xfs_rmap.c xfs: avoid shared rmap operations for attr fork extents 2020-09-25 11:34:08 -07:00
xfs_rmap.h
xfs_rmap_btree.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_rmap_btree.h xfs: add support for rmap btree staging cursors 2020-03-18 08:12:23 -07:00
xfs_rtbitmap.c xfs: rename xfs_bmap_is_real_extent to is_written_extent 2020-07-06 10:46:57 -07:00
xfs_sb.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_sb.h
xfs_shared.h xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_symlink_remote.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_trans_inode.c xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_trans_resv.c xfs: add a new xfs_sb_version_has_v3inode helper 2020-03-19 08:47:34 -07:00
xfs_trans_resv.h
xfs_trans_space.h xfs: fix off-by-one in inode alloc block reservation calculation 2020-08-26 14:13:21 -07:00
xfs_types.c
xfs_types.h