Patch "xfs: don't crash if reading a directory results in an unexpected hole" has been added to the 4.9-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    xfs: don't crash if reading a directory results in an unexpected hole

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     xfs-don-t-crash-if-reading-a-directory-results-in-an-unexpected-hole.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From hch@xxxxxx  Tue Jan 10 11:29:59 2017
From: Christoph Hellwig <hch@xxxxxx>
Date: Mon,  9 Jan 2017 16:38:54 +0100
Subject: xfs: don't crash if reading a directory results in an unexpected hole
To: stable@xxxxxxxxxxxxxxx
Cc: linux-xfs@xxxxxxxxxxxxxxx, "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>, Dave Chinner <david@xxxxxxxxxxxxx>
Message-ID: <1483976343-661-24-git-send-email-hch@xxxxxx>


From: "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>

commit 96a3aefb8ffde23180130460b0b2407b328eb727 upstream.

In xfs_dir3_data_read, we can encounter the situation where err == 0 and
*bpp == NULL if the given bno offset happens to be a hole; this leads to
a crash if we try to set the buffer type after the _da_read_buf call.
Holes can happen due to corrupt or malicious entries in the bmbt data,
so be a little more careful when we're handling buffers.

Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
Signed-off-by: Dave Chinner <david@xxxxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/xfs/libxfs/xfs_dir2_data.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -329,7 +329,7 @@ xfs_dir3_data_read(
 
 	err = xfs_da_read_buf(tp, dp, bno, mapped_bno, bpp,
 				XFS_DATA_FORK, &xfs_dir3_data_buf_ops);
-	if (!err && tp)
+	if (!err && tp && *bpp)
 		xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_DATA_BUF);
 	return err;
 }


Patches currently in stable-queue which might be from hch@xxxxxx are

queue-4.9/xfs-always-succeed-when-deduping-zero-bytes.patch
queue-4.9/xfs-fix-crash-and-data-corruption-due-to-removal-of-busy-cow-extents.patch
queue-4.9/xfs-don-t-allow-di_size-with-high-bit-set.patch
queue-4.9/xfs-new-inode-extent-list-lookup-helpers.patch
queue-4.9/xfs-don-t-call-xfs_sb_quota_from_disk-twice.patch
queue-4.9/xfs-factor-rmap-btree-size-into-the-indlen-calculations.patch
queue-4.9/xfs-check-return-value-of-_trans_reserve_quota_nblks.patch
queue-4.9/xfs-complain-if-we-don-t-get-nextents-bmap-records.patch
queue-4.9/xfs-check-for-bogus-values-in-btree-block-headers.patch
queue-4.9/xfs-use-gpf_nofs-when-allocating-btree-cursors.patch
queue-4.9/xfs-fix-max_retries-_show-and-_store-functions.patch
queue-4.9/xfs-fix-double-cleanup-when-cui-recovery-fails.patch
queue-4.9/xfs-don-t-skip-cow-forks-w-delalloc-blocks-in-cowblocks-scan.patch
queue-4.9/xfs-track-preallocation-separately-in-xfs_bmapi_reserve_delalloc.patch
queue-4.9/xfs-use-the-actual-ag-length-when-reserving-blocks.patch
queue-4.9/xfs-ignore-leaf-attr-ichdr.count-in-verifier-during-log-replay.patch
queue-4.9/xfs-pass-post-eof-speculative-prealloc-blocks-to-bmapi.patch
queue-4.9/xfs-don-t-cap-maximum-dedupe-request-length.patch
queue-4.9/xfs-pass-state-not-whichfork-to-trace_xfs_extlist.patch
queue-4.9/xfs-move-agi-buffer-type-setting-to-xfs_read_agi.patch
queue-4.9/xfs-check-minimum-block-size-for-crc-filesystems.patch
queue-4.9/xfs-handle-cow-fork-in-xfs_bmap_trace_exlist.patch
queue-4.9/pci-msi-check-for-null-affinity-mask-in-pci_irq_get_affinity.patch
queue-4.9/xfs-error-out-if-trying-to-add-attrs-and-anextents-0.patch
queue-4.9/xfs-don-t-bug-on-mixed-direct-and-mapped-i-o.patch
queue-4.9/xfs-use-new-extent-lookup-helpers-xfs_file_iomap_begin_delay.patch
queue-4.9/xfs-fix-unbalanced-inode-reclaim-flush-locking.patch
queue-4.9/genirq-affinity-fix-node-generation-from-cpumask.patch
queue-4.9/xfs-use-new-extent-lookup-helpers-in-__xfs_reflink_reserve_cow.patch
queue-4.9/xfs-don-t-crash-if-reading-a-directory-results-in-an-unexpected-hole.patch
queue-4.9/xfs-remove-prev-argument-to-xfs_bmapi_reserve_delalloc.patch
queue-4.9/xfs-clean-up-cow-fork-reservation-and-tag-inodes-correctly.patch
queue-4.9/xfs-forbid-ag-btrees-with-level-0.patch
queue-4.9/xfs-provide-helper-for-counting-extents-from-if_bytes.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]