Patch "xfs: check for obviously bad level values in the bmbt root" has been added to the 4.9-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    xfs: check for obviously bad level values in the bmbt root

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     xfs-check-for-obviously-bad-level-values-in-the-bmbt-root.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b3bf607d58520ea8c0666aeb4be60dbb724cd3a2 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>
Date: Thu, 2 Feb 2017 15:13:59 -0800
Subject: xfs: check for obviously bad level values in the bmbt root

From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>

commit b3bf607d58520ea8c0666aeb4be60dbb724cd3a2 upstream.

We can't handle a bmbt that's taller than BTREE_MAXLEVELS, and there's
no such thing as a zero-level bmbt (for that we have extents format),
so if we see this, send back an error code.

Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/xfs/libxfs/xfs_inode_fork.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -26,6 +26,7 @@
 #include "xfs_inode.h"
 #include "xfs_trans.h"
 #include "xfs_inode_item.h"
+#include "xfs_btree.h"
 #include "xfs_bmap_btree.h"
 #include "xfs_bmap.h"
 #include "xfs_error.h"
@@ -429,11 +430,13 @@ xfs_iformat_btree(
 	/* REFERENCED */
 	int			nrecs;
 	int			size;
+	int			level;
 
 	ifp = XFS_IFORK_PTR(ip, whichfork);
 	dfp = (xfs_bmdr_block_t *)XFS_DFORK_PTR(dip, whichfork);
 	size = XFS_BMAP_BROOT_SPACE(mp, dfp);
 	nrecs = be16_to_cpu(dfp->bb_numrecs);
+	level = be16_to_cpu(dfp->bb_level);
 
 	/*
 	 * blow out if -- fork has less extents than can fit in
@@ -446,7 +449,8 @@ xfs_iformat_btree(
 					XFS_IFORK_MAXEXT(ip, whichfork) ||
 		     XFS_BMDR_SPACE_CALC(nrecs) >
 					XFS_DFORK_SIZE(dip, mp, whichfork) ||
-		     XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks)) {
+		     XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks) ||
+		     level == 0 || level > XFS_BTREE_MAXLEVELS) {
 		xfs_warn(mp, "corrupt inode %Lu (btree).",
 					(unsigned long long) ip->i_ino);
 		XFS_CORRUPTION_ERROR("xfs_iformat_btree", XFS_ERRLEVEL_LOW,


Patches currently in stable-queue which might be from darrick.wong@xxxxxxxxxx are

queue-4.9/xfs-mark-speculative-prealloc-cow-fork-extents-unwritten.patch
queue-4.9/xfs-fix-toctou-race-when-locking-an-inode-to-access-the-data-map.patch
queue-4.9/xfs-use-iomap-new-flag-for-newly-allocated-delalloc-blocks.patch
queue-4.9/xfs-handle-indlen-shortage-on-delalloc-extent-merge.patch
queue-4.9/xfs-reject-all-unaligned-direct-writes-to-reflinked-files.patch
queue-4.9/xfs-allow-unwritten-extents-in-the-cow-fork.patch
queue-4.9/xfs-tune-down-agno-asserts-in-the-bmap-code.patch
queue-4.9/xfs-verify-free-block-header-fields.patch
queue-4.9/xfs-check-for-obviously-bad-level-values-in-the-bmbt-root.patch
queue-4.9/xfs-don-t-fail-xfs_extent_busy-allocation.patch
queue-4.9/xfs-sync-eofblocks-scans-under-iolock-are-livelock-prone.patch
queue-4.9/xfs-use-per-ag-reservations-for-the-finobt.patch
queue-4.9/xfs-pull-up-iolock-from-xfs_free_eofblocks.patch
queue-4.9/xfs-fail-_dir_open-when-readahead-fails.patch
queue-4.9/xfs-reset-b_first_retry_time-when-clear-the-retry-status-of-xfs_buf_t.patch
queue-4.9/xfs-update-ctime-and-mtime-on-clone-destinatation-inodes.patch
queue-4.9/xfs-only-update-mount-resv-fields-on-success-in-__xfs_ag_resv_init.patch
queue-4.9/xfs-split-indlen-reservations-fairly-when-under-reserved.patch
queue-4.9/xfs-filter-out-obviously-bad-btree-pointers.patch
queue-4.9/xfs-use-xfs_icluster_size_fsb-to-calculate-inode-chunk-alignment.patch
queue-4.9/xfs-only-reclaim-unwritten-cow-extents-periodically.patch
queue-4.9/xfs-try-any-ag-when-allocating-the-first-btree-block-when-reflinking.patch
queue-4.9/xfs-fix-and-streamline-error-handling-in-xfs_end_io.patch
queue-4.9/xfs-fix-eofblocks-race-with-file-extending-async-dio-writes.patch
queue-4.9/xfs-fix-uninitialized-variable-in-_reflink_convert_cow.patch
queue-4.9/xfs-don-t-reserve-blocks-for-right-shift-transactions.patch
queue-4.9/xfs-use-xfs_icluster_size_fsb-to-calculate-inode-alignment-mask.patch
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]