linux/fs/xfs
Darrick J. Wong e8db2aafce xfs: fix memory corruption during remote attr value buffer invalidation
While running generic/103, I observed what looks like memory corruption
and (with slub debugging turned on) a slub redzone warning on i386 when
inactivating an inode with a 64k remote attr value.

On a v5 filesystem, maximally sized remote attr values require one block
more than 64k worth of space to hold both the remote attribute value
header (64 bytes).  On a 4k block filesystem this results in a 68k
buffer; on a 64k block filesystem, this would be a 128k buffer.  Note
that even though we'll never use more than 65,600 bytes of this buffer,
XFS_MAX_BLOCKSIZE is 64k.

This is a problem because the definition of struct xfs_buf_log_format
allows for XFS_MAX_BLOCKSIZE worth of dirty bitmap (64k).  On i386 when we
invalidate a remote attribute, xfs_trans_binval zeroes all 68k worth of
the dirty map, writing right off the end of the log item and corrupting
memory.  We've gotten away with this on x86_64 for years because the
compiler inserts a u32 padding on the end of struct xfs_buf_log_format.

Fortunately for us, remote attribute values are written to disk with
xfs_bwrite(), which is to say that they are not logged.  Fix the problem
by removing all places where we could end up creating a buffer log item
for a remote attribute value and leave a note explaining why.  Next,
replace the open-coded buffer invalidation with a call to the helper we
created in the previous patch that does better checking for bad metadata
before marking the buffer stale.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2020-01-16 08:07:23 -08:00
..
libxfs xfs: fix memory corruption during remote attr value buffer invalidation 2020-01-16 08:07:23 -08:00
scrub xfs: remove bogus assertion when online repair isn't enabled 2020-01-09 10:55:19 -08:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile xfs: remove the now unused dir ops infrastructure 2019-11-10 16:54:24 -08:00
kmem.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
kmem.h xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
mrlock.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs.h xfs: remove b_last_holder & associated macros 2018-08-12 08:37:31 -07:00
xfs_acl.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_acl.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_aops.c xfs: add a xfs_inode_buftarg helper 2019-10-28 08:37:54 -07:00
xfs_aops.h xfs: add a xfs_inode_buftarg helper 2019-10-28 08:37:54 -07:00
xfs_attr_inactive.c xfs: fix memory corruption during remote attr value buffer invalidation 2020-01-16 08:07:23 -08:00
xfs_attr_list.c xfs: split xfs_da3_node_read 2019-11-22 08:17:10 -08:00
xfs_bio_io.c xfs: chain bios the right way around in xfs_rw_bdev 2019-07-10 10:04:16 -07:00
xfs_bmap_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_bmap_item.h xfs: merge xfs_bud_init into xfs_trans_get_bud 2019-06-28 19:27:36 -07:00
xfs_bmap_util.c xfs: stabilize insert range start boundary to avoid COW writeback race 2019-12-11 13:18:42 -08:00
xfs_bmap_util.h xfs: simplify xfs_iomap_eof_align_last_fsb 2019-11-03 10:22:30 -08:00
xfs_buf.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_buf.h xfs: mark xfs_buf_free static 2019-10-28 08:37:54 -07:00
xfs_buf_item.c xfs: use bitops interface for buf log item AIL flag check 2019-12-19 07:53:47 -08:00
xfs_buf_item.h xfs: remove the xfs_log_item_t typedef 2019-06-28 19:27:33 -07:00
xfs_dir2_readdir.c xfs: remove the mappedbno argument to xfs_da_read_buf 2019-11-22 08:17:10 -08:00
xfs_discard.c xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_discard.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_dquot.c xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_dquot.h xfs: remove the xfs_dq_logitem_t typedef 2019-11-13 18:22:26 -08:00
xfs_dquot_item.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_dquot_item.h xfs: remove the xfs_qoff_logitem_t typedef 2019-11-13 18:22:28 -08:00
xfs_error.c xfs: report corruption only as a regular error 2019-11-18 08:40:44 -08:00
xfs_error.h xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_export.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_export.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extent_busy.c xfs: cleanup use of the XFS_ALLOC_ flags 2019-11-03 10:22:31 -08:00
xfs_extent_busy.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_extfree_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_extfree_item.h xfs: merge xfs_efd_init into xfs_trans_get_efd 2019-06-28 19:27:35 -07:00
xfs_file.c xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read 2020-01-15 22:13:11 -08:00
xfs_filestream.c xfs: fix another missing include 2019-11-13 18:22:41 -08:00
xfs_filestream.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsmap.c xfs: add missing assert in xfs_fsmap_owner_from_rmap 2019-11-05 08:28:27 -08:00
xfs_fsmap.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_fsops.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_fsops.h xfs: change some error-less functions to void types 2019-05-01 20:26:30 -07:00
xfs_globals.c xfs: multithreaded iwalk implementation 2019-07-03 07:33:26 -07:00
xfs_health.c xfs: introduce new v5 bulkstat structure 2019-07-03 20:36:26 -07:00
xfs_icache.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_icache.h xfs: rename the speculative block allocation reclaim toggle functions 2019-04-26 12:28:55 -07:00
xfs_icreate_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_icreate_item.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_inode.c xfs: truncate should remove all blocks, not just to the end of the page cache 2020-01-14 08:02:52 -08:00
xfs_inode.h xfs: merge the projid fields in struct xfs_icdinode 2019-11-13 11:13:45 -08:00
xfs_inode_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_inode_item.h xfs: remove the xfs_log_item_t typedef 2019-06-28 19:27:33 -07:00
xfs_ioctl.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_ioctl.h xfs: remove XFS_IOC_FSSETDM and XFS_IOC_FSSETDM_BY_HANDLE 2019-11-13 18:22:41 -08:00
xfs_ioctl32.c xfs: reject invalid flags combinations in XFS_IOC_ATTRMULTI_BY_HANDLE 2020-01-09 10:55:18 -08:00
xfs_ioctl32.h xfs: rename compat_time_t to old_time32_t 2020-01-06 08:57:36 -08:00
xfs_iomap.c xfs: convert open coded corruption check to use XFS_IS_CORRUPT 2019-11-13 11:08:01 -08:00
xfs_iomap.h xfs: simplify the xfs_iomap_write_direct calling 2019-11-03 10:22:30 -08:00
xfs_iops.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00
xfs_iops.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_itable.c xfs: merge the projid fields in struct xfs_icdinode 2019-11-13 11:13:45 -08:00
xfs_itable.h xfs: remove all *_ITER_ABORT values 2019-08-29 21:22:41 -07:00
xfs_iwalk.c xfs: kill the XFS_WANT_CORRUPT_* macros 2019-11-12 17:19:02 -08:00
xfs_iwalk.h xfs: remove all *_ITER_CONTINUE values 2019-08-30 22:43:56 -07:00
xfs_linux.h xfs: report corruption only as a regular error 2019-11-18 08:40:44 -08:00
xfs_log.c xfs: fix mount failure crash on invalid iclog memory access 2019-12-03 14:53:07 -08:00
xfs_log.h fs: xfs: xfs_log: Change return type from int to void 2019-07-03 08:21:58 -07:00
xfs_log_cil.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_log_priv.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00
xfs_log_recover.c xfs: fix some memory leaks in log recovery 2019-11-15 21:15:29 -08:00
xfs_message.c xfs: make the assertion message functions take a mount parameter 2019-11-05 08:28:27 -08:00
xfs_message.h xfs: make the assertion message functions take a mount parameter 2019-11-05 08:28:27 -08:00
xfs_mount.c xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_mount.h xfs: remove unused structure members & simple typedefs 2019-11-13 18:22:41 -08:00
xfs_mru_cache.c fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. 2019-08-26 12:06:22 -07:00
xfs_mru_cache.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_ondisk.h xfs: wire up the v5 inumbers ioctl 2019-07-03 20:36:28 -07:00
xfs_pnfs.c xfs: use super s_id instead of struct xfs_mount m_fsname 2019-11-05 08:28:25 -08:00
xfs_pnfs.h xfs: prepare xfs_break_layouts() for another layout type 2018-05-22 07:19:08 -07:00
xfs_pwork.c xfs: poll waiting for quotacheck 2019-07-03 08:21:58 -07:00
xfs_pwork.h xfs: poll waiting for quotacheck 2019-07-03 08:21:58 -07:00
xfs_qm.c xfs: remove the xfs_quotainfo_t typedef 2019-11-13 18:22:23 -08:00
xfs_qm.h xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_qm_bhv.c xfs: remove the xfs_disk_dquot_t and xfs_dquot_t 2019-11-13 11:13:45 -08:00
xfs_qm_syscalls.c xfs: Replace function declaration by actual definition 2019-11-13 18:22:40 -08:00
xfs_quota.h xfs: kill the xfs_dqtrx_t typedef 2019-04-23 08:36:23 -07:00
xfs_quotaops.c xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_refcount_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_refcount_item.h xfs: merge xfs_cud_init into xfs_trans_get_cud 2019-06-28 19:27:35 -07:00
xfs_reflink.c xfs: introduce XFS_MAX_FILEOFF 2020-01-14 08:02:51 -08:00
xfs_reflink.h xfs: pass two imaps to xfs_reflink_allocate_cow 2019-10-21 09:04:58 -07:00
xfs_rmap_item.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_rmap_item.h xfs: merge xfs_rud_init into xfs_trans_get_rud 2019-06-28 19:27:36 -07:00
xfs_rtalloc.c xfs: don't set bmapi total block req where minleft is 2019-10-23 17:01:08 -07:00
xfs_rtalloc.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_stats.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_stats.h xfs: use offsetof() in place of offset macros for __xfsstats 2018-10-18 17:21:39 +11:00
xfs_super.c xfs: fix s_maxbytes computation on 32-bit kernels 2020-01-14 08:02:53 -08:00
xfs_super.h xfs: include QUOTA, FATAL ASSERT build options in XFS_BUILD_OPTIONS 2019-10-21 09:04:57 -07:00
xfs_symlink.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_symlink.h xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_sysctl.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_sysctl.h xfs: multithreaded iwalk implementation 2019-07-03 07:33:26 -07:00
xfs_sysfs.c xfs: avoid unused to_mp() function warning 2019-09-24 09:40:19 -07:00
xfs_sysfs.h xfs: convert to SPDX license tags 2018-06-06 14:17:53 -07:00
xfs_trace.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_trace.h xfs: don't commit sunit/swidth updates to disk if that would cause repair failures 2019-12-19 07:53:48 -08:00
xfs_trans.c xfs: Remove kmem_zone_free() wrapper 2019-11-18 08:40:44 -08:00
xfs_trans.h xfs: merge xfs_trans_bmap.c into xfs_bmap_item.c 2019-06-28 19:29:42 -07:00
xfs_trans_ail.c xfs: Correct comment tyops -> typos 2019-11-10 10:21:57 -08:00
xfs_trans_buf.c xfs: remove unused header files 2019-06-28 19:30:43 -07:00
xfs_trans_dquot.c xfs: quota: move to time64_t interfaces 2020-01-06 08:57:37 -08:00
xfs_trans_priv.h xfs: don't use xfs_trans_free_items in the commit path 2019-06-28 19:27:31 -07:00
xfs_xattr.c xfs: Remove all strlen in all xfs_attr_* functions for attr names. 2020-01-09 10:55:19 -08:00