iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Filipe Manana 2e6e518335 Btrfs: fix block group ->space_info null pointer dereference 
When we create a block group we add it to the rbtree of block groups
before setting its ->space_info field (while it's NULL). This is
problematic since other tasks can access the block group from the
rbtree and attempt to use its ->space_info before it is set by
btrfs_make_block_group().

This can happen for example when a concurrent fitrim ioctl operation
is ongoing, which produces a trace like the following when
CONFIG_DEBUG_PAGEALLOC is set.

[11509.604369] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[11509.606373] IP: [<ffffffff8107d675>] __lock_acquire+0xb4/0xf02
[11509.608179] PGD 2296a8067 PUD 22f4a2067 PMD 0
[11509.608179] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[11509.608179] Modules linked in: btrfs crc32c_generic xor raid6_pq nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc loop fuse acpi_cpufreq processor i2c_piix4 psmou
[11509.608179] CPU: 10 PID: 8538 Comm: fstrim Tainted: G        W       4.0.0-rc5-btrfs-next-9+ #2
[11509.608179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[11509.608179] task: ffff88009f5c46d0 ti: ffff8801b3edc000 task.ti: ffff8801b3edc000
[11509.608179] RIP: 0010:[<ffffffff8107d675>]  [<ffffffff8107d675>] __lock_acquire+0xb4/0xf02
[11509.608179] RSP: 0018:ffff8801b3edf9e8  EFLAGS: 00010002
[11509.608179] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000000
[11509.608179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000018
[11509.608179] RBP: ffff8801b3edfaa8 R08: 0000000000000001 R09: 0000000000000000
[11509.608179] R10: 0000000000000000 R11: ffff88009f5c4f98 R12: 0000000000000000
[11509.608179] R13: 0000000000000000 R14: 0000000000000018 R15: ffff88009f5c46d0
[11509.608179] FS:  00007f280a10e840(0000) GS:ffff88023ed40000(0000) knlGS:0000000000000000
[11509.608179] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[11509.608179] CR2: 0000000000000018 CR3: 00000002119bc000 CR4: 00000000000006e0
[11509.608179] Stack:
[11509.608179]  0000000000000000 0000000000000000 0000000000000004 0000000000000000
[11509.608179]  ffff880100000000 ffffffff00000000 0000000000000001 ffffffff00000000
[11509.608179]  0000000000000001 0000000000000000 ffff880100000000 00000000000006c4
[11509.608179] Call Trace:
[11509.608179]  [<ffffffff8107dc57>] ? __lock_acquire+0x696/0xf02
[11509.608179]  [<ffffffff8107e806>] lock_acquire+0xa5/0x116
[11509.608179]  [<ffffffffa04cc876>] ? do_trimming+0x51/0x145 [btrfs]
[11509.608179]  [<ffffffff81434f37>] _raw_spin_lock+0x34/0x44
[11509.608179]  [<ffffffffa04cc876>] ? do_trimming+0x51/0x145 [btrfs]
[11509.608179]  [<ffffffffa04cc876>] do_trimming+0x51/0x145 [btrfs]
[11509.608179]  [<ffffffffa04cde7d>] btrfs_trim_block_group+0x201/0x491 [btrfs]
[11509.608179]  [<ffffffffa04849e2>] btrfs_trim_fs+0xe0/0x129 [btrfs]
[11509.608179]  [<ffffffffa04bb80a>] btrfs_ioctl_fitrim+0x138/0x167 [btrfs]
[11509.608179]  [<ffffffffa04c002f>] btrfs_ioctl+0x50d/0x21e8 [btrfs]
[11509.608179]  [<ffffffff81123bda>] ? might_fault+0x58/0xb5
[11509.608179]  [<ffffffff81123bda>] ? might_fault+0x58/0xb5
[11509.608179]  [<ffffffff81123bda>] ? might_fault+0x58/0xb5
[11509.608179]  [<ffffffff81158050>] ? cp_new_stat+0x147/0x15e
[11509.608179]  [<ffffffff81163041>] do_vfs_ioctl+0x3c6/0x479
[11509.608179]  [<ffffffff81158116>] ? SYSC_newfstat+0x25/0x2e
[11509.608179]  [<ffffffff81435b54>] ? ret_from_sys_call+0x1d/0x58
[11509.608179]  [<ffffffff8116b915>] ? __fget_light+0x2d/0x4f
[11509.608179]  [<ffffffff8116314e>] SyS_ioctl+0x5a/0x7f
[11509.608179]  [<ffffffff81435b32>] system_call_fastpath+0x12/0x17
[11509.608179] Code: f4 01 00 0f 85 c0 00 00 00 48 c7 c1 f3 1f 7d 81 48 c7 c2 aa cb 7c 81 be fc 0b 00 00 eb 70 83 3d 61 eb 9c 00 00 0f 84 a5 00 00 00 <49> 81 3e 40 a3 2b 82 b8 00 00 00
[11509.608179] RIP  [<ffffffff8107d675>] __lock_acquire+0xb4/0xf02
[11509.608179]  RSP <ffff8801b3edf9e8>
[11509.608179] CR2: 0000000000000018
[11509.608179] ---[ end trace 570a5c6769f0e49a ]---

Which corresponds to the following access in fs/btrfs/free-space-cache.c:

  static int do_trimming(struct btrfs_block_group_cache *block_group,
                         u64 *total_trimmed, u64 start, u64 bytes,
                         u64 reserved_start, u64 reserved_bytes,
                         struct btrfs_trim_range *trim_entry)
  {
       struct btrfs_space_info *space_info = block_group->space_info;
  (...)
       spin_lock(&space_info->lock);
       ^^^^^ - block_group->space_info is NULL...

Fix this by ensuring the block group's ->space_info is set before adding
the block group to the rbtree.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-06-02 19:34:36 -07:00
..
9p
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
adfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
affs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
afs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
autofs4
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
befs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
bfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
btrfs
Btrfs: fix block group ->space_info null pointer dereference
2015-06-02 19:34:36 -07:00
cachefiles
VFS: fs/cachefiles: d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
ceph
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
cifs
CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE
2015-05-20 13:25:55 -05:00
coda
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
configfs
configfs: init configfs module earlier at boot time
2015-05-05 17:10:11 -07:00
cramfs
debugfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
devpts
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
dlm
netlink: make nlmsg_end() and genlmsg_end() void
2015-01-18 01:03:45 -05:00
ecryptfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
efivarfs
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2015-05-06 10:57:37 -07:00
efs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
exofs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
exportfs
VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry)
2015-02-22 11:38:41 -05:00
ext2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ext3
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ext4
ext4: fix an ext3 collapse range regression in xfstests
2015-05-15 00:24:10 -04:00
f2fs
f2fs: fix wrong error hanlder in f2fs_follow_link
2015-05-04 14:15:16 -07:00
fat
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
freevxfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
fscache
fuse
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
gfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hfsplus
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hostfs
hostfs: Use correct mask for file mode
2015-05-04 14:50:29 +02:00
hpfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
hppfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
hugetlbfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
isofs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
jbd
jbd2
jbd2: fix r_count overflows leading to buffer overflow in journal recovery
2015-05-14 19:11:50 -04:00
jffs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
jfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
kernfs
kernfs: do not account ino_ida allocations to memcg
2015-05-14 17:55:51 -07:00
lockd
nfsd: eliminate NFSD_DEBUG
2015-04-21 16:16:02 -04:00
logfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
minix
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
ncpfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
nfs
nfs: take extra reference to fl->fl_file when running a setlk
2015-05-13 14:56:06 -04:00
nfs_common
nfsd
nfsd: skip CB_NULL probes for 4.1 or later
2015-05-04 12:02:42 -04:00
nilfs2
nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()
2015-05-05 17:10:11 -07:00
nls
notify
fanotify: fix event filtering with FAN_ONDIR set
2015-03-12 18:46:08 -07:00
ntfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
ocfs2
ocfs2: dlm: fix race between purge and get lock resource
2015-05-05 17:10:11 -07:00
omfs
omfs: fix potential integer overflow in allocator
2015-05-28 18:25:19 -07:00
openpromfs
overlayfs
ovl: mount read-only if workdir can't be created
2015-05-19 14:30:12 +02:00
proc
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
pstore
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
qnx4
qnx6
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
quota
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ramfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
reiserfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
romfs
make new_sync_{read,write}() static
2015-04-11 22:29:40 -04:00
squashfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
sysfs
sysfs: Only accept read/write permissions for file attributes
2015-03-25 13:27:57 +01:00
sysv
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
tracefs
tracing: Have mkdir and rmdir be part of tracefs
2015-02-03 12:48:43 -05:00
ubifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
udf
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ufs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
xfs
xfs: fix broken i_nlink accounting for whiteout tmpfile inode
2015-05-29 08:14:55 +10:00
aio.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-16 23:27:56 -04:00
anon_inodes.c
attr.c
bad_inode.c
don't bother with most of the bad_file_ops methods
2015-02-20 04:03:58 -05:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
2015-05-28 18:25:18 -07:00
binfmt_em86.c
syscalls: implement execveat() system call
2014-12-13 12:42:51 -08:00
binfmt_flat.c
binfmt_misc.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
binfmt_script.c
syscalls: implement execveat() system call
2014-12-13 12:42:51 -08:00
block_dev.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
buffer.c
page_writeback: clean up mess around cancel_dirty_page()
2015-04-14 16:49:01 -07:00
char_dev.c
fs: introduce f_op->mmap_capabilities for nommu mmap support
2015-01-20 14:02:58 -07:00
compat_binfmt_elf.c
compat_ioctl.c
Bluetooth: bnep: Add support for get bnep features via ioctl
2015-04-03 23:21:34 +02:00
compat.c
coredump.c
coredump: accept any write method
2015-04-11 22:29:39 -04:00
dax.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
dcache.c
d_walk() might skip too much
2015-05-28 23:45:30 -04:00
dcookies.c
direct-io.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
drop_caches.c
vmscan: per memory cgroup slab shrinkers
2015-02-12 18:54:09 -08:00
eventfd.c
eventfd: don't take the spinlock in eventfd_poll
2015-02-17 14:34:52 -08:00
eventpoll.c
epoll: optimize setting task running after blocking
2015-02-13 21:21:40 -08:00
exec.c
parisc,metag: Fix crashes due to stack randomization on stack-grows-upwards architectures
2015-05-12 22:03:44 +02:00
fcntl.c
vfs: renumber FMODE_NONOTIFY and add to uniqueness check
2015-01-08 15:10:52 -08:00
fhandle.c
file_table.c
->aio_read and ->aio_write removed
2015-04-11 22:29:43 -04:00
file.c
mm: rcu-protected get_mm_exe_file()
2015-04-17 09:04:07 -04:00
filesystems.c
fs_pin.c
fs_pin: Allow for the possibility that m_list or s_list go unused.
2015-04-09 11:39:55 -05:00
fs_struct.c
fs-writeback.c
fs: add dirtytime_expire_seconds sysctl
2015-03-17 12:23:32 -04:00
inode.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
internal.h
trylock_super(): replacement for grab_super_passive()
2015-02-22 11:38:42 -05:00
ioctl.c
fsioctl.c: make generic_block_fiemap() signal-tolerant
2015-02-10 14:30:30 -08:00
Kconfig
f2fs: relocate Kconfig from misc filesystems
2015-04-10 15:08:35 -07:00
Kconfig.binfmt
mm: split ET_DYN ASLR from mmap ASLR
2015-04-14 16:49:05 -07:00
libfs.c
VFS: fs library helpers: d_inode() annotations
2015-04-15 15:06:58 -04:00
locks.c
proc: show locks in /proc/pid/fdinfo/X
2015-04-17 09:04:12 -04:00
Makefile
This adds the new tracefs file system. This has been in linux-next for
2015-04-14 10:22:29 -07:00
mbcache.c
mount.h
switch the IO-triggering parts of umount to fs_pin
2015-01-25 23:17:29 -05:00
mpage.c
namei.c
path_openat(): fix double fput()
2015-05-09 00:12:48 -04:00
namespace.c
mnt: Fix fs_fully_visible to verify the root directory is visible
2015-05-09 11:55:50 -05:00
no-block.c
nsfs.c
VFS: assorted weird filesystems: d_inode() annotations
2015-04-15 15:06:58 -04:00
open.c
xfs: update for 4.1-rc1
2015-04-24 07:08:41 -07:00
pipe.c
VFS: assorted weird filesystems: d_inode() annotations
2015-04-15 15:06:58 -04:00
pnode.c
mnt: Don't propagate unmounts to locked mounts
2015-04-02 20:34:20 -05:00
pnode.h
mnt: Honor MNT_LOCKED when detaching mounts
2015-04-09 11:39:55 -05:00
posix_acl.c
VFS: assorted d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
proc_namespace.c
vfs: add support for a lazytime mount option
2015-02-05 02:45:00 -05:00
read_write.c
new_sync_write(): discard ->ki_pos unless the return value is positive
2015-04-11 22:29:46 -04:00
readdir.c
select.c
all arches, signal: move restart_block to struct task_struct
2015-02-12 18:54:12 -08:00
seq_file.c
bitmap, cpumask, nodemask: remove dedicated formatting functions
2015-02-13 21:21:39 -08:00
signalfd.c
splice.c
splice: sendfile() at once fails for big files
2015-05-06 09:27:41 -06:00
stack.c
stat.c
VFS: assorted d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
statfs.c
super.c
cleancache: remove limit on the number of cleancache enabled filesystems
2015-04-14 16:49:03 -07:00
sync.c
vfs: add support for a lazytime mount option
2015-02-05 02:45:00 -05:00
timerfd.c
utimes.c
xattr.c