linux

iv/linux

History

Brian Foster 4d09807f20 xfs: fix use after free in buf log item unlock assert

The xfs_buf_log_item ->iop_unlock() callback asserts that the buffer
is unlocked when either non-stale or aborted. This assert occurs
after the bli refcount has been dropped and the log item potentially
freed. The aborted check is thus a potential use after free. This
problem has been reproduced with KASAN enabled via generic/475.

Fix up xfs_buf_item_unlock() to query aborted state before the bli
reference is dropped to prevent a potential use after free.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>

2019-04-14 18:15:56 -07:00

libxfs

xfs: always init bma in xfs_bmapi_write

2019-03-19 08:16:54 -07:00

scrub

xfs: fix btree scrub checking with regards to root-in-inode

2019-03-19 08:16:41 -07:00

Kconfig

xfs: implement the metadata repair ioctl flag

2018-05-15 18:12:50 -07:00

kmem.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

kmem.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

Makefile

xfs: move the repair extent list into its own file

2018-07-29 22:37:09 -07:00

mrlock.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_acl.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_acl.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_aops.c

for-5.1/block-20190302

2019-03-08 14:12:17 -08:00

xfs_aops.h

xfs: remove the io_type field from the writeback context and ioend

2019-02-17 11:55:53 -08:00

xfs_attr_inactive.c

xfs: remove all boilerplate defer init/finish code

2018-07-26 10:15:15 -07:00

xfs_attr_list.c

xfs: don't overflow xattr listent buffer

2019-02-14 09:36:52 -08:00

xfs_bmap_item.c

xfs: pass transaction to xfs_defer_add()

2018-08-02 23:05:14 -07:00

xfs_bmap_item.h

xfs: use transaction for intent recovery instead of raw dfops

2018-08-02 23:05:13 -07:00

xfs_bmap_util.c

xfs: introduce an always_cow mode

2019-02-21 07:55:07 -08:00

xfs_bmap_util.h

xfs: flush removing page cache in xfs_reflink_remap_prep

2018-11-21 10:10:53 -08:00

xfs_buf_item.c

xfs: fix use after free in buf log item unlock assert

2019-04-14 18:15:56 -07:00

xfs_buf_item.h

xfs: refactor xfs_buf_log_item reference count handling

2018-09-29 13:45:26 +10:00

xfs_buf.c

xfs: fix xfs_buf magic number endian checks

2019-02-18 09:38:41 -08:00

xfs_buf.h

xfs: fix xfs_buf magic number endian checks

2019-02-18 09:38:41 -08:00

xfs_dir2_readdir.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_discard.c

xfs: prohibit fstrim in norecovery mode

2019-03-25 08:03:29 -07:00

xfs_discard.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

xfs_dquot_item.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_dquot_item.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_dquot.c

xfs: remove dead error handling code in xfs_dquot_disk_alloc()

2018-08-07 10:57:13 -07:00

xfs_dquot.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_error.c

xfs: cache unlinked pointers in an rhashtable

2019-02-11 16:07:01 -08:00

xfs_error.h

xfs: Introduce XFS_PTAG_VERIFIER_ERROR panic mask

2019-02-11 16:07:00 -08:00

xfs_export.c

xfs: clean up IRELE/iput callsites

2018-07-26 10:15:16 -07:00

xfs_export.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_extent_busy.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_extent_busy.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_extfree_item.c

xfs: remove xfs_rmap_ag_owner and friends

2018-12-12 08:47:16 -08:00

xfs_extfree_item.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_file.c

xfs: serialize unaligned dio writes against all other dio writes

2019-03-26 08:37:55 -07:00

xfs_filestream.c

xfs: replace dop_low with transaction flag

2018-08-02 23:05:13 -07:00

xfs_filestream.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_fsmap.c

xfs: trivial xfs_btree_del_cursor cleanups

2018-07-23 09:08:00 -07:00

xfs_fsmap.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_fsops.c

xfs: reserve blocks for ifree transaction during log recovery

2019-02-14 22:42:57 -08:00

xfs_fsops.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_globals.c

xfs: Introduce XFS_PTAG_VERIFIER_ERROR panic mask

2019-02-11 16:07:00 -08:00

xfs_icache.c

xfs: introduce a new xfs_inode_has_cow_data helper

2018-07-30 07:57:48 -07:00

xfs_icache.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_icreate_item.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_icreate_item.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_inode_item.c

xfs: remove if_real_bytes

2018-07-30 07:57:48 -07:00

xfs_inode_item.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_inode.c

xfs: don't ever put nlink > 0 inodes on the unlinked list

2019-02-14 22:42:57 -08:00

xfs_inode.h

xfs: cache unlinked pointers in an rhashtable

2019-02-11 16:07:01 -08:00

xfs_ioctl32.c

xfs: Fix x32 ioctls when cmd numbers differ from ia32.

2018-12-18 10:55:21 -08:00

xfs_ioctl32.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_ioctl.c

xfs: Fix error code in 'xfs_ioc_getbmap()'

2018-11-06 07:50:50 -08:00

xfs_ioctl.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_iomap.c

xfs: rework breaking of shared extents in xfs_file_iomap_begin

2019-02-25 09:26:18 -08:00

xfs_iomap.h

xfs: fix SEEK_DATA for speculative COW fork preallocation

2019-02-21 07:55:07 -08:00

xfs_iops.c

xfs: fix reporting supported extra file attributes for statx()

2019-03-01 08:57:25 -08:00

xfs_iops.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_itable.c

xfs: precalculate inodes and blocks per inode cluster

2018-12-12 08:47:17 -08:00

xfs_itable.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_linux.h

xfs: replace do_mod with native operations

2018-06-08 10:07:52 -07:00

xfs_log_cil.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_log_priv.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_log_recover.c

xfs: fix xfs_buf magic number endian checks

2019-02-18 09:38:41 -08:00

xfs_log.c

xfs: fix a comment in xfs_log_reserve

2018-08-03 08:17:54 -07:00

xfs_log.h

xfs: refactor log recovery check

2018-08-01 07:40:48 -07:00

xfs_message.c

xfs: print buffer offsets when dumping corrupt buffers

2018-11-06 07:50:50 -08:00

xfs_message.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

xfs_mount.c

xfs: cache unlinked pointers in an rhashtable

2019-02-11 16:07:01 -08:00

xfs_mount.h

xfs: introduce an always_cow mode

2019-02-21 07:55:07 -08:00

xfs_mru_cache.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_mru_cache.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_ondisk.h

xfs: compile time offset checks for common v4/v5 metadata

2019-02-11 16:07:01 -08:00

xfs_pnfs.c

xfs: make xfs_bmbt_to_iomap more useful

2019-02-21 07:55:07 -08:00

xfs_pnfs.h

xfs: prepare xfs_break_layouts() for another layout type

2018-05-22 07:19:08 -07:00

xfs_qm_bhv.c

fs/xfs: fix f_ffree value for statfs when project quota is set

2018-11-26 15:01:37 -08:00

xfs_qm_syscalls.c

xfs: clean up IRELE/iput callsites

2018-07-26 10:15:16 -07:00

xfs_qm.c

xfs: clean up IRELE/iput callsites

2018-07-26 10:15:16 -07:00

xfs_qm.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_quota.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_quotaops.c

xfs: clean up IRELE/iput callsites

2018-07-26 10:15:16 -07:00

xfs_refcount_item.c

xfs: pass transaction to xfs_defer_add()

2018-08-02 23:05:14 -07:00

xfs_refcount_item.h

xfs: use transaction for intent recovery instead of raw dfops

2018-08-02 23:05:13 -07:00

xfs_reflink.c

xfs: fix uninitialized error variables

2019-02-25 10:16:41 -08:00

xfs_reflink.h

xfs: don't pass iomap flags to xfs_reflink_allocate_cow

2019-02-25 09:04:31 -08:00

xfs_rmap_item.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_rmap_item.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_rtalloc.c

xfs: reallocate realtime summary cache on growfs

2018-12-21 18:45:18 -08:00

xfs_rtalloc.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_stats.c

xfs: use offsetof() in place of offset macros for __xfsstats

2018-10-18 17:21:39 +11:00

xfs_stats.h

xfs: use offsetof() in place of offset macros for __xfsstats

2018-10-18 17:21:39 +11:00

xfs_super.c

xfs: introduce an always_cow mode

2019-02-21 07:55:07 -08:00

xfs_super.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_symlink.c

xfs: zero length symlinks are not valid

2018-12-12 08:47:15 -08:00

xfs_symlink.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_sysctl.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_sysctl.h

xfs: introduce an always_cow mode

2019-02-21 07:55:07 -08:00

xfs_sysfs.c

xfs: introduce an always_cow mode

2019-02-21 07:55:07 -08:00

xfs_sysfs.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_trace.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_trace.h

xfs: merge COW handling into xfs_file_iomap_begin_delay

2019-02-21 07:55:07 -08:00

xfs_trans_ail.c

xfs: clear ail delwri queued bufs on unmount of shutdown fs

2018-10-18 17:21:49 +11:00

xfs_trans_bmap.c

xfs: remove duplicated xfs_defer.h

2019-02-11 16:07:00 -08:00

xfs_trans_buf.c

xfs: clarify documentation for the function to reverify buffers

2019-02-11 16:07:01 -08:00

xfs_trans_dquot.c

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_trans_extfree.c

xfs: remove duplicated xfs_defer.h

2019-02-11 16:07:00 -08:00

xfs_trans_inode.c

vfs/y2038: inode timestamps conversion to timespec64

2018-06-15 07:31:07 +09:00

xfs_trans_priv.h

xfs: convert to SPDX license tags

2018-06-06 14:17:53 -07:00

xfs_trans_refcount.c

xfs: remove duplicated xfs_defer.h

2019-02-11 16:07:00 -08:00

xfs_trans_rmap.c

xfs: remove duplicated xfs_defer.h

2019-02-11 16:07:00 -08:00

xfs_trans.c

xfs: avoid lockdep false positives in xfs_trans_alloc

2018-09-29 13:46:21 +10:00

xfs_trans.h

xfs: const-ify xfs_owner_info arguments

2018-12-12 08:47:16 -08:00

xfs_xattr.c

xfs: don't overflow xattr listent buffer

2019-02-14 09:36:52 -08:00

xfs.h

xfs: remove b_last_holder & associated macros

2018-08-12 08:37:31 -07:00