linux/fs/btrfs
Liu Bo 97bf5a5589 Btrfs: fix segmentation fault when doing dio read
Commit 2dabb32484 ("Btrfs: Direct I/O read: Work on sectorsized blocks")
introduced this bug during iterating bio pages in dio read's endio hook,
and it could end up with segment fault of the dio reading task.

So the reason is 'if (nr_sectors--)', and it makes the code assume that
there is one more block in the same page, so page offset is increased and
the bio which is created to repair the bad block then has an incorrect
bvec.bv_offset, and a later access of the page content would throw a
segmentation fault.

This also adds ASSERT to check page offset against page size.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-11 18:49:29 +02:00
..
tests btrfs: Make get_extent_t take btrfs_inode 2017-02-28 11:30:11 +01:00
acl.c posix_acl: Clear SGID bit when setting file permissions 2016-09-22 10:55:32 +02:00
async-thread.c btrfs: fix crash when tracepoint arguments are freed by wq callbacks 2017-01-09 11:24:50 +01:00
async-thread.h btrfs: limit async_work allocation and worker func duration 2016-12-13 11:01:30 -08:00
backref.c btrfs: remove unused parameter from __add_inline_refs 2017-02-17 12:03:54 +01:00
backref.h
btrfs_inode.h btrfs: make btrfs_inode_resume_unlocked_dio take btrfs_inode 2017-02-28 11:30:12 +01:00
check-integrity.c btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
check-integrity.h btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
compression.c btrfs: derive maximum output size in the compression implementation 2017-02-28 14:26:36 +01:00
compression.h btrfs: derive maximum output size in the compression implementation 2017-02-28 14:26:36 +01:00
ctree.c Merge branch 'for-chris-4.11-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 2017-02-28 14:35:09 -08:00
ctree.h btrfs: Change qgroup_meta_rsv to 64bit 2017-03-29 14:29:08 +02:00
dedupe.h
delayed-inode.c btrfs: Make btrfs_i_size_write take btrfs_inode 2017-02-28 11:30:06 +01:00
delayed-inode.h btrfs: Make btrfs_inode_delayed_dir_index_count take btrfs_inode 2017-02-14 15:50:53 +01:00
delayed-ref.c btrfs: qgroup: Move half of the qgroup accounting time out of commit trans 2017-02-17 12:03:55 +01:00
delayed-ref.h Btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head 2017-02-14 15:50:59 +01:00
dev-replace.c btrfs: constify device path passed to relevant helpers 2017-02-28 14:26:07 +01:00
dev-replace.h btrfs: constify device path passed to relevant helpers 2017-02-28 14:26:07 +01:00
dir-item.c btrfs: do proper error handling in btrfs_insert_xattr_item 2017-02-28 14:27:11 +01:00
disk-io.c btrfs: Change qgroup_meta_rsv to 64bit 2017-03-29 14:29:08 +02:00
disk-io.h btrfs: constify input buffer of btrfs_csum_data 2017-02-28 14:26:07 +01:00
export.c btrfs: Make btrfs_ino take a struct btrfs_inode 2017-02-14 15:50:51 +01:00
export.h
extent_io.c Btrfs: bring back repair during read 2017-03-29 14:29:07 +02:00
extent_io.h btrfs: add dummy callback for readpage_io_failed and drop checks 2017-02-28 14:29:24 +01:00
extent_map.c
extent_map.h
extent-tree.c Merge branch 'for-chris-4.11-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 2017-02-28 14:35:09 -08:00
file-item.c Merge branch 'for-chris-4.11-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 2017-02-28 14:35:09 -08:00
file.c btrfs: Make get_extent_t take btrfs_inode 2017-02-28 11:30:11 +01:00
free-space-cache.c btrfs: all btrfs_delalloc_release_metadata take btrfs_inode 2017-02-28 11:30:07 +01:00
free-space-cache.h btrfs: free-space-cache, clean up unnecessary root arguments 2017-02-17 12:03:56 +01:00
free-space-tree.c btrfs: remove unused parameter from clean_tree_block 2017-02-17 12:03:51 +01:00
free-space-tree.h
hash.c
hash.h
inode-item.c btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
inode-map.c btrfs: all btrfs_delalloc_release_metadata take btrfs_inode 2017-02-28 11:30:07 +01:00
inode-map.h
inode.c Btrfs: fix segmentation fault when doing dio read 2017-04-11 18:49:29 +02:00
ioctl.c btrfs: constify name of subvolume in creation helpers 2017-02-28 14:26:08 +01:00
Kconfig
locking.c
locking.h
lzo.c btrfs: derive maximum output size in the compression implementation 2017-02-28 14:26:36 +01:00
Makefile
math.h
ordered-data.c btrfs: Make btrfs_lookup_ordered_range take btrfs_inode 2017-02-28 11:30:08 +01:00
ordered-data.h btrfs: Make btrfs_lookup_ordered_range take btrfs_inode 2017-02-28 11:30:08 +01:00
orphan.c
print-tree.c btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
print-tree.h btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
props.c btrfs: Make btrfs_ino take a struct btrfs_inode 2017-02-14 15:50:51 +01:00
props.h
qgroup.c btrfs: Change qgroup_meta_rsv to 64bit 2017-03-29 14:29:08 +02:00
qgroup.h btrfs: qgroup: Move half of the qgroup accounting time out of commit trans 2017-02-17 12:03:55 +01:00
raid56.c btrfs: raid56: Remove unused variable in lock_stripe_add 2017-02-14 15:50:59 +01:00
raid56.h btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
rcu-string.h
reada.c btrfs: take an fs_info directly when the root is not used otherwise 2016-12-06 16:06:59 +01:00
relocation.c btrfs: Make btrfs_orphan_add take btrfs_inode 2017-02-28 11:30:10 +01:00
root-tree.c Btrfs: constify struct btrfs_{,disk_}key wherever possible 2017-02-14 15:50:58 +01:00
scrub.c btrfs: Make check_extent_to_block take btrfs_inode 2017-02-28 11:30:11 +01:00
send.c Btrfs: fix an integer overflow check 2017-03-29 14:29:08 +02:00
send.h
struct-funcs.c
super.c btrfs: drop the nossd flag when remounting with -o ssd 2017-04-11 18:48:59 +02:00
sysfs.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00
sysfs.h
transaction.c btrfs: Make btrfs_i_size_write take btrfs_inode 2017-02-28 11:30:06 +01:00
transaction.h btrfs: remove root parameter from transaction commit/end routines 2016-12-06 16:07:00 +01:00
tree-defrag.c
tree-log.c Merge branch 'for-chris-4.11-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 2017-02-28 14:35:09 -08:00
tree-log.h btrfs: Make btrfs_del_inode_ref take btrfs_inode 2017-02-14 15:50:54 +01:00
ulist.c btrfs: ulist: rename ulist_fini to ulist_release 2017-02-17 12:03:50 +01:00
ulist.h btrfs: ulist: rename ulist_fini to ulist_release 2017-02-17 12:03:50 +01:00
uuid-tree.c btrfs: return the actual error value from from btrfs_uuid_tree_iterate 2016-12-19 18:08:15 +01:00
volumes.c btrfs: handle allocation error in update_dev_stat_item 2017-02-28 14:27:11 +01:00
volumes.h btrfs: constify device path passed to relevant helpers 2017-02-28 14:26:07 +01:00
xattr.c btrfs: fix over-80 lines introduced by previous cleanups 2017-02-14 15:50:57 +01:00
xattr.h
zlib.c btrfs: derive maximum output size in the compression implementation 2017-02-28 14:26:36 +01:00