linux

iv/linux

History

Darrick J. Wong c95356ca88 xfs: _{attr,data}_map_shared should take ILOCK_EXCL until iread_extents is completely done While fuzzing the data fork extent count on a btree-format directory with xfs/375, I observed the following (excerpted) splat: XFS: Assertion failed: xfs_isilocked(ip, XFS_ILOCK_EXCL), file: fs/xfs/libxfs/xfs_bmap.c, line: 1208 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 43192 at fs/xfs/xfs_message.c:104 assfail+0x46/0x4a [xfs] Call Trace: <TASK> xfs_iread_extents+0x1af/0x210 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xchk_dir_walk+0xb8/0x190 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xchk_parent_count_parent_dentries+0x41/0x80 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xchk_parent_validate+0x199/0x2e0 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xchk_parent+0xdf/0x130 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xfs_scrub_metadata+0x2b8/0x730 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xfs_scrubv_metadata+0x38b/0x4d0 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xfs_ioc_scrubv_metadata+0x111/0x160 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] xfs_file_ioctl+0x367/0xf50 [xfs 09f66509ece4938760fac7de64732a0cbd3e39cd] __x64_sys_ioctl+0x82/0xa0 do_syscall_64+0x2b/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The cause of this is a race condition in xfs_ilock_data_map_shared, which performs an unlocked access to the data fork to guess which lock mode it needs: Thread 0 Thread 1 xfs_need_iread_extents <observe no iext tree> xfs_ilock(..., ILOCK_EXCL) xfs_iread_extents <observe no iext tree> <check ILOCK_EXCL> <load bmbt extents into iext> <notice iext size doesn't match nextents> xfs_need_iread_extents <observe iext tree> xfs_ilock(..., ILOCK_SHARED) <tear down iext tree> xfs_iunlock(..., ILOCK_EXCL) xfs_iread_extents <observe no iext tree> <check ILOCK_EXCL> BOOM Fix this race by adding a flag to the xfs_ifork structure to indicate that we have not yet read in the extent records and changing the predicate to look at the flag state, not if_height. The memory barrier ensures that the flag will not be set until the very end of the function. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com>		2023-04-12 15:49:10 +10:00
..
libxfs	xfs: _{attr,data}_map_shared should take ILOCK_EXCL until iread_extents is completely done	2023-04-12 15:49:10 +10:00
scrub	xfs: introduce xfs_alloc_vextent_exact_bno()	2023-02-13 09:14:54 +11:00
Kconfig
kmem.c
kmem.h
Makefile	xfs: test dir/attr hash when loading module	2023-03-19 09:55:49 -07:00
mrlock.h
xfs_acl.c	fs: port acl to mnt_idmap	2023-01-19 09:24:28 +01:00
xfs_acl.h	fs: port ->set_acl() to pass mnt_idmap	2023-01-19 09:24:27 +01:00
xfs_aops.c	xfs: fix off-by-one-block in xfs_discard_folio()	2023-03-05 15:13:23 -08:00
xfs_aops.h
xfs_attr_inactive.c	xfs: don't leak memory when attr fork loading fails	2022-07-20 16:40:39 -07:00
xfs_attr_item.c	xfs: dump corrupt recovered log intent items to dmesg consistently	2022-10-31 08:58:20 -07:00
xfs_attr_item.h
xfs_attr_list.c	xfs: use XFS_IFORK_Q to determine the presence of an xattr fork	2022-07-09 15:17:21 -07:00
xfs_bio_io.c	fs/xfs: Use the enum req_op and blk_opf_t types	2022-07-14 12:14:33 -06:00
xfs_bmap_item.c	xfs: fix confusing variable names in xfs_bmap_item.c	2023-02-05 08:48:11 -08:00
xfs_bmap_item.h
xfs_bmap_util.c	xfs: t_firstblock is tracking AGs not blocks	2023-02-11 04:11:06 +11:00
xfs_bmap_util.h	xfs: xfs_bmap_punch_delalloc_range() should take a byte range	2022-11-29 09:09:17 +11:00
xfs_buf_item_recover.c
xfs_buf_item.c	xfs: fix super block buf log item UAF during force shutdown	2022-11-30 09:25:46 -08:00
xfs_buf_item.h
xfs_buf.c	xfs: invalidate block device page cache during unmount	2022-11-30 08:55:18 -08:00
xfs_buf.h	xfs: xfs_buf cache destroy isn't RCU safe	2022-07-20 16:40:39 -07:00
xfs_dahash_test.c	xfs: test dir/attr hash when loading module	2023-03-19 09:55:49 -07:00
xfs_dahash_test.h	xfs: test dir/attr hash when loading module	2023-03-19 09:55:49 -07:00
xfs_dir2_readdir.c	xfs: rearrange the logic and remove the broken comment for xfs_dir2_isxx	2022-10-04 16:39:58 +11:00
xfs_discard.c	xfs: convert trim to use for_each_perag_range	2023-02-13 09:14:54 +11:00
xfs_discard.h
xfs_dquot_item_recover.c
xfs_dquot_item.c
xfs_dquot_item.h
xfs_dquot.c	xfs: remove WARN when dquot cache insertion fails	2023-04-12 15:48:59 +10:00
xfs_dquot.h
xfs_error.c	xfs: make kobj_type structures constant	2023-02-10 08:59:48 -08:00
xfs_error.h	xfs: allow setting full range of panic tags	2023-02-09 18:36:17 -08:00
xfs_export.c
xfs_export.h
xfs_extent_busy.c	xfs: fix extent busy updating	2023-01-05 07:34:21 -08:00
xfs_extent_busy.h
xfs_extfree_item.c	xfs: fix confusing xfs_extent_item variable names	2023-02-05 08:48:11 -08:00
xfs_extfree_item.h	xfs: refactor all the EFI/EFD log item sizeof logic	2022-10-31 08:58:20 -07:00
xfs_file.c	- Daniel Verkamp has contributed a memfd series ("mm/memfd: add	2023-02-23 17:09:35 -08:00
xfs_filestream.c	xfs: refactor the filestreams allocator pick functions	2023-02-13 09:14:56 +11:00
xfs_filestream.h	xfs: pass perag to filestreams tracing	2023-02-13 09:14:56 +11:00
xfs_fsmap.c	xfs: fix uninitialized variable access	2023-02-14 17:51:35 -08:00
xfs_fsmap.h
xfs_fsops.c	- The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe	2022-08-05 16:32:45 -07:00
xfs_fsops.h
xfs_globals.c	xfs: allow setting full range of panic tags	2023-02-09 18:36:17 -08:00
xfs_health.c
xfs_icache.c	xfs: convert xfs_imap() to take a perag	2023-02-13 09:14:52 +11:00
xfs_icache.h	xfs: introduce xfs_inodegc_push()	2022-06-23 13:34:38 -07:00
xfs_icreate_item.c
xfs_icreate_item.h
xfs_inode_item_recover.c	xfs: clean up "%Ld/%Lu" which doesn't meet C standard	2022-09-19 06:47:14 +10:00
xfs_inode_item.c	xfs: remove the redundant word in comment	2022-09-19 06:45:14 +10:00
xfs_inode_item.h
xfs_inode.c	New code for 6.3-rc1, part 2:	2023-02-28 16:08:30 -08:00
xfs_inode.h	fs: port inode_init_owner() to mnt_idmap	2023-01-19 09:24:28 +01:00
xfs_ioctl32.c	fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap	2023-01-19 09:24:29 +01:00
xfs_ioctl32.h
xfs_ioctl.c	fs.idmapped.v6.3	2023-02-20 11:53:11 -08:00
xfs_ioctl.h	fs: port ->fileattr_set() to pass mnt_idmap	2023-01-19 09:24:27 +01:00
xfs_iomap.c	xfs: pass the correct cursor to xfs_iomap_prealloc_size	2023-03-24 08:40:01 -07:00
xfs_iomap.h	xfs: use iomap_valid method to detect stale cached iomaps	2022-11-29 09:09:17 +11:00
xfs_iops.c	fs: port vfs{g,u}id helpers to mnt_idmap	2023-01-19 09:24:30 +01:00
xfs_iops.h	fs: port ->setattr() to pass mnt_idmap	2023-01-19 09:24:02 +01:00
xfs_itable.c	fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap	2023-01-19 09:24:29 +01:00
xfs_itable.h	fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap	2023-01-19 09:24:29 +01:00
xfs_iunlink_item.c	xfs: add in-memory iunlink log item	2022-07-14 11:47:42 +10:00
xfs_iunlink_item.h	xfs: add in-memory iunlink log item	2022-07-14 11:47:42 +10:00
xfs_iwalk.c	xfs: inobt can use perags in many more places than it does	2023-02-13 09:14:52 +11:00
xfs_iwalk.h
xfs_linux.h	filelock: move file locking definitions to separate header file	2023-01-11 06:52:32 -05:00
xfs_log_cil.c	xfs: xlog_sync() manually adjusts grant head space	2022-07-07 18:56:09 +10:00
xfs_log_priv.h	xfs: xlog_sync() manually adjusts grant head space	2022-07-07 18:56:09 +10:00
xfs_log_recover.c	xfs: avoid a UAF when log intent item recovery fails	2022-10-18 14:39:29 -07:00
xfs_log.c	xfs: wait iclog complete before tearing down AIL	2022-11-30 09:25:46 -08:00
xfs_log.h	xfs: move CIL ordering to the logvec chain	2022-07-07 18:56:08 +10:00
xfs_message.c
xfs_message.h
xfs_mount.c	xfs: fix sb write verify for lazysbcount	2022-11-16 19:20:20 -08:00
xfs_mount.h	xfs: convert xfs_ialloc_next_ag() to an atomic	2023-02-13 09:14:52 +11:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_notify_failure.c	xfs: changes for 6.1-rc1	2022-10-10 20:32:10 -07:00
xfs_ondisk.h	xfs: fix memcpy fortify errors in EFI log format copying	2022-10-31 08:58:20 -07:00
xfs_pnfs.c	fs: port ->setattr() to pass mnt_idmap	2023-01-19 09:24:02 +01:00
xfs_pnfs.h
xfs_pwork.c
xfs_pwork.h
xfs_qm_bhv.c
xfs_qm_syscalls.c	xfs: introduce xfs_inodegc_push()	2022-06-23 13:34:38 -07:00
xfs_qm.c	xfs: quotacheck failure can race with background inode inactivation	2023-03-05 15:13:22 -08:00
xfs_qm.h
xfs_quota.h
xfs_quotaops.c
xfs_refcount_item.c	xfs: fix confusing variable names in xfs_refcount_item.c	2023-02-05 08:48:12 -08:00
xfs_refcount_item.h
xfs_reflink.c	xfs: active perag reference counting	2023-02-13 09:14:42 +11:00
xfs_reflink.h	xfs: pass perag to xfs_alloc_read_agf()	2022-07-07 19:07:40 +10:00
xfs_rmap_item.c	xfs: fix confusing variable names in xfs_rmap_item.c	2023-02-05 08:48:11 -08:00
xfs_rmap_item.h
xfs_rtalloc.c	xfs: make rtbitmap ILOCKing consistent when scanning the rt bitmap file	2022-11-16 15:25:03 -08:00
xfs_rtalloc.h
xfs_stats.c	xfs: replace unnecessary seq_printf with seq_puts	2022-09-19 06:48:14 +10:00
xfs_stats.h
xfs_super.c	xfs: test dir/attr hash when loading module	2023-03-19 09:55:49 -07:00
xfs_super.h	xfs: implement ->notify_failure() for XFS	2022-07-17 17:14:30 -07:00
xfs_symlink.c	fs: port fs{g,u}id helpers to mnt_idmap	2023-01-19 09:24:30 +01:00
xfs_symlink.h	fs: port inode_init_owner() to mnt_idmap	2023-01-19 09:24:28 +01:00
xfs_sysctl.c
xfs_sysctl.h
xfs_sysfs.c	xfs: make kobj_type structures constant	2023-02-10 08:59:48 -08:00
xfs_sysfs.h	xfs: make kobj_type structures constant	2023-02-10 08:59:48 -08:00
xfs_trace.c	xfs: add debug knob to slow down writeback for fun	2022-11-28 17:24:35 -08:00
xfs_trace.h	xfs: add tracepoints for each of the externally visible allocators	2023-03-19 09:55:49 -07:00
xfs_trans_ail.c	xfs: shut up -Wuninitialized in xfsaild_push	2022-11-30 08:55:18 -08:00
xfs_trans_buf.c
xfs_trans_dquot.c
xfs_trans_priv.h	xfs: convert log vector chain to use list heads	2022-07-07 18:55:59 +10:00
xfs_trans.c	xfs: don't assert fail on transaction cancel with deferred ops	2023-02-11 04:12:06 +11:00
xfs_trans.h	xfs: t_firstblock is tracking AGs not blocks	2023-02-11 04:11:06 +11:00
xfs_xattr.c	xfs: revert commit `8954c44ff4`	2023-02-10 09:06:06 -08:00
xfs_xattr.h
xfs.h