OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/fs
History
Omar Sandoval 1aa9de56d7 btrfs: fix double __endio_write_update_ordered in direct I/O 
[ Upstream commit c36cac28cb ]

In btrfs_submit_direct(), if we fail to allocate the btrfs_dio_private,
we complete the ordered extent range. However, we don't mark that the
range doesn't need to be cleaned up from btrfs_direct_IO() until later.
Therefore, if we fail to allocate the btrfs_dio_private, we complete the
ordered extent range twice. We could fix this by updating
unsubmitted_oe_range earlier, but it's cleaner to reorganize the code so
that creating the btrfs_dio_private and submitting the bios are
separate, and once the btrfs_dio_private is created, cleanup always
happens through the btrfs_dio_private.

The logic around unsubmitted_oe_range_end and unsubmitted_oe_range_start
is really subtle. We have the following:

  1. btrfs_direct_IO sets those two to the same value.

  2. When we call __blockdev_direct_IO unless
     btrfs_get_blocks_direct->btrfs_get_blocks_direct_write is called to
     modify unsubmitted_oe_range_start so that start < end. Cleanup
     won't happen.

  3. We come into btrfs_submit_direct - if it dip allocation fails we'd
     return with oe_range_end now modified so cleanup will happen.

  4. If we manage to allocate the dip we reset the unsubmitted range
     members to be equal so that cleanup happens from
     btrfs_endio_direct_write.

This 4-step logic is not really obvious, especially given it's scattered
across 3 functions.

Fixes: f28a492878 ("Btrfs: fix leaking of ordered extents after direct IO write error")
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
[ add range start/end logic explanation from Nikolay ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-10-01 13:18:04 +02:00
..
9p 9p: Fix memory leak in v9fs_mount 2020-08-19 08:16:24 +02:00
adfs
affs affs: fix basic permission bits to actually work 2020-09-09 19:12:34 +02:00
afs rxrpc: Make rxrpc_kernel_get_srtt() indicate validity 2020-09-09 19:12:23 +02:00
autofs
befs
bfs
btrfs btrfs: fix double __endio_write_update_ordered in direct I/O 2020-10-01 13:18:04 +02:00
cachefiles cachefiles: Fix race between read_waiter and read_copier involving op->to_do 2020-06-03 08:21:11 +02:00
ceph ceph: ensure we have a new cap before continuing in fill_inode 2020-10-01 13:17:29 +02:00
cifs CIFS: Properly process SMB3 lease breaks 2020-10-01 13:17:21 +02:00
coda
configfs configfs: fix config_item refcnt leak in configfs_rmdir() 2020-05-27 17:46:30 +02:00
cramfs
crypto fscrypt: don't evict dirty inodes after removing key 2020-03-18 07:17:53 +01:00
debugfs debugfs: Fix module state check condition 2020-09-17 13:47:55 +02:00
devpts
dlm dlm: Fix kobject memleak 2020-08-19 08:16:21 +02:00
ecryptfs ecryptfs: replace BUG_ON with error handling code 2020-02-28 17:22:26 +01:00
efivarfs
efs
erofs erofs: fix extended inode could cross boundary 2020-08-19 08:16:26 +02:00
exportfs
ext2 ext2: don't update mtime on COW faults 2020-09-09 19:12:30 +02:00
ext4 ext4: mark block bitmap corrupted when found instead of BUGON 2020-10-01 13:17:42 +02:00
f2fs f2fs: stop GC when the victim becomes fully valid 2020-10-01 13:17:21 +02:00
fat fat: don't allow to mount if the FAT length == 0 2020-06-17 16:40:36 +02:00
freevxfs
fscache
fuse fuse: update attr_version counter on fuse_notify_inval_inode() 2020-10-01 13:18:02 +02:00
gfs2 gfs2: clean up iopen glock mess in gfs2_create_inode 2020-10-01 13:17:20 +02:00
hfs
hfsplus hfsplus: fix crash and filesystem corruption when deleting files 2020-04-17 10:50:22 +02:00
hostfs
hpfs
hugetlbfs hugetlbfs: prevent filesystem stacking of hugetlbfs 2020-09-03 11:26:48 +02:00
iomap iomap: Fix overflow in iomap_page_mkwrite 2020-10-01 13:17:15 +02:00
isofs
jbd2 jbd2: abort journal if free a async write error metadata buffer 2020-09-03 11:26:56 +02:00
jffs2 jffs2: fix UAF problem 2020-08-26 10:40:56 +02:00
jfs
kernfs kernfs: do not call fsnotify() with name without a parent 2020-08-19 08:16:12 +02:00
lockd
minix fs/minix: remove expected error message in block_to_path() 2020-08-21 13:05:37 +02:00
nfs NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() 2020-10-01 13:17:52 +02:00
nfs_common
nfsd nfsd: Don't add locks to closed or closing open stateids 2020-10-01 13:17:43 +02:00
nilfs2 nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() 2020-06-17 16:40:29 +02:00
nls
notify fanotify: fix ignore mask logic for events on child and on dir 2020-06-17 16:40:24 +02:00
ntfs utimes: Clamp the timestamps in notify_change() 2020-02-11 04:35:12 -08:00
ocfs2 ocfs2: change slot number type s16 to u16 2020-08-21 13:05:26 +02:00
omfs
openpromfs
orangefs orangefs: get rid of knob code... 2020-08-21 13:05:29 +02:00
overlayfs ovl: fix unneeded call to ovl_change_flags() 2020-07-22 09:33:12 +02:00
proc proc: io_accounting: Use new infrastructure to fix deadlocks in execve 2020-10-01 13:17:48 +02:00
pstore pstore: Fix linking when crypto API disabled 2020-08-19 08:16:27 +02:00
qnx4
qnx6
quota fs: avoid softlockups in s_inodes iterators 2020-01-12 12:21:37 +01:00
ramfs
reiserfs reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() 2020-02-24 08:37:00 +01:00
romfs romfs: fix uninitialized memory leak in romfs_dev_read() 2020-08-26 10:40:51 +02:00
squashfs
sysfs
sysv
tracefs
ubifs ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len 2020-10-01 13:17:51 +02:00
udf udf: Fix free space reporting for metadata and virtual partitions 2020-02-24 08:36:44 +01:00
ufs fs/ufs: avoid potential u32 multiplication overflow 2020-08-21 13:05:37 +02:00
unicode
verity
xfs xfs: prohibit fs freezing when using empty transactions 2020-10-01 13:17:49 +02:00
Kconfig
Kconfig.binfmt
Makefile
aio.c aio: fix async fsync creds 2020-06-17 16:40:24 +02:00
anon_inodes.c
attr.c utimes: Clamp the timestamps in notify_change() 2020-02-11 04:35:12 -08:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() 2020-06-03 08:21:27 +02:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c binfmt_flat: revert "binfmt_flat: don't offset the data start" 2020-09-03 11:26:39 +02:00
binfmt_misc.c
binfmt_script.c
block_dev.c bdev: Reduce time holding bd_mutex in sync in blkdev_close() 2020-10-01 13:17:55 +02:00
buffer.c fs: prevent BUG_ON in submit_bh_wbc() 2020-09-03 11:26:57 +02:00
char_dev.c chardev: Avoid potential use-after-free in 'chrdev_open()' 2020-01-14 20:08:18 +01:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP 2020-01-09 10:20:05 +01:00
coredump.c coredump: fix crash when umh is disabled 2020-05-14 07:58:27 +02:00
d_path.c
dax.c dax: pass NOWAIT flag to iomap_apply 2020-03-05 16:43:36 +01:00
dcache.c fix dget_parent() fastpath race 2020-10-01 13:17:19 +02:00
dcookies.c
direct-io.c
drop_caches.c fs: avoid softlockups in s_inodes iterators 2020-01-12 12:21:37 +01:00
eventfd.c eventfd: track eventfd_signal() recursion depth 2020-02-11 04:35:37 -08:00
eventpoll.c fix regression in "epoll: Keep a reference on files added to the check list" 2020-09-09 19:12:28 +02:00
exec.c exec: Add exec_update_mutex to replace cred_guard_mutex 2020-10-01 13:17:47 +02:00
fcntl.c
fhandle.c
file.c fix multiplication overflow in copy_fdtable() 2020-05-27 17:46:12 +02:00
file_table.c
filesystems.c fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() 2020-04-17 10:50:21 +02:00
fs-writeback.c writeback: Fix sync livelock due to b_dirty_time processing 2020-09-03 11:27:04 +02:00
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
inode.c futex: Fix inode life-time issue 2020-03-25 08:25:58 +01:00
internal.h fs: move guard_bio_eod() after bio_set_op_attrs 2020-01-17 19:48:21 +01:00
io_uring.c io_uring: Fix NULL pointer dereference in io_sq_wq_submit_work() 2020-09-03 11:27:11 +02:00
ioctl.c
libfs.c libfs: fix infoleak in simple_attr_read() 2020-04-01 11:02:17 +02:00
locks.c locks: reinstate locks_delete_block optimization 2020-03-25 08:25:41 +01:00
mbcache.c
mount.h
mpage.c fs: move guard_bio_eod() after bio_set_op_attrs 2020-01-17 19:48:21 +01:00
namei.c namei: only return -ECHILD from follow_dotdot_rcu() 2020-03-05 16:43:48 +01:00
namespace.c
no-block.c
nsfs.c
open.c cifs_atomic_open(): fix double-put on late allocation failure 2020-03-18 07:17:51 +01:00
pipe.c
pnode.c propagate_one(): mnt_set_mountpoint() needs mount_lock 2020-05-02 08:48:44 +02:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c fs: allow deduplication of eof block into the end of the destination file 2020-02-11 04:35:23 -08:00
readdir.c readdir: be more conservative with directory entry names 2020-01-29 16:45:31 +01:00
select.c
seq_file.c
signalfd.c fs/signalfd.c: fix inconsistent return codes for signalfd4 2020-08-26 10:40:58 +02:00
splice.c splice: only read in as much information as there is pipe buffer space 2019-12-17 19:56:52 +01:00
stack.c
stat.c
statfs.c
super.c Fix use after free in get_tree_bdev() 2020-05-06 08:15:15 +02:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK 2020-01-04 19:18:32 +01:00
utimes.c utimes: Clamp the timestamps in notify_change() 2020-02-11 04:35:12 -08:00
xattr.c xattr: break delegations in {set,remove}xattr 2020-08-11 15:33:39 +02:00