xfs
[Top] [All Lists]

[XFS updates] XFS development tree branch, for-linus, updated. xfs-for-l

To: xfs@xxxxxxxxxxx
Subject: [XFS updates] XFS development tree branch, for-linus, updated. xfs-for-linus-v3.13-rc1-2-13364-gffbf221
From: xfs@xxxxxxxxxxx
Date: Tue, 10 Dec 2013 13:37:34 -0600 (CST)
Delivered-to: xfs@xxxxxxxxxxx
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "XFS development tree".

The branch, for-linus has been updated
  ffbf221 xfs: fix infinite loop by detaching the group/project hints from user 
dquot
  f94c445 xfs: growfs overruns AGFL buffer on V4 filesystems
  2f42d61 xfs: don't perform discard if the given range length is less than 
block size
  31978b5 xfs: underflow bug in xfs_attrlist_by_handle()
  6ea9786 Merge tag 'xfs-for-linus-v3.13-rc1-2' of git://oss.sgi.com/xfs/xfs
  2fe8c1c xfs: open code inc_inode_iversion when logging an inode
  8f80587 xfs: increase inode cluster size for v5 filesystems
  9e3908e xfs: fix unlock in xfs_bmap_add_attrfork
  7e1a1e9 Merge tag 'xfs-for-linus-v3.13-rc1' of git://oss.sgi.com/xfs/xfs
  c4a391b writeback: do not sync data dirtied after sync start
  359d992 xfs: simplify kmem_{zone_}zalloc
  d123031 xfs: add tracepoints to AGF/AGI read operations
  750b9c9 xfs: trace AIL manipulations
  2732036 xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering
  bb86d21 xfs: fix the extent count when allocating an new indirection array 
entry
  10e6e65 xfs: be more forgiving of a v4 secondary sb w/ junk in v5 fields
  643f7c4 xfs: fix possible NULL dereference in xlog_verify_iclog
  5bf1f43 xfs:xfs_dir2_node.c: pointer use before check for null
  ad22c7a xfs: prevent stack overflows from page cache allocation
  632b89e xfs: fix static and extern sparse warnings
  a629362 xfs: validity check the directory block leaf entry count
  b01ef65 xfs: make dir2 ftype offset pointers explicit
  1c9a5b2 xfs: convert directory vector functions to constants
  24dd0f5 xfs: convert directory vector functions to constants
  01ba43b xfs: vectorise encoding/decoding directory headers
  4bceb18 xfs: vectorise DA btree operations
  4141956 xfs: vectorise directory leaf operations
  2ca9877 xfs: vectorise directory data operations part 2
  9d23fc8 xfs: vectorise directory data operations
  4740175 xfs: vectorise remaining shortform dir2 ops
  32c5483 xfs: abstract the differences in dir2/dir3 via an ops vector
  c963c61 xfs: split xfs_rtalloc.c for userspace sanity
  a4fbe6a xfs: decouple inode and bmap btree header files
  239880e xfs: decouple log and transaction headers
  d420e5c xfs: remove unused transaction callback variables
  9aede1d xfs: split dquot buffer operations out
  5706278 xfs: unify directory/attribute format definitions
  70a9883 xfs: create a shared header file for format-related information
  865e944 xfs: fold xfs_change_file_space into xfs_ioc_space
  83aee9e xfs: simplify the fallocate path
  5f8aca8 xfs: always hold the iolock when calling xfs_change_file_space
  001a3e7 xfs: remove the unused XFS_ATTR_NONBLOCK flag
  76ca4c2 xfs: always take the iolock around xfs_setattr_size
  59e5a0e xfs: don't break from growfs ag update loop on error
  31625f2 xfs: don't emit corruption noise on fs probes
  08e96e1 xfs: remove newlines from strings passed to __xfs_printk
  2c6e24c xfs: prevent deadlock trying to cover an active log
  74564fb xfs: clean up xfs_inactive() error handling, kill 
VN_INACTIVE_[NO]CACHE
  88877d2 xfs: push down inactive transaction mgmt for ifree
  f7be2d7 xfs: push down inactive transaction mgmt for truncate
  36b21dd xfs: push down inactive transaction mgmt for remote symlinks
  2900a57 xfs: add the inode directory type support to XFS_IOC_FSGEOM
  b2a42f7 xfs: Use kmem_free() instead of free()
  9b3b77f xfs: fix memory leak in xlog_recover_add_to_trans
  6d31349 xfs: dirent dtype presence is dependent on directory magic numbers
  89c6c89 xfs: lockdep needs to know about 3 dquot-deep nesting
  d948709 xfs: remove usage of is_bad_inode
  17ec81c xfs: fix the wrong new_size/rnew_size at xfs_iext_realloc_direct()
  0799a3e xfs: get rid of count from xfs_iomap_write_allocate()
  aaaae98 xfs: Use kmem_free() instead of free()
  519ccb8 xfs: fix memory leak in xlog_recover_add_to_trans
  367993e xfs: dirent dtype presence is dependent on directory magic numbers
  f112a04 xfs: lockdep needs to know about 3 dquot-deep nesting
  997def2 xfs: fix node forward in xfs_node_toosmall
  566055d xfs: log recovery lsn ordering needs uuid check
  b771af2 xfs: fix XFS_IOC_FREE_EOFBLOCKS definition
  b313a5f xfs: asserting lock not held during freeing not valid
  4885235 xfs: lock the AIL before removing the buffer item
  e0ea404 Merge tag 'xfs-for-linus-v3.12-rc1-2' of git://oss.sgi.com/xfs/xfs
  ac4de95 Merge branch 'akpm' (patches from Andrew Morton)
  7caef26 truncate: drop 'oldsize' truncate_pagecache() parameter
  08474ed xfs: remove dead code from xlog_recover_inode_pass2
  aa9e104 xfs: = vs == typo in ASSERT()
  f5e1dd3 super: fix for destroy lrus
  5ca302c list_lru: dynamically adjust node arrays
  3516341 xfs: fix dquot isolation hang
  2f5b56f xfs-convert-dquot-cache-lru-to-list_lru-fix
  cd56a39 xfs: convert dquot cache lru to list_lru
  a408235 xfs: rework buffer dispose list tracking
  addbda4 xfs-convert-buftarg-lru-to-generic-code-fix
  e80dfa1 xfs: convert buftarg LRU to generic code
  9b17c62 fs: convert inode and dentry shrinking to be node aware
  0a234c6 shrinker: convert superblock shrinkers to new API
  55f841c super: fix calculation of shrinkable objects for small numbers
  74ffa79 xfs: don't assert fail on bad inode numbers
  46f9d2e xfs: aborted buf items can be in the AIL.
  fdd3cce xfs: factor all the kmalloc-or-vmalloc fallback allocations
  2dc164f xfs: fix memory allocation failures with ACLs
  0a4edc8 xfs: ensure we copy buffer type in da btree root splits
  daf7b79 xfs: set remote symlink buffer type for recovery
  638f4416 xfs: recovery of swap extents operations for CRC filesystems
  21b5c97 xfs: swap extents operations for CRC filesystems
  0f295a2 xfs: check magic numbers in dir3 leaf verifier first
  a30b036 xfs: fix some minor sparse warnings
  e9fbbad xfs: fix endian warning in xlog_recover_get_buf_lsn()
  300893b Merge tag 'xfs-for-linus-v3.12-rc1' of git://oss.sgi.com/xfs/xfs
  7b7a866 direct-io: Implement generic deferred AIO completions
  1d03c6f xfs: XFS_MOUNT_QUOTA_ALL needed by userspace
  50fc5f7 xfs: dtype changed xfs_dir2_sfe_put_ino to xfs_dir3_sfe_put_ino
  914ed44 Fix wrong flag ASSERT in xfs_attr_shortform_getvalue
  904c17e xfs: finish removing IOP_* macros.
  2395670 xfs: inode log reservations are too small
  b121099 xfs: check correct status variable for xfs_inobt_get_rec() call
  d891400 xfs: inode buffers may not be valid during recovery readahead
  50d5c8d xfs: check LSN ordering for v5 superblocks during recovery
  b58fa55 xfs: btree block LSN escaping to disk uninitialised
  3780437 XFS: Assertion failed: first <= last && last < BBTOB(bp->b_length), 
file: fs/xfs/xfs_trans_buf.c, line: 568
  0f0d334 xfs: fix bad dquot buffer size in log recovery readahead
  84a5b73 xfs: don't account buffer cancellation during log recovery readahead
  0d0ab12 xfs: check for underflow in xfs_iformat_fork()
  98f7462 xfs: xfs_dir3_sfe_put_ino can be static
  00574da xfs: introduce object readahead to log recovery
  8d1d408 xfs: Simplify xfs_ail_min() with list_first_entry_or_null()
  46677e6 xfs: Register hotcpu notifier after initialization
  3e3c51c xfs: add xfs sb v4 support for dirent filetype field
  1c55cec xfs: Add write support for dirent filetype field
  0cb9776 xfs: Add read-only support for dirent filetype field
  5d5e3d5 xfs: Add support for the Q_XGETQSTATV
  c2bfbc9 xfs: fix the comment of xfs_mountfs()
  2533787 xfs: fix the comment of xfs_sb_quiet_read_verify()
  8ba701e xfs: fix the comment of xlog_recover_do_dquot_buffer()
  8e159e7 xfs: fix the comment of xfs_log_unmount_write()
  0b8182d xfs: fix the comment of xfs_ifree_cluster()
  2f21ff1 xfs: fix the comment of xfs_ialloc_ag_select()
  b3c49634 xfs: fix the comment of xfs_extent_busy_update_extent()
  8b4ad79 xfs: fix the comment of xfs_setsize_buftarg_early()
  ad4809b xfs: fix the comment of xfs_bmap_punch_delalloc_range()
  02bb487 xfs: fix the comment of xfs_bmap_last_before()
  a97f4df xfs: fix the comment of xfs_bmap_validate_ret()
  8be11e9 xfs: fix the comment of xfs_bmap_count_tree()
  c7c1a7d xfs: rename bio_add_buffer() to xfs_bio_add_buffer()
  0a94da2 xfs: fix the comment of xlog_find_head()
  34be5ff xfs: fix the comment of xlog_recover_buffer_pass2()
  5c75390 xfs: remove two unused macro definitions in xfs_linux.h
  1cb9386 xfs: fix the comment of xfs_btree_get_iroot()
  f6c2734 xfs: fix the comment of xfs_iroot_realloc()
  7c3e664 xfs: remove one blank line in xfs_btree_make_block_unfull()
  ac0e300 xfs: fix the comment of xlog_write_setup_copy()
  99e738b7 xfs: fix the comment of xfs_mod_incore_sb_unlocked()
  49d3da1 xfs: fix the comment of xfs_btree_lookup()
  b46fe82 xfs: fix the comment of xfs_buf_free()
  0471f62 xfs: fix the comment of xfs_check_sizes()
  2ad01f5 xfs: use reference counts to free clean buffer items
  8c567a7 xfs: add capability check to free eofblocks ioctl
  b9fe505 xfs: create internal eofblocks structure with kuid_t types
  7aab1b2 xfs: convert kuid_t to/from uid_t for internal structures
  fd5e2aa xfs: ioctl check for capabilities in the current user namespace
  288bbe0 xfs: convert kuid_t to/from uid_t in ACLs
  c5eeb7e xfs: create wrappers for converting kuid_t to/from uid_t
  4bb928c xfs: split the CIL lock
  991aaf6 xfs: Combine CIL insert and prepare passes
  f5baac3 xfs: avoid CIL allocation during insert
  7492c5b xfs: Reduce allocations during CIL insertion
  166d136 xfs: return log item size in IOP_SIZE
  050a195 xfs:free bp in xlog_find_tail() error path
  5d0a654 xfs: free bp in xlog_find_zeroed() error path
  6dd93e9 xfs: avoid double-free in xfs_attr_node_addname
  2c2bcc0 xfs: call roundup_64() to calculate the min_logblks
  3e7b91c xfs: Validate log space at mount time
  5a96a94 xfs: Add xfs_log_rlimit.c
  e773fc9 xfs: Refactor xfs_ticket_alloc() to extract a new helper
  f749278 xfs: Get rid of all XFS_XXX_LOG_RES() macro
  3d3c8b5 xfs: refactor xfs_trans_reserve() interface
  783cb6d xfs: Make writeid transaction use tr_writeid
  20996c9 xfs: Introduce tr_fsyncts to m_reservation
  0eadd10 xfs: Introduce a new structure to hold transaction reservation items
  9356fe2 xfs: make struct xfs_perag kernel only
  4f3d71f xfs: move kernel specific type definitions to xfs.h
  9b90b0d xfs: xfs_filestreams.h doesn't need __KERNEL__
  cb9eabf xfs: remove __KERNEL__ check from xfs_dir2_leaf.c
  b49a0c1 xfs: remove __KERNEL__ from debug code
  63d20d6 xfs: kill __KERNEL__ check for debug code in allocation code
  94b4060 xfs: don't special case shared superblock mounts
  a133d95 xfs: consolidate extent swap code
  e546cb7 xfs: consolidate xfs_utils.c
  f6bba20 xfs: consolidate xfs_rename.c
  c24b5df xfs: kill xfs_vnodeops.[ch]
  836a94a xfs: fix issues that cause userspace warnings
  c5c249b xfs: minor cleanups
  6898811 xfs: create xfs_bmap_util.[ch]
  ff55068 xfs: introduce xfs_sb.c for sharing with libxfs
  1fb7e48d xfs: split out the remote symlink handling
  fde2227 xfs: split out attribute fork truncation code into separate file
  abec5f2 xfs: split out attribute listing code into separate file
  2b9ab5a xfs: reshuffle dir2 definitions around for userspace
  4a8af27 xfs: move getdents code into it's own file
  1fd7115 xfs: introduce xfs_inode_buf.c for inode buffer operations
  7bb85ef xfs: move unrelated definitions out of xfs_inode.h
  5c4d97d xfs: move inode fork definitions to a new header file
  7fd36c4 xfs: split out transaction reservation code
  d386b32 xfs: sync minor header differences needed by userspace.
  76456fc xfs: introduce xfs_quota_defs.h
  c729820 xfs: introduce xfs_rtalloc_defs.h
  2a3c0ac xfs: split out on-disk transaction definitions
  9cd047f xfs: separate icreate log format definitions from xfs_icreate_item.h
  6ca1c90 xfs: separate dquot on disk format definitions out of xfs_quota.h
  9fbe24d xfs: split out EFI/EFD log item format definition
  a8da0da xfs: split out buf log item format definitions
  6943283 xfs: split out inode log item format definition
  fc06c6d xfs: separate out log format definitions
  7a378c9 xfs: WQ_NON_REENTRANT is meaningless and going away
  e1b4271 xfs: di_flushiter considered harmful
  e60896d xfs: di_flushiter considered harmful
  d892d58 xfs: Start using pquotaino from the superblock.
  0102629 xfs: Initialize all quota inodes to be NULLFSINO
  297aa63 xfs: Fix a deadlock in xfs_log_commit_cil() code path
  58e5985 xfs: fix assertion failure in xfs_vm_write_failed()
  239dab4 Merge tag 'for-linus-v3.11-rc1-2' of git://oss.sgi.com/xfs/xfs
  da89bd2 Merge tag 'for-linus-v3.11-rc1' of git://oss.sgi.com/xfs/xfs
  790eac5 Merge branch 'for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
  46a1c2c vfs: export lseek_execute() to modules
  9e239bb Merge tag 'ext4_for_linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
  b822755 [readdir] convert xfs
  d302cf1 xfs: don't shutdown log recovery on validation errors
  088c9f6 xfs: ensure btree root split sets blkno correctly
  5170711 xfs: fix implicit padding in directory and attr CRC formats
  47ad2fc xfs: don't emit v5 superblock warnings on write
  0a8aa19 xfs: increase number of ACL entries for V5 superblocks
  f763fd4 xfs: disable noattr2/attr2 mount options for CRC enabled filesystems
  ad868af xfs: inode unlinked list needs to recalculate the inode CRC
  7540617 xfs: fix log recovery transaction item reordering
  ea92953 xfs: fix remote attribute invalidation for a leaf
  bb9b8e8 xfs: rework dquot CRCs
  7bc0dc2 xfs: rework remote attr CRCs
  634fd53 xfs: fully initialise temp leaf in xfs_attr3_leaf_compact
  9e80c76 xfs: fully initialise temp leaf in xfs_attr3_leaf_unbalance
  58a7228 xfs: correctly map remote attr buffers during removal
  26f7144 xfs: remote attribute tail zeroing does too much
  551b382 xfs: remote attribute read too short
  9531e2d xfs: remote attribute allocation may be contiguous
  e400d27 xfs: fix dir3 freespace block corruption
  7c9950f xfs: disable swap extents ioctl on CRC enabled filesystems
  e7927e8 xfs: add fsgeom flag for v5 superblock support.
  1de09d1 xfs: fix incorrect remote symlink block count
  7d2ffe8 xfs: fix split buffer vector log recovery support
  2962f5a xfs: kill suid/sgid through the truncate path.
  08fb390 xfs: avoid nesting transactions in xfs_qm_scall_setqlim()
  7ae0778 xfs: remote attribute lookups require the value length
  cf257ab xfs: xfs_attr_shortform_allfit() does not handle attr3 format.
  7ced60c xfs: xfs_da3_node_read_verify() doesn't handle XFS_ATTR3_LEAF_MAGIC
  b17cb36 xfs: fix missing KM_NOFS tags to keep lockdep happy
  509e708 xfs: Don't reference the EFI after it is freed
  7031d0e xfs: fix rounding in xfs_free_file_space
  480d746 xfs: fix sub-page blocksize data integrity writes
  34097df xfs: use ->invalidatepage() length argument
  d47992f mm: change invalidatepage prototype to accept length
      from  c31ad439e8d111bf911c9cc80619cebde411a44d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ffbf2210df41793c8a904f0115d519094799977f
Author: Jie Liu <jeff.liu@xxxxxxxxxx>
Date:   Tue Nov 26 21:38:49 2013 +0800

    xfs: fix infinite loop by detaching the group/project hints from user dquot
    
    xfs_quota(8) will hang up if trying to turn group/project quota off
    before the user quota is off, this could be 100% reproduced by:
      # mount -ouquota,gquota /dev/sda7 /xfs
      # mkdir /xfs/test
      # xfs_quota -xc 'off -g' /xfs <-- hangs up
      # echo w > /proc/sysrq-trigger
      # dmesg
    
      SysRq : Show Blocked State
      task                        PC stack   pid father
      xfs_quota       D 0000000000000000     0 27574   2551 0x00000000
      [snip]
      Call Trace:
      [<ffffffff81aaa21d>] schedule+0xad/0xc0
      [<ffffffff81aa327e>] schedule_timeout+0x35e/0x3c0
      [<ffffffff8114b506>] ? mark_held_locks+0x176/0x1c0
      [<ffffffff810ad6c0>] ? call_timer_fn+0x2c0/0x2c0
      [<ffffffffa0c25380>] ? xfs_qm_shrink_count+0x30/0x30 [xfs]
      [<ffffffff81aa3306>] schedule_timeout_uninterruptible+0x26/0x30
      [<ffffffffa0c26155>] xfs_qm_dquot_walk+0x235/0x260 [xfs]
      [<ffffffffa0c059d8>] ? xfs_perag_get+0x1d8/0x2d0 [xfs]
      [<ffffffffa0c05805>] ? xfs_perag_get+0x5/0x2d0 [xfs]
      [<ffffffffa0b7707e>] ? xfs_inode_ag_iterator+0xae/0xf0 [xfs]
      [<ffffffffa0c22280>] ? xfs_trans_free_dqinfo+0x50/0x50 [xfs]
      [<ffffffffa0b7709f>] ? xfs_inode_ag_iterator+0xcf/0xf0 [xfs]
      [<ffffffffa0c261e6>] xfs_qm_dqpurge_all+0x66/0xb0 [xfs]
      [<ffffffffa0c2497a>] xfs_qm_scall_quotaoff+0x20a/0x5f0 [xfs]
      [<ffffffffa0c2b8f6>] xfs_fs_set_xstate+0x136/0x180 [xfs]
      [<ffffffff8136cf7a>] do_quotactl+0x53a/0x6b0
      [<ffffffff812fba4b>] ? iput+0x5b/0x90
      [<ffffffff8136d257>] SyS_quotactl+0x167/0x1d0
      [<ffffffff814cf2ee>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [<ffffffff81abcd19>] system_call_fastpath+0x16/0x1b
    
    It's fine if we turn user quota off at first, then turn off other
    kind of quotas if they are enabled since the group/project dquot
    refcount is decreased to zero once the user quota if off. Otherwise,
    those dquots refcount is non-zero due to the user dquot might refer
    to them as hint(s).  Hence, above operation cause an infinite loop
    at xfs_qm_dquot_walk() while trying to purge dquot cache.
    
    This problem has been around since Linux 3.4, it was introduced by:
      [ b84a3a9675 xfs: remove the per-filesystem list of dquots ]
    
    Originally we will release the group dquot pointers because the user
    dquots maybe carrying around as a hint via xfs_qm_detach_gdquots().
    However, with above change, there is no such work to be done before
    purging group/project dquot cache.
    
    In order to solve this problem, this patch introduces a special routine
    xfs_qm_dqpurge_hints(), and it would release the group/project dquot
    pointers the user dquots maybe carrying around as a hint, and then it
    will proceed to purge the user dquot cache if requested.
    
    Cc: stable@xxxxxxxxxxxxxxx
    Signed-off-by: Jie Liu <jeff.liu@xxxxxxxxxx>
    Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
    Signed-off-by: Ben Myers <bpm@xxxxxxx>
    
    (cherry picked from commit df8052e7dae00bde6f21b40b6e3e1099770f3afc)

commit f94c44573e7c22860e2c3dfe349c45f72ba35ad3
Author: Dave Chinner <dchinner@xxxxxxxxxx>
Date:   Thu Nov 21 15:41:06 2013 +1100

    xfs: growfs overruns AGFL buffer on V4 filesystems
    
    This loop in xfs_growfs_data_private() is incorrect for V4
    superblocks filesystems:
    
                for (bucket = 0; bucket < XFS_AGFL_SIZE(mp); bucket++)
                        agfl->agfl_bno[bucket] = cpu_to_be32(NULLAGBLOCK);
    
    For V4 filesystems, we don't have a agfl header structure, and so
    XFS_AGFL_SIZE() returns an entire sector's worth of entries, which
    we then index from an offset into the sector. Hence: buffer overrun.
    
    This problem was introduced in 3.10 by commit 77c95bba ("xfs: add
    CRC checks to the AGFL") which changed the AGFL structure but failed
    to update the growfs code to handle the different structures.
    
    Fix it by using the correct offset into the buffer for both V4 and
    V5 filesystems.
    
    Cc: <stable@xxxxxxxxxxxxxxx>
    Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
    Reviewed-by: Jie Liu <jeff.liu@xxxxxxxxxx>
    Signed-off-by: Ben Myers <bpm@xxxxxxx>
    
    (cherry picked from commit b7d961b35b3ab69609aeea93f870269cb6e7ba4d)

commit 2f42d612e7d4c4fb1819ea7b2b6e18938714ae7a
Author: Jie Liu <jeff.liu@xxxxxxxxxx>
Date:   Wed Nov 20 16:08:53 2013 +0800

    xfs: don't perform discard if the given range length is less than block size
    
    For discard operation, we should return EINVAL if the given range length
    is less than a block size, otherwise it will go through the file system
    to discard data blocks as the end range might be evaluated to -1, e.g,
    # fstrim -v -o 0 -l 100 /xfs7
    /xfs7: 9811378176 bytes were trimmed
    
    This issue can be triggered via xfstests/generic/288.
    
    Also, it seems to get the request queue pointer via bdev_get_queue()
    instead of the hard code pointer dereference is not a bad thing.
    
    Signed-off-by: Jie Liu <jeff.liu@xxxxxxxxxx>
    Reviewed-by: Christoph Hellwig <hch@xxxxxx>
    Signed-off-by: Ben Myers <bpm@xxxxxxx>
    
    (cherry picked from commit f9fd0135610084abef6867d984e9951c3099950d)

commit 31978b5cc66b8ba8a7e8eef60b12395d41b7b890
Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date:   Thu Oct 31 21:00:10 2013 +0300

    xfs: underflow bug in xfs_attrlist_by_handle()
    
    If we allocate less than sizeof(struct attrlist) then we end up
    corrupting memory or doing a ZERO_PTR_SIZE dereference.
    
    This can only be triggered with CAP_SYS_ADMIN.
    
    Reported-by: Nico Golde <nico@xxxxxxxxx>
    Reported-by: Fabian Yamaguchi <fabs@xxxxxxxxx>
    Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
    Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
    Signed-off-by: Ben Myers <bpm@xxxxxxx>
    
    (cherry picked from commit 071c529eb672648ee8ca3f90944bcbcc730b4c06)

-----------------------------------------------------------------------

Summary of changes:
 fs/xfs/Makefile                               |   28 +-
 fs/xfs/kmem.c                                 |   23 +-
 fs/xfs/kmem.h                                 |   30 +-
 fs/xfs/xfs_acl.c                              |   44 +-
 fs/xfs/xfs_ag.h                               |   57 -
 fs/xfs/xfs_alloc.c                            |   25 +-
 fs/xfs/xfs_alloc.h                            |    3 -
 fs/xfs/xfs_alloc_btree.c                      |   14 +-
 fs/xfs/xfs_alloc_btree.h                      |   35 -
 fs/xfs/xfs_aops.c                             |   85 +-
 fs/xfs/xfs_aops.h                             |    3 -
 fs/xfs/xfs_attr.c                             |  437 +--
 fs/xfs/xfs_attr.h                             |    9 +
 fs/xfs/xfs_attr_inactive.c                    |  452 +++
 fs/xfs/xfs_attr_leaf.c                        |  684 +----
 fs/xfs/xfs_attr_leaf.h                        |  234 +-
 fs/xfs/xfs_attr_list.c                        |  653 +++++
 fs/xfs/xfs_attr_remote.c                      |   30 +-
 fs/xfs/xfs_attr_remote.h                      |   29 -
 fs/xfs/xfs_bit.c                              |    4 +-
 fs/xfs/xfs_bmap.c                             |  881 +-----
 fs/xfs/xfs_bmap.h                             |   56 +-
 fs/xfs/xfs_bmap_btree.c                       |   63 +-
 fs/xfs/xfs_bmap_btree.h                       |  109 +-
 fs/xfs/xfs_bmap_util.c                        | 1814 ++++++++++++
 fs/xfs/xfs_bmap_util.h                        |  113 +
 fs/xfs/xfs_btree.c                            |  189 +-
 fs/xfs/xfs_btree.h                            |  100 +-
 fs/xfs/xfs_buf.c                              |  267 +-
 fs/xfs/xfs_buf.h                              |   17 +-
 fs/xfs/xfs_buf_item.c                         |   86 +-
 fs/xfs/xfs_buf_item.h                         |  104 +-
 fs/xfs/xfs_da_btree.c                         |  274 +-
 fs/xfs/xfs_da_btree.h                         |  137 +-
 fs/xfs/xfs_da_format.c                        |  907 ++++++
 fs/xfs/{xfs_dir2_format.h => xfs_da_format.h} |  606 ++--
 fs/xfs/xfs_dfrag.c                            |  459 ---
 fs/xfs/xfs_dfrag.h                            |   53 -
 fs/xfs/xfs_dinode.h                           |    3 +
 fs/xfs/xfs_dir2.c                             |   77 +-
 fs/xfs/xfs_dir2.h                             |  116 +
 fs/xfs/xfs_dir2_block.c                       |  202 +-
 fs/xfs/xfs_dir2_data.c                        |  172 +-
 fs/xfs/xfs_dir2_leaf.c                        |  655 +----
 fs/xfs/xfs_dir2_node.c                        |  351 +--
 fs/xfs/xfs_dir2_priv.h                        |   70 +-
 fs/xfs/xfs_dir2_readdir.c                     |  695 +++++
 fs/xfs/xfs_dir2_sf.c                          |  319 +-
 fs/xfs/xfs_discard.c                          |   17 +-
 fs/xfs/xfs_dquot.c                            |  167 +-
 fs/xfs/xfs_dquot.h                            |    2 -
 fs/xfs/xfs_dquot_buf.c                        |  288 ++
 fs/xfs/xfs_dquot_item.c                       |   40 +-
 fs/xfs/xfs_error.c                            |   12 +-
 fs/xfs/xfs_export.c                           |   13 +-
 fs/xfs/xfs_extent_busy.c                      |   16 +-
 fs/xfs/xfs_extent_busy.h                      |    4 +
 fs/xfs/xfs_extfree_item.c                     |   58 +-
 fs/xfs/xfs_extfree_item.h                     |   88 +-
 fs/xfs/xfs_file.c                             |  113 +-
 fs/xfs/xfs_filestream.c                       |   18 +-
 fs/xfs/xfs_filestream.h                       |    4 -
 fs/xfs/xfs_format.h                           |  414 +++
 fs/xfs/xfs_fs.h                               |   44 +-
 fs/xfs/xfs_fsops.c                            |   59 +-
 fs/xfs/xfs_ialloc.c                           |   27 +-
 fs/xfs/xfs_ialloc.h                           |    5 +-
 fs/xfs/xfs_ialloc_btree.c                     |   13 +-
 fs/xfs/xfs_ialloc_btree.h                     |   51 -
 fs/xfs/xfs_icache.c                           |   52 +-
 fs/xfs/xfs_icache.h                           |   56 +-
 fs/xfs/xfs_icreate_item.c                     |   28 +-
 fs/xfs/xfs_icreate_item.h                     |   18 -
 fs/xfs/xfs_inode.c                            | 3862 ++++++++++---------------
 fs/xfs/xfs_inode.h                            |  316 +-
 fs/xfs/xfs_inode_buf.c                        |  481 +++
 fs/xfs/xfs_inode_buf.h                        |   50 +
 fs/xfs/xfs_inode_fork.c                       | 1904 ++++++++++++
 fs/xfs/xfs_inode_fork.h                       |  172 ++
 fs/xfs/xfs_inode_item.c                       |   65 +-
 fs/xfs/xfs_inode_item.h                       |  115 +-
 fs/xfs/xfs_ioctl.c                            |  333 ++-
 fs/xfs/xfs_ioctl.h                            |   10 +
 fs/xfs/xfs_ioctl32.c                          |   32 +-
 fs/xfs/xfs_iomap.c                            |   44 +-
 fs/xfs/xfs_iomap.h                            |    8 +-
 fs/xfs/xfs_iops.c                             |  146 +-
 fs/xfs/xfs_iops.h                             |    9 +
 fs/xfs/xfs_itable.c                           |   22 +-
 fs/xfs/xfs_linux.h                            |   60 +-
 fs/xfs/xfs_log.c                              |  191 +-
 fs/xfs/xfs_log.h                              |   96 +-
 fs/xfs/xfs_log_cil.c                          |  397 +--
 fs/xfs/xfs_log_format.h                       |  679 +++++
 fs/xfs/xfs_log_priv.h                         |  172 +-
 fs/xfs/xfs_log_recover.c                      |  751 +++--
 fs/xfs/xfs_log_rlimit.c                       |  150 +
 fs/xfs/xfs_message.c                          |    5 +-
 fs/xfs/xfs_mount.c                            |  785 +----
 fs/xfs/xfs_mount.h                            |  118 +-
 fs/xfs/xfs_qm.c                               |  482 +--
 fs/xfs/xfs_qm.h                               |    8 +-
 fs/xfs/xfs_qm_bhv.c                           |   13 +-
 fs/xfs/xfs_qm_syscalls.c                      |  154 +-
 fs/xfs/xfs_quota.h                            |  282 +-
 fs/xfs/xfs_quota_defs.h                       |  161 ++
 fs/xfs/xfs_quotaops.c                         |   20 +-
 fs/xfs/xfs_rename.c                           |  346 ---
 fs/xfs/xfs_rtalloc.c                          | 1868 +++---------
 fs/xfs/xfs_rtalloc.h                          |   77 +-
 fs/xfs/xfs_rtbitmap.c                         |  974 +++++++
 fs/xfs/xfs_sb.c                               |  836 ++++++
 fs/xfs/xfs_sb.h                               |   69 +-
 fs/xfs/xfs_shared.h                           |  244 ++
 fs/xfs/xfs_super.c                            |   81 +-
 fs/xfs/xfs_symlink.c                          |  292 +-
 fs/xfs/xfs_symlink.h                          |   43 +-
 fs/xfs/xfs_symlink_remote.c                   |  202 ++
 fs/xfs/xfs_trace.c                            |   17 +-
 fs/xfs/xfs_trace.h                            |   99 +-
 fs/xfs/xfs_trans.c                            |  755 +----
 fs/xfs/xfs_trans.h                            |  317 +-
 fs/xfs/xfs_trans_ail.c                        |   28 +-
 fs/xfs/xfs_trans_buf.c                        |   14 +-
 fs/xfs/xfs_trans_dquot.c                      |   16 +-
 fs/xfs/xfs_trans_extfree.c                    |    7 +-
 fs/xfs/xfs_trans_inode.c                      |   21 +-
 fs/xfs/xfs_trans_priv.h                       |   14 +
 fs/xfs/xfs_trans_resv.c                       |  794 +++++
 fs/xfs/xfs_trans_resv.h                       |  116 +
 fs/xfs/xfs_types.h                            |   60 +-
 fs/xfs/xfs_utils.c                            |  314 --
 fs/xfs/xfs_utils.h                            |   27 -
 fs/xfs/xfs_vnode.h                            |    8 -
 fs/xfs/xfs_vnodeops.c                         | 1870 ------------
 fs/xfs/xfs_vnodeops.h                         |   56 -
 fs/xfs/xfs_xattr.c                            |   10 +-
 137 files changed, 18813 insertions(+), 16236 deletions(-)
 create mode 100644 fs/xfs/xfs_attr_inactive.c
 create mode 100644 fs/xfs/xfs_attr_list.c
 create mode 100644 fs/xfs/xfs_bmap_util.c
 create mode 100644 fs/xfs/xfs_bmap_util.h
 create mode 100644 fs/xfs/xfs_da_format.c
 rename fs/xfs/{xfs_dir2_format.h => xfs_da_format.h} (57%)
 delete mode 100644 fs/xfs/xfs_dfrag.c
 delete mode 100644 fs/xfs/xfs_dfrag.h
 create mode 100644 fs/xfs/xfs_dir2_readdir.c
 create mode 100644 fs/xfs/xfs_dquot_buf.c
 create mode 100644 fs/xfs/xfs_format.h
 create mode 100644 fs/xfs/xfs_inode_buf.c
 create mode 100644 fs/xfs/xfs_inode_buf.h
 create mode 100644 fs/xfs/xfs_inode_fork.c
 create mode 100644 fs/xfs/xfs_inode_fork.h
 create mode 100644 fs/xfs/xfs_log_format.h
 create mode 100644 fs/xfs/xfs_log_rlimit.c
 create mode 100644 fs/xfs/xfs_quota_defs.h
 delete mode 100644 fs/xfs/xfs_rename.c
 create mode 100644 fs/xfs/xfs_rtbitmap.c
 create mode 100644 fs/xfs/xfs_sb.c
 create mode 100644 fs/xfs/xfs_shared.h
 create mode 100644 fs/xfs/xfs_symlink_remote.c
 create mode 100644 fs/xfs/xfs_trans_resv.c
 create mode 100644 fs/xfs/xfs_trans_resv.h
 delete mode 100644 fs/xfs/xfs_utils.c
 delete mode 100644 fs/xfs/xfs_utils.h
 delete mode 100644 fs/xfs/xfs_vnodeops.c
 delete mode 100644 fs/xfs/xfs_vnodeops.h


hooks/post-receive
-- 
XFS development tree

<Prev in Thread] Current Thread [Next in Thread>
  • [XFS updates] XFS development tree branch, for-linus, updated. xfs-for-linus-v3.13-rc1-2-13364-gffbf221, xfs <=