evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/xfs
History
Richard Wareing ad39034341 xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present 
commit b31ff3cdf540110da4572e3e29bd172087af65cc upstream.

If using a kernel with CONFIG_XFS_RT=y and we set the RHINHERIT flag on
a directory in a filesystem that does not have a realtime device and
create a new file in that directory, it gets marked as a real time file.
When data is written and a fsync is issued, the filesystem attempts to
flush a non-existent rt device during the fsync process.

This results in a crash dereferencing a null buftarg pointer in
xfs_blkdev_issue_flush():

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
  IP: xfs_blkdev_issue_flush+0xd/0x20
  .....
  Call Trace:
    xfs_file_fsync+0x188/0x1c0
    vfs_fsync_range+0x3b/0xa0
    do_fsync+0x3d/0x70
    SyS_fsync+0x10/0x20
    do_syscall_64+0x4d/0xb0
    entry_SYSCALL64_slow_path+0x25/0x25

Setting RT inode flags does not require special privileges so any
unprivileged user can cause this oops to occur.  To reproduce, confirm
kernel is compiled with CONFIG_XFS_RT=y and run:

  # mkfs.xfs -f /dev/pmem0
  # mount /dev/pmem0 /mnt/test
  # mkdir /mnt/test/foo
  # xfs_io -c 'chattr +t' /mnt/test/foo
  # xfs_io -f -c 'pwrite 0 5m' -c fsync /mnt/test/foo/bar

Or just run xfstests with MKFS_OPTIONS="-d rtinherit=1" and wait.

Kernels built with CONFIG_XFS_RT=n are not exposed to this bug.

Fixes: f538d4da8d ("[XFS] write barrier support")
Signed-off-by: Richard Wareing <rwareing@fb.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-09-13 14:09:46 -07:00
..
libxfs xfs: fix unaligned access in xfs_btree_visit_blocks 2017-06-07 12:06:03 +02:00
Kconfig xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
kmem.c xfs: more info from kmem deadlocks and high-level error msgs 2015-10-12 16:04:45 +11:00
kmem.h xfs: change kmem_free to use generic kvfree() 2015-02-02 09:54:18 +11:00
Makefile xfs: stats are no longer dependent on CONFIG_PROC_FS 2015-10-19 08:42:46 +11:00
mrlock.h
uuid.c
uuid.h
xfs.h
xfs_acl.c posix_acl: Clear SGID bit when setting file permissions 2016-10-31 04:13:58 -06:00
xfs_acl.h xfs: Fix error path in xfs_get_acl 2015-11-10 10:09:45 +11:00
xfs_aops.c xfs: don't BUG() on mixed direct and mapped I/O 2017-08-06 19:19:40 -07:00
xfs_aops.h xfs: DAX does not use IO completion callbacks 2015-11-03 12:37:02 +11:00
xfs_attr.h xfs: only return -errno or success from attr ->put_listent 2017-06-07 12:06:03 +02:00
xfs_attr_inactive.c Merge branch 'xfs-misc-fixes-for-4.2-3' into for-next 2015-06-23 08:49:01 +10:00
xfs_attr_list.c xfs: only return -errno or success from attr ->put_listent 2017-06-07 12:06:03 +02:00
xfs_bmap_util.c xfs: bad assertion for delalloc an extent that start at i_size 2017-06-07 12:06:02 +02:00
xfs_bmap_util.h xfs: Add support FALLOC_FL_INSERT_RANGE for fallocate 2015-03-25 15:08:56 +11:00
xfs_buf.c xfs: fix up quotacheck buffer list error handling 2017-06-07 12:06:02 +02:00
xfs_buf.h xfs: fix up quotacheck buffer list error handling 2017-06-07 12:06:02 +02:00
xfs_buf_item.c Merge branch 'xfs-misc-fixes-for-4.3-3' into for-next 2015-08-25 10:13:35 +10:00
xfs_buf_item.h xfs: fix non-debug build warnings 2015-08-25 10:05:13 +10:00
xfs_dir2_readdir.c xfs: prevent multi-fsb dir readahead from reading random blocks 2017-06-07 12:06:02 +02:00
xfs_discard.c xfs: pass mp to XFS_WANT_CORRUPTED_GOTO 2015-02-23 22:39:08 +11:00
xfs_discard.h
xfs_dquot.c xfs: per-filesystem stats counter implementation 2015-10-12 18:21:22 +11:00
xfs_dquot.h xfs: fix implicit bool to int conversion 2015-01-09 10:48:58 +11:00
xfs_dquot_item.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_dquot_item.h
xfs_error.c xfs: print name of verifier if it fails 2016-06-07 18:14:38 -07:00
xfs_error.h xfs: remove inst_t 2015-06-22 09:44:02 +10:00
xfs_export.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
xfs_export.h
xfs_extent_busy.c xfs: merge xfs_ag.h into xfs_format.h 2014-11-28 14:25:04 +11:00
xfs_extent_busy.h
xfs_extfree_item.c xfs: add helper to conditionally remove items from the AIL 2015-08-19 10:01:08 +10:00
xfs_extfree_item.h xfs: fix efi/efd error handling to avoid fs shutdown hangs 2015-08-19 09:51:16 +10:00
xfs_file.c fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
xfs_filestream.c xfs: clean up XFS_MIN_FREELIST macros 2015-06-22 10:13:30 +10:00
xfs_filestream.h
xfs_fsops.c xfs: Don't wrap growfs AGFL indexes 2016-06-07 18:14:38 -07:00
xfs_fsops.h
xfs_globals.c xfs: export log_recovery_delay to delay mount time log recovery 2014-09-09 11:56:13 +10:00
xfs_icache.c xfs: update ag iterator to support wait on new inodes 2017-06-07 12:06:02 +02:00
xfs_icache.h xfs: update ag iterator to support wait on new inodes 2017-06-07 12:06:02 +02:00
xfs_icreate_item.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_icreate_item.h
xfs_inode.c xfs: skip stale inodes in xfs_iflush_cluster 2016-06-07 18:14:38 -07:00
xfs_inode.h xfs: support ability to wait on new inodes 2017-06-07 12:06:02 +02:00
xfs_inode_item.c xfs: optimise away log forces on timestamp updates for fdatasync 2015-11-03 13:14:59 +11:00
xfs_inode_item.h xfs: optimise away log forces on timestamp updates for fdatasync 2015-11-03 13:14:59 +11:00
xfs_ioctl.c xfs: in _attrlist_by_handle, copy the cursor back to userspace 2017-06-07 12:06:03 +02:00
xfs_ioctl.h
xfs_ioctl32.c xfs: prefix XATTR_LIST_MAX with XFS_ 2015-10-12 16:02:56 +11:00
xfs_ioctl32.h xfs: compat_xfs_bstat does not have forkoff 2014-10-02 09:17:58 +10:00
xfs_iomap.c Merge branch 'xfs-dax-updates' into for-next 2015-11-03 13:28:41 +11:00
xfs_iomap.h xfs: pass a 64-bit count argument to xfs_iomap_write_unwritten 2015-01-09 10:48:12 +11:00
xfs_iops.c xfs: per-filesystem stats counter implementation 2015-10-12 18:21:22 +11:00
xfs_iops.h xfs: inodes are new until the dentry cache is set up 2015-02-23 22:38:08 +11:00
xfs_itable.c xfs: fix btree cursor error cleanups 2015-08-19 10:00:53 +10:00
xfs_itable.h xfs: bulkstat chunk formatting cursor is broken 2014-11-07 08:30:30 +11:00
xfs_linux.h xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present 2017-09-13 14:09:46 -07:00
xfs_log.c Merge branch 'xfs-logging-fixes' into for-next 2015-10-12 18:37:58 +11:00
xfs_log.h xfs: validate metadata LSNs against log on v5 superblocks 2015-10-12 15:59:25 +11:00
xfs_log_cil.c xfs: close xc_cil list_empty() races with cil commit sequence 2015-07-29 11:51:01 +10:00
xfs_log_priv.h xfs: validate metadata LSNs against log on v5 superblocks 2015-10-12 15:59:25 +11:00
xfs_log_recover.c xfs: set AGI buffer type in xlog_recover_clear_agi_bucket 2017-01-06 11:16:17 +01:00
xfs_message.c xfs: more info from kmem deadlocks and high-level error msgs 2015-10-12 16:04:45 +11:00
xfs_message.h
xfs_mount.c Merge branch 'xfs-misc-fixes-for-4.4-2' into for-next 2015-11-03 13:27:58 +11:00
xfs_mount.h Merge branch 'xfs-dax-updates' into for-next 2015-11-03 13:28:41 +11:00
xfs_mru_cache.c xfs: xfs_mru_cache_insert() should use GFP_NOFS 2015-03-25 14:57:53 +11:00
xfs_mru_cache.h
xfs_pnfs.c xfs: add missing ilock around dio write last extent alignment 2015-10-12 15:34:20 +11:00
xfs_pnfs.h xfs: unlock i_mutex in xfs_break_layouts 2015-04-13 11:38:29 +10:00
xfs_qm.c xfs: fix up quotacheck buffer list error handling 2017-06-07 12:06:02 +02:00
xfs_qm.h xfs: Convert to using ->get_state callback 2015-03-04 16:06:36 +01:00
xfs_qm_bhv.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_qm_syscalls.c xfs: wait on new inodes during quotaoff dquot release 2017-06-07 12:06:02 +02:00
xfs_quota.h xfs: fix quota block reservation leak when tp allocates and frees blocks 2015-06-01 07:15:37 +10:00
xfs_quotaops.c xfs: Add support for Q_SETINFO 2015-03-04 16:06:38 +01:00
xfs_rtalloc.c xfs: add missing bmap cancel calls in error paths 2015-08-19 10:01:40 +10:00
xfs_rtalloc.h xfs: combine xfs_rtmodify_summary and xfs_rtget_summary 2014-09-09 11:58:42 +10:00
xfs_stats.c xfs: stats are no longer dependent on CONFIG_PROC_FS 2015-10-19 08:42:46 +11:00
xfs_stats.h xfs: per-filesystem stats counter implementation 2015-10-12 18:21:22 +11:00
xfs_super.c xfs: disallow rw remount on fs with unknown ro-compat features 2016-06-07 18:14:38 -07:00
xfs_super.h xfs: Remove icsb infrastructure 2015-02-23 21:22:31 +11:00
xfs_symlink.c Merge branch 'xfs-misc-fixes-for-4.3-2' into for-next 2015-08-20 09:28:45 +10:00
xfs_symlink.h
xfs_sysctl.c xfs: pass xfsstats structures to handlers and macros 2015-10-12 05:19:45 +11:00
xfs_sysctl.h xfs: export log_recovery_delay to delay mount time log recovery 2014-09-09 11:56:13 +10:00
xfs_sysfs.c xfs: pass xfsstats structures to handlers and macros 2015-10-12 05:19:45 +11:00
xfs_sysfs.h xfs: create global stats and stats_clear in sysfs 2015-10-12 05:15:45 +11:00
xfs_trace.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_trace.h Merge branch 'xfs-dax-updates' into for-next 2015-11-03 13:28:41 +11:00
xfs_trans.c xfs: per-filesystem stats counter implementation 2015-10-12 18:21:22 +11:00
xfs_trans.h xfs: ensure EFD trans aborts on log recovery extent free failure 2015-08-19 09:51:43 +10:00
xfs_trans_ail.c Revert "xfs: clear PF_NOFREEZE for xfsaild kthread" 2016-02-25 12:01:24 -08:00
xfs_trans_buf.c xfs: only trace buffer items if they exist 2015-02-10 09:23:40 +11:00
xfs_trans_dquot.c xfs: Clean up xfs_trans_dup_dqinfo 2015-06-01 10:50:00 +10:00
xfs_trans_extfree.c xfs: ensure EFD trans aborts on log recovery extent free failure 2015-08-19 09:51:43 +10:00
xfs_trans_inode.c xfs: optimise away log forces on timestamp updates for fdatasync 2015-11-03 13:14:59 +11:00
xfs_trans_priv.h xfs: add helper to conditionally remove items from the AIL 2015-08-19 10:01:08 +10:00
xfs_xattr.c Make __xfs_xattr_put_listen preperly report errors. 2017-06-14 13:16:27 +02:00