lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 17 Jun 2018 17:26:37 +0100
From:   Ben Hutchings <ben.hutchings@...ethink.co.uk>
To:     Filipe Manana <fdmanana@...e.com>, David Sterba <dsterba@...e.com>,
        Sasha Levin <alexander.levin@...rosoft.com>
Cc:     stable@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 4.4 181/268] Btrfs: fix copy_items() return value when
 logging an inode

On Mon, 2018-05-28 at 12:02 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Filipe Manana <fdmanana@...e.com>
> 
> [ Upstream commit 8434ec46c6e3232cebc25a910363b29f5c617820 ]

Should stable branches also get a backport of commit
4ee3fad34a9cc2cf33303dfbd0cf554248651c86?  It looks like 4.4 and 4.9
would need a minor change (inode->root to BTRFS_I(inode)->root) but I
don't know whether that's really sufficient.

Ben.

> When logging an inode, at tree-log.c:copy_items(), if we call
> btrfs_next_leaf() at the loop which checks for the need to log holes, we
> need to make sure copy_items() returns the value 1 to its caller and
> not 0 (on success). This is because the path the caller passed was
> released and is now different from what is was before, and the caller
> expects a return value of 0 to mean both success and that the path
> has not changed, while a return value of 1 means both success and
> signals the caller that it can not reuse the path, it has to perform
> another tree search.
> 
> Even though this is a case that should not be triggered on normal
> circumstances or very rare at least, its consequences can be very
> unpredictable (especially when replaying a log tree).
> 
> Fixes: 16e7549f045d ("Btrfs: incompatible format change to remove hole extents")
> Signed-off-by: Filipe Manana <fdmanana@...e.com>
> Signed-off-by: David Sterba <dsterba@...e.com>
> Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
>  fs/btrfs/tree-log.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- a/fs/btrfs/tree-log.c
> +++ b/fs/btrfs/tree-log.c
> @@ -3835,6 +3835,7 @@ fill_holes:
>  			ASSERT(ret == 0);
>  			src = src_path->nodes[0];
>  			i = 0;
> +			need_find_last_extent = true;
>  		}
>  
>  		btrfs_item_key_to_cpu(src, &key, i);

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ