leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12e4a381c5
linux/fs/xfs
History
Darrick J. Wong 12e4a381c5 xfs: fix getfsmap userspace memory corruption while setting OF_LAST 
At the end of a getfsmap call, we will set FMR_OF_LAST in the last
struct fsmap that was handed in by userspace if we've truly run out of
space mapping record (as opposed to simply running out of space in the
user array).  Unfortunately, fmh_entries is the wrong check for whether
or not we've filled out anything in the user array because the ioctl
provides that fmh_count==0 sets fmh_entries without filling out the user
array.  Therefore we end up writing things into user memory areas that we
weren't given, and kaboom.

Since Christoph amended the getfsmap structure to track the number of
fsmap entries we've actually filled out, use that as part of deciding if
we have to set the OF_LAST flag.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2017-04-25 09:40:42 -07:00
..
libxfs xfs: simplify validation of the unwritten extent bit 2017-04-25 09:40:41 -07:00
Kconfig xfs: implement iomap based buffered write path 2016-06-21 09:53:44 +10:00
kmem.c xfs: remove kmem_zalloc_greedy 2017-03-07 20:10:50 -08:00
kmem.h xfs: remove kmem_zalloc_greedy 2017-03-07 20:10:50 -08:00
Makefile xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
mrlock.h
uuid.c
uuid.h
xfs_acl.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 20:16:43 -07:00
xfs_acl.h xfs: Change how listxattr generates synthetic attributes 2015-12-06 21:34:16 -05:00
xfs_aops.c xfs: remove the ISUNWRITTEN macro 2017-04-03 15:18:16 -07:00
xfs_aops.h xfs: use iomap_dio_rw 2016-11-30 14:37:15 +11:00
xfs_attr_inactive.c xfs: make several functions static 2016-06-01 17:38:15 +10:00
xfs_attr_list.c xfs: several xattr functions can be void 2016-12-05 12:32:14 +11:00
xfs_attr.h xfs: several xattr functions can be void 2016-12-05 12:32:14 +11:00
xfs_bmap_item.c xfs: when replaying bmap operations, don't let unlinked inodes get reaped 2016-10-04 11:05:44 -07:00
xfs_bmap_item.h xfs: log bmap intent items 2016-10-04 11:05:44 -07:00
xfs_bmap_util.c xfs: more do_div cleanups 2017-04-25 09:40:41 -07:00
xfs_bmap_util.h xfs: remove unused full argument from bmap 2017-01-30 16:32:25 -08:00
xfs_buf_item.c xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t 2017-02-03 14:39:07 -08:00
xfs_buf_item.h xfs: fix non-debug build warnings 2015-08-25 10:05:13 +10:00
xfs_buf.c sched/headers: Prepare to move the memalloc_noio_*() APIs to <linux/sched/mm.h> 2017-03-02 08:42:33 +01:00
xfs_buf.h xfs: Remove obsolete declaration of xfs_buf_get_empty 2017-04-03 15:18:16 -07:00
xfs_dir2_readdir.c xfs: prevent multi-fsb dir readahead from reading random blocks 2017-04-25 09:40:40 -07:00
xfs_discard.c xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_discard.h xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_dquot_item.c xfs: allocate log vector buffers outside CIL context lock 2016-07-22 09:52:35 +10:00
xfs_dquot_item.h
xfs_dquot.c xfs: don't wrap ID in xfs_dq_get_next_id 2017-01-17 11:43:38 -08:00
xfs_dquot.h
xfs_error.c Merge branch 'xfs-4.8-misc-fixes-3' into for-next 2016-07-20 11:51:08 +10:00
xfs_error.h xfs: simulate per-AG reservations being critically low 2016-10-05 16:26:31 -07:00
xfs_export.c xfs: abstract block export operations from nfsd layouts 2016-07-15 15:31:29 -04:00
xfs_export.h
xfs_extent_busy.c xfs: fix len comparison in xfs_extent_busy_trim 2017-02-16 17:20:12 -08:00
xfs_extent_busy.h xfs: improve handling of busy extents in the low-level allocator 2017-02-09 10:50:25 -08:00
xfs_extfree_item.c xfs: remove unnecessary parentheses from log redo item recovery functions 2016-08-03 12:29:32 +10:00
xfs_extfree_item.h xfs: refactor redo intent item processing 2016-08-03 11:23:49 +10:00
xfs_file.c fs: add i_blocksize() 2017-02-27 18:43:46 -08:00
xfs_filestream.c Merge branch 'xfs-4.9-log-recovery-fixes' into for-next 2016-10-03 09:56:28 +11:00
xfs_filestream.h
xfs_fsmap.c xfs: use NULL instead of 0 to initialize a pointer in xfs_getfsmap 2017-04-25 09:40:41 -07:00
xfs_fsmap.h xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_fsops.c xfs: remove boilerplate around xfs_btree_init_block 2017-01-30 16:32:24 -08:00
xfs_fsops.h xfs: preallocate blocks for worst-case btree expansion 2016-10-05 16:26:27 -07:00
xfs_globals.c xfs: garbage collect old cowextsz reservations 2016-10-05 16:26:28 -07:00
xfs_icache.c xfs: only reclaim unwritten COW extents periodically 2017-03-07 16:45:58 -08:00
xfs_icache.h xfs: sync eofblocks scans under iolock are livelock prone 2017-01-30 16:32:25 -08:00
xfs_icreate_item.c fs: xfs: xfs_icreate_item: constify xfs_item_ops structure 2016-11-28 14:57:42 +11:00
xfs_icreate_item.h
xfs_inode_item.c xfs: provide helper for counting extents from if_bytes 2016-11-08 12:59:42 +11:00
xfs_inode_item.h xfs: remove timestamps from incore inode 2016-02-09 16:54:58 +11:00
xfs_inode.c xfs: drop iolock from reclaim context to appease lockdep 2017-04-12 08:43:23 -07:00
xfs_inode.h xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_ioctl32.c xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_ioctl32.h
xfs_ioctl.c xfs: fix getfsmap userspace memory corruption while setting OF_LAST 2017-04-25 09:40:42 -07:00
xfs_ioctl.h xfs: don't pass ioflags around in the ioctl path 2016-07-20 11:29:35 +10:00
xfs_iomap.c xfs: actually report xattr extents via iomap 2017-04-06 16:00:39 -07:00
xfs_iomap.h xfs: introduce xfs_aligned_fsb_count 2017-02-06 17:47:46 -08:00
xfs_iops.c statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
xfs_iops.h xfs: Propagate dentry down to inode_change_ok() 2016-09-22 10:56:19 +02:00
xfs_itable.c xfs: fix kernel memory exposure problems 2017-04-03 15:18:15 -07:00
xfs_itable.h
xfs_linux.h xfs: remove custom do_div implementations 2017-04-12 08:42:51 -07:00
xfs_log_cil.c xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_log_priv.h xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_log_recover.c Merge branch 'xfs-4.10-misc-fixes-3' into for-next 2016-12-07 17:42:30 +11:00
xfs_log.c xfs: corruption needs to respect endianess too! 2017-04-25 09:40:42 -07:00
xfs_log.h xfs: remove unused struct declarations 2017-01-30 16:32:25 -08:00
xfs_message.c xfs: more info from kmem deadlocks and high-level error msgs 2015-10-12 16:04:45 +11:00
xfs_message.h
xfs_mount.c xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask 2017-03-07 20:10:50 -08:00
xfs_mount.h xfs: more do_div cleanups 2017-04-25 09:40:41 -07:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_ondisk.h xfs: define the on-disk refcount btree format 2016-10-03 09:11:18 -07:00
xfs_pnfs.c xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_pnfs.h xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_qm_bhv.c
xfs_qm_syscalls.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_qm.c xfs: remove use of do_div with 32-bit dividend in quota 2017-04-25 09:40:41 -07:00
xfs_qm.h xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_quota.h xfs: fix quota block reservation leak when tp allocates and frees blocks 2015-06-01 07:15:37 +10:00
xfs_quotaops.c xfs: wire up Q_XGETNEXTQUOTA / get_nextdqblk 2016-02-08 11:27:38 +11:00
xfs_refcount_item.c xfs: fix double-cleanup when CUI recovery fails 2017-01-03 18:39:32 -08:00
xfs_refcount_item.h xfs: log refcount intent items 2016-10-03 09:11:21 -07:00
xfs_reflink.c xfs: factor out a xfs_bmap_is_real_extent helper 2017-04-03 15:18:16 -07:00
xfs_reflink.h xfs: only reclaim unwritten COW extents periodically 2017-03-07 16:45:58 -08:00
xfs_rmap_item.c xfs: convert unwritten status of reverse mappings for shared files 2016-10-05 16:26:29 -07:00
xfs_rmap_item.h xfs: convert RUI log formats to use variable length arrays 2016-09-19 10:24:27 +10:00
xfs_rtalloc.c xfs: simplify xfs_rtallocate_extent 2017-02-17 16:52:52 -08:00
xfs_rtalloc.h xfs: add a couple of queries to iterate free extents in the rtbitmap 2017-04-03 15:18:17 -07:00
xfs_stats.c xfs: make xfs btree stats less huge 2016-12-05 14:38:58 +11:00
xfs_stats.h xfs: make xfs btree stats less huge 2016-12-05 14:38:58 +11:00
xfs_super.c xfs: use dedicated log worker wq to avoid deadlock with cil wq 2017-04-03 15:18:15 -07:00
xfs_super.h xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_symlink.c xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_symlink.h
xfs_sysctl.c xfs: garbage collect old cowextsz reservations 2016-10-05 16:26:28 -07:00
xfs_sysctl.h xfs: garbage collect old cowextsz reservations 2016-10-05 16:26:28 -07:00
xfs_sysfs.c xfs: resurrect debug mode drop buffered writes mechanism 2017-02-16 17:19:15 -08:00
xfs_sysfs.h xfs: configurable error behavior via sysfs 2016-05-18 10:58:51 +10:00
xfs_trace.c xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_trace.h xfs: remove the trailing newline used in the fmt parameter of TP_printk 2017-04-25 09:40:40 -07:00
xfs_trans_ail.c xfs: Make xfsaild freezeable again 2016-02-08 14:59:07 +11:00
xfs_trans_bmap.c xfs: implement deferred bmbt map/unmap operations 2016-10-04 11:05:44 -07:00
xfs_trans_buf.c xfs: remove XBF_STALE flag wrapper macros 2016-02-10 15:01:11 +11:00
xfs_trans_dquot.c xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_trans_extfree.c xfs: set up per-AG free space reservations 2016-09-19 10:30:52 +10:00
xfs_trans_inode.c fs: Replace current_fs_time() with current_time() 2016-09-27 21:06:22 -04:00
xfs_trans_priv.h xfs: add helper to conditionally remove items from the AIL 2015-08-19 10:01:08 +10:00
xfs_trans_refcount.c xfs: connect refcount adjust functions to upper layers 2016-10-03 09:11:22 -07:00
xfs_trans_rmap.c xfs: add shared rmap map/unmap/convert log item types 2016-10-05 16:26:29 -07:00
xfs_trans.c xfs: fold __xfs_trans_roll into xfs_trans_roll 2017-04-06 16:00:11 -07:00
xfs_trans.h xfs: fold __xfs_trans_roll into xfs_trans_roll 2017-04-06 16:00:11 -07:00
xfs_xattr.c xfs: several xattr functions can be void 2016-12-05 12:32:14 +11:00
xfs.h