- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5011c5a663b9c6d6aff3d394f11049b371199627 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dancarpenter(a)oracle.com> Date: Wed, 17 Feb 2021 09:04:34 +0300 Subject: [PATCH] btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl The problem is we're copying "inherit" from user space but we don't necessarily know that we're copying enough data for a 64 byte struct. Then the next problem is that 'inherit' has a variable size array at the end, and we have to verify that array is the size we expected. Fixes: 6f72c7e20dba ("Btrfs: add qgroup inheritance") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index a8c60d46d19c..1b837c08ca90 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1935,7 +1935,10 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, if (vol_args->flags & BTRFS_SUBVOL_RDONLY) readonly = true; if (vol_args->flags & BTRFS_SUBVOL_QGROUP_INHERIT) { - if (vol_args->size > PAGE_SIZE) { + u64 nums; + + if (vol_args->size < sizeof(*inherit) || + vol_args->size > PAGE_SIZE) { ret = -EINVAL; goto free_args; } @@ -1944,6 +1947,20 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, ret = PTR_ERR(inherit); goto free_args; } + + if (inherit->num_qgroups > PAGE_SIZE || + inherit->num_ref_copies > PAGE_SIZE || + inherit->num_excl_copies > PAGE_SIZE) { + ret = -EINVAL; + goto free_inherit; + } + + nums = inherit->num_qgroups + 2 * inherit->num_ref_copies + + 2 * inherit->num_excl_copies; + if (vol_args->size != struct_size(inherit, qgroups, nums)) { + ret = -EINVAL; + goto free_inherit; + } } ret = __btrfs_ioctl_snap_create(file, vol_args->name, vol_args->fd,

4 years, 7 months

1
0
0 0

stable/linux-4.19.y build: 205 builds: 0 failed, 205 passed, 85 warnings (v4.19.179)

by kernelci.org bot

stable/linux-4.19.y build: 205 builds: 0 failed, 205 passed, 85 warnings (v4.19.179) Full Build Summary: https://kernelci.org/build/stable/branch/linux-4.19.y/kernel/v4.19.179/ Tree: stable Branch: linux-4.19.y Git Describe: v4.19.179 Git Commit: 2cae3e25b70668fd413311277d56b6fe41900789 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Built: 7 unique architectures Warnings Detected: arc: allnoconfig (gcc-8): 1 warning axs103_defconfig (gcc-8): 1 warning axs103_smp_defconfig (gcc-8): 1 warning haps_hs_defconfig (gcc-8): 1 warning haps_hs_smp_defconfig (gcc-8): 1 warning hsdk_defconfig (gcc-8): 1 warning nsim_hs_defconfig (gcc-8): 1 warning nsim_hs_smp_defconfig (gcc-8): 1 warning nsimosci_hs_defconfig (gcc-8): 1 warning nsimosci_hs_smp_defconfig (gcc-8): 1 warning tinyconfig (gcc-8): 1 warning vdk_hs38_defconfig (gcc-8): 1 warning vdk_hs38_smp_defconfig (gcc-8): 1 warning arm64: allnoconfig (gcc-8): 1 warning tinyconfig (gcc-8): 1 warning arm: allnoconfig (gcc-8): 1 warning am200epdkit_defconfig (gcc-8): 1 warning clps711x_defconfig (gcc-8): 1 warning cm_x2xx_defconfig (gcc-8): 1 warning colibri_pxa300_defconfig (gcc-8): 1 warning corgi_defconfig (gcc-8): 1 warning efm32_defconfig (gcc-8): 1 warning eseries_pxa_defconfig (gcc-8): 1 warning h5000_defconfig (gcc-8): 1 warning integrator_defconfig (gcc-8): 1 warning lpc32xx_defconfig (gcc-8): 1 warning lpd270_defconfig (gcc-8): 1 warning lubbock_defconfig (gcc-8): 1 warning magician_defconfig (gcc-8): 1 warning mainstone_defconfig (gcc-8): 1 warning multi_v7_defconfig (gcc-8): 1 warning palmz72_defconfig (gcc-8): 1 warning pcm027_defconfig (gcc-8): 1 warning prima2_defconfig (gcc-8): 1 warning pxa168_defconfig (gcc-8): 1 warning pxa255-idp_defconfig (gcc-8): 1 warning pxa3xx_defconfig (gcc-8): 1 warning pxa910_defconfig (gcc-8): 1 warning raumfeld_defconfig (gcc-8): 1 warning s3c2410_defconfig (gcc-8): 1 warning s3c6400_defconfig (gcc-8): 1 warning s5pv210_defconfig (gcc-8): 1 warning spitz_defconfig (gcc-8): 1 warning stm32_defconfig (gcc-8): 1 warning sunxi_defconfig (gcc-8): 1 warning tango4_defconfig (gcc-8): 1 warning tct_hammer_defconfig (gcc-8): 1 warning tinyconfig (gcc-8): 1 warning vf610m4_defconfig (gcc-8): 1 warning viper_defconfig (gcc-8): 1 warning vt8500_v6_v7_defconfig (gcc-8): 1 warning xcep_defconfig (gcc-8): 1 warning zeus_defconfig (gcc-8): 1 warning i386: mips: allnoconfig (gcc-8): 1 warning db1xxx_defconfig (gcc-8): 1 warning gcw0_defconfig (gcc-8): 1 warning jmr3927_defconfig (gcc-8): 1 warning lemote2f_defconfig (gcc-8): 1 warning loongson3_defconfig (gcc-8): 2 warnings malta_defconfig (gcc-8): 1 warning malta_kvm_guest_defconfig (gcc-8): 1 warning malta_qemu_32r6_defconfig (gcc-8): 2 warnings maltaaprp_defconfig (gcc-8): 1 warning maltasmvp_defconfig (gcc-8): 1 warning maltasmvp_eva_defconfig (gcc-8): 1 warning maltaup_defconfig (gcc-8): 1 warning maltaup_xpa_defconfig (gcc-8): 1 warning nlm_xlp_defconfig (gcc-8): 1 warning pic32mzda_defconfig (gcc-8): 1 warning tinyconfig (gcc-8): 1 warning riscv: allnoconfig (gcc-8): 4 warnings defconfig (gcc-8): 4 warnings tinyconfig (gcc-8): 4 warnings x86_64: tinyconfig (gcc-8): 1 warning Warnings summary: 68 drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] 3 net/core/rtnetlink.c:3191:1: warning: the frame size of 1312 bytes is larger than 1024 bytes [-Wframe-larger-than=] 3 ./include/linux/of_clk.h:13:31: warning: ‘struct of_device_id’ declared inside parameter list will not be visible outside of this definition or declaration 3 ./include/linux/of_clk.h:12:43: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration 3 ./include/linux/of_clk.h:11:45: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration 2 arch/arm/boot/dts/sun8i-h3-beelink-x2.dtb: Warning (clocks_property): /wifi_pwrseq: Missing property '#clock-cells' in node /soc/rtc@1f00000 or bad phandle (referred from clocks[0]) 1 {standard input}:131: Warning: macro instruction expanded into multiple instructions 1 arch/mips/configs/loongson3_defconfig:55:warning: symbol value 'm' invalid for HOTPLUG_PCI_SHPC 1 .config:1010:warning: override: UNWINDER_GUESS changes choice state ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_tiny_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- allnoconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- allnoconfig (riscv, gcc-8) — PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: ./include/linux/of_clk.h:11:45: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:12:43: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:13:31: warning: ‘struct of_device_id’ declared inside parameter list will not be visible outside of this definition or declaration drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- allnoconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- allnoconfig (arm64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- at91_dt_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bigsur_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- capcella_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- clps711x_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- cm_x2xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cns3420vb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- corgi_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (riscv, gcc-8) — PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: ./include/linux/of_clk.h:11:45: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:12:43: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:13:31: warning: ‘struct of_device_id’ declared inside parameter list will not be visible outside of this definition or declaration drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- dove_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ep93xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gcw0_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- iop13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop33x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jazz_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ks8695_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: net/core/rtnetlink.c:3191:1: warning: the frame size of 1312 bytes is larger than 1024 bytes [-Wframe-larger-than=] -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: arch/mips/configs/loongson3_defconfig:55:warning: symbol value 'm' invalid for HOTPLUG_PCI_SHPC net/core/rtnetlink.c:3191:1: warning: the frame size of 1312 bytes is larger than 1024 bytes [-Wframe-larger-than=] -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- lubbock_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- magician_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_guest_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: {standard input}:131: Warning: macro instruction expanded into multiple instructions drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mps2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/arm/boot/dts/sun8i-h3-beelink-x2.dtb: Warning (clocks_property): /wifi_pwrseq: Missing property '#clock-cells' in node /soc/rtc@1f00000 or bad phandle (referred from clocks[0]) -------------------------------------------------------------------------------- mv78xx0_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- neponset_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: net/core/rtnetlink.c:3191:1: warning: the frame size of 1312 bytes is larger than 1024 bytes [-Wframe-larger-than=] -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- nsim_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- nuc910_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc950_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc960_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- oxnas_v6_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pistachio_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- raumfeld_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/arm/boot/dts/sun8i-h3-beelink-x2.dtb: Warning (clocks_property): /wifi_pwrseq: Missing property '#clock-cells' in node /soc/rtc@1f00000 or bad phandle (referred from clocks[0]) -------------------------------------------------------------------------------- tango4_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tinyconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tinyconfig (arm64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tinyconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (riscv, gcc-8) — PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: ./include/linux/of_clk.h:11:45: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:12:43: warning: ‘struct device_node’ declared inside parameter list will not be visible outside of this definition or declaration ./include/linux/of_clk.h:13:31: warning: ‘struct of_device_id’ declared inside parameter list will not be visible outside of this definition or declaration drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tinyconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: .config:1010:warning: override: UNWINDER_GUESS changes choice state -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vf610m4_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- xway_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable] -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race between extent freeing/allocation when using" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c17916510428dbccdf657de050c34e208347089 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Mon, 8 Feb 2021 10:26:54 +0200 Subject: [PATCH] btrfs: fix race between extent freeing/allocation when using bitmaps During allocation the allocator will try to allocate an extent using cluster policy. Once the current cluster is exhausted it will remove the entry under btrfs_free_cluster::lock and subsequently acquire btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem because there exists a race condition between removing the entry under one lock and doing the necessary accounting holding a different lock since extent freeing only uses the 2nd lock. This can result in the following situation: T1: T2: btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock> if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) { rb_erase(entry) spin_unlock(&cluster->lock); (total_bitmaps is still 4) spin_lock(&cluster->lock); <doesn't find entry in cluster->root> spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds <blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap> recalculate_thresholds <crashes, due to total_bitmaps becoming 5 and triggering an ASSERT> To fix this ensure that once depleted, the cluster entry is deleted when both cluster lock and tree locks are held in the allocator (T1), this ensures that even if there is a race with a concurrent insert_into_bitmap call it will correctly find the entry in the cluster and add the new space to it. CC: <stable(a)vger.kernel.org> # 4.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 5400294bd271..abcf951e6b44 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3125,8 +3125,6 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, entry->bytes -= bytes; } - if (entry->bytes == 0) - rb_erase(&entry->offset_index, &cluster->root); break; } out: @@ -3143,7 +3141,10 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, ctl->free_space -= bytes; if (!entry->bitmap && !btrfs_free_space_trimmed(entry)) ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes; + + spin_lock(&cluster->lock); if (entry->bytes == 0) { + rb_erase(&entry->offset_index, &cluster->root); ctl->free_extents--; if (entry->bitmap) { kmem_cache_free(btrfs_free_space_bitmap_cachep, @@ -3156,6 +3157,7 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, kmem_cache_free(btrfs_free_space_cachep, entry); } + spin_unlock(&cluster->lock); spin_unlock(&ctl->tree_lock); return ret;

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race between extent freeing/allocation when using" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c17916510428dbccdf657de050c34e208347089 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Mon, 8 Feb 2021 10:26:54 +0200 Subject: [PATCH] btrfs: fix race between extent freeing/allocation when using bitmaps During allocation the allocator will try to allocate an extent using cluster policy. Once the current cluster is exhausted it will remove the entry under btrfs_free_cluster::lock and subsequently acquire btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem because there exists a race condition between removing the entry under one lock and doing the necessary accounting holding a different lock since extent freeing only uses the 2nd lock. This can result in the following situation: T1: T2: btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock> if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) { rb_erase(entry) spin_unlock(&cluster->lock); (total_bitmaps is still 4) spin_lock(&cluster->lock); <doesn't find entry in cluster->root> spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds <blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap> recalculate_thresholds <crashes, due to total_bitmaps becoming 5 and triggering an ASSERT> To fix this ensure that once depleted, the cluster entry is deleted when both cluster lock and tree locks are held in the allocator (T1), this ensures that even if there is a race with a concurrent insert_into_bitmap call it will correctly find the entry in the cluster and add the new space to it. CC: <stable(a)vger.kernel.org> # 4.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 5400294bd271..abcf951e6b44 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3125,8 +3125,6 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, entry->bytes -= bytes; } - if (entry->bytes == 0) - rb_erase(&entry->offset_index, &cluster->root); break; } out: @@ -3143,7 +3141,10 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, ctl->free_space -= bytes; if (!entry->bitmap && !btrfs_free_space_trimmed(entry)) ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes; + + spin_lock(&cluster->lock); if (entry->bytes == 0) { + rb_erase(&entry->offset_index, &cluster->root); ctl->free_extents--; if (entry->bitmap) { kmem_cache_free(btrfs_free_space_bitmap_cachep, @@ -3156,6 +3157,7 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, kmem_cache_free(btrfs_free_space_cachep, entry); } + spin_unlock(&cluster->lock); spin_unlock(&ctl->tree_lock); return ret;

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race between extent freeing/allocation when using" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c17916510428dbccdf657de050c34e208347089 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Mon, 8 Feb 2021 10:26:54 +0200 Subject: [PATCH] btrfs: fix race between extent freeing/allocation when using bitmaps During allocation the allocator will try to allocate an extent using cluster policy. Once the current cluster is exhausted it will remove the entry under btrfs_free_cluster::lock and subsequently acquire btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem because there exists a race condition between removing the entry under one lock and doing the necessary accounting holding a different lock since extent freeing only uses the 2nd lock. This can result in the following situation: T1: T2: btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock> if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) { rb_erase(entry) spin_unlock(&cluster->lock); (total_bitmaps is still 4) spin_lock(&cluster->lock); <doesn't find entry in cluster->root> spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds <blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap> recalculate_thresholds <crashes, due to total_bitmaps becoming 5 and triggering an ASSERT> To fix this ensure that once depleted, the cluster entry is deleted when both cluster lock and tree locks are held in the allocator (T1), this ensures that even if there is a race with a concurrent insert_into_bitmap call it will correctly find the entry in the cluster and add the new space to it. CC: <stable(a)vger.kernel.org> # 4.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 5400294bd271..abcf951e6b44 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3125,8 +3125,6 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, entry->bytes -= bytes; } - if (entry->bytes == 0) - rb_erase(&entry->offset_index, &cluster->root); break; } out: @@ -3143,7 +3141,10 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, ctl->free_space -= bytes; if (!entry->bitmap && !btrfs_free_space_trimmed(entry)) ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes; + + spin_lock(&cluster->lock); if (entry->bytes == 0) { + rb_erase(&entry->offset_index, &cluster->root); ctl->free_extents--; if (entry->bitmap) { kmem_cache_free(btrfs_free_space_bitmap_cachep, @@ -3156,6 +3157,7 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, kmem_cache_free(btrfs_free_space_cachep, entry); } + spin_unlock(&cluster->lock); spin_unlock(&ctl->tree_lock); return ret;

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race between extent freeing/allocation when using" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c17916510428dbccdf657de050c34e208347089 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Mon, 8 Feb 2021 10:26:54 +0200 Subject: [PATCH] btrfs: fix race between extent freeing/allocation when using bitmaps During allocation the allocator will try to allocate an extent using cluster policy. Once the current cluster is exhausted it will remove the entry under btrfs_free_cluster::lock and subsequently acquire btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem because there exists a race condition between removing the entry under one lock and doing the necessary accounting holding a different lock since extent freeing only uses the 2nd lock. This can result in the following situation: T1: T2: btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock> if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) { rb_erase(entry) spin_unlock(&cluster->lock); (total_bitmaps is still 4) spin_lock(&cluster->lock); <doesn't find entry in cluster->root> spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds <blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap> recalculate_thresholds <crashes, due to total_bitmaps becoming 5 and triggering an ASSERT> To fix this ensure that once depleted, the cluster entry is deleted when both cluster lock and tree locks are held in the allocator (T1), this ensures that even if there is a race with a concurrent insert_into_bitmap call it will correctly find the entry in the cluster and add the new space to it. CC: <stable(a)vger.kernel.org> # 4.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 5400294bd271..abcf951e6b44 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3125,8 +3125,6 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, entry->bytes -= bytes; } - if (entry->bytes == 0) - rb_erase(&entry->offset_index, &cluster->root); break; } out: @@ -3143,7 +3141,10 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, ctl->free_space -= bytes; if (!entry->bitmap && !btrfs_free_space_trimmed(entry)) ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes; + + spin_lock(&cluster->lock); if (entry->bytes == 0) { + rb_erase(&entry->offset_index, &cluster->root); ctl->free_extents--; if (entry->bitmap) { kmem_cache_free(btrfs_free_space_bitmap_cachep, @@ -3156,6 +3157,7 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, kmem_cache_free(btrfs_free_space_cachep, entry); } + spin_unlock(&cluster->lock); spin_unlock(&ctl->tree_lock); return ret;

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race between extent freeing/allocation when using" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c17916510428dbccdf657de050c34e208347089 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Mon, 8 Feb 2021 10:26:54 +0200 Subject: [PATCH] btrfs: fix race between extent freeing/allocation when using bitmaps During allocation the allocator will try to allocate an extent using cluster policy. Once the current cluster is exhausted it will remove the entry under btrfs_free_cluster::lock and subsequently acquire btrfs_free_space_ctl::tree_lock to dispose of the already-deleted entry and adjust btrfs_free_space_ctl::total_bitmap. This poses a problem because there exists a race condition between removing the entry under one lock and doing the necessary accounting holding a different lock since extent freeing only uses the 2nd lock. This can result in the following situation: T1: T2: btrfs_alloc_from_cluster insert_into_bitmap <holds tree_lock> if (entry->bytes == 0) if (block_group && !list_empty(&block_group->cluster_list)) { rb_erase(entry) spin_unlock(&cluster->lock); (total_bitmaps is still 4) spin_lock(&cluster->lock); <doesn't find entry in cluster->root> spin_lock(&ctl->tree_lock); <goes to new_bitmap label, adds <blocked since T2 holds tree_lock> <a new entry and calls add_new_bitmap> recalculate_thresholds <crashes, due to total_bitmaps becoming 5 and triggering an ASSERT> To fix this ensure that once depleted, the cluster entry is deleted when both cluster lock and tree locks are held in the allocator (T1), this ensures that even if there is a race with a concurrent insert_into_bitmap call it will correctly find the entry in the cluster and add the new space to it. CC: <stable(a)vger.kernel.org> # 4.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 5400294bd271..abcf951e6b44 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3125,8 +3125,6 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, entry->bytes -= bytes; } - if (entry->bytes == 0) - rb_erase(&entry->offset_index, &cluster->root); break; } out: @@ -3143,7 +3141,10 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, ctl->free_space -= bytes; if (!entry->bitmap && !btrfs_free_space_trimmed(entry)) ctl->discardable_bytes[BTRFS_STAT_CURR] -= bytes; + + spin_lock(&cluster->lock); if (entry->bytes == 0) { + rb_erase(&entry->offset_index, &cluster->root); ctl->free_extents--; if (entry->bitmap) { kmem_cache_free(btrfs_free_space_bitmap_cachep, @@ -3156,6 +3157,7 @@ u64 btrfs_alloc_from_cluster(struct btrfs_block_group *block_group, kmem_cache_free(btrfs_free_space_cachep, entry); } + spin_unlock(&cluster->lock); spin_unlock(&ctl->tree_lock); return ret;

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: do not error out if extent ref hash" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1119a72e223f3073a604f8fccb3a470ccd8a4416 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 16 Feb 2021 15:43:22 -0500 Subject: [PATCH] btrfs: tree-checker: do not error out if extent ref hash doesn't match MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The tree checker checks the extent ref hash at read and write time to make sure we do not corrupt the file system. Generally extent references go inline, but if we have enough of them we need to make an item, which looks like key.objectid = <bytenr> key.type = <BTRFS_EXTENT_DATA_REF_KEY|BTRFS_TREE_BLOCK_REF_KEY> key.offset = hash(tree, owner, offset) However if key.offset collide with an unrelated extent reference we'll simply key.offset++ until we get something that doesn't collide. Obviously this doesn't match at tree checker time, and thus we error while writing out the transaction. This is relatively easy to reproduce, simply do something like the following xfs_io -f -c "pwrite 0 1M" file offset=2 for i in {0..10000} do xfs_io -c "reflink file 0 ${offset}M 1M" file offset=$(( offset + 2 )) done xfs_io -c "reflink file 0 17999258914816 1M" file xfs_io -c "reflink file 0 35998517829632 1M" file xfs_io -c "reflink file 0 53752752058368 1M" file btrfs filesystem sync And the sync will error out because we'll abort the transaction. The magic values above are used because they generate hash collisions with the first file in the main subvol. The fix for this is to remove the hash value check from tree checker, as we have no idea which offset ours should belong to. Reported-by: Tuomas Lähdekorpi <tuomas.lahdekorpi(a)gmail.com> Fixes: 0785a9aacf9d ("btrfs: tree-checker: Add EXTENT_DATA_REF check") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ add comment] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 582061c7b547..f4ade821307d 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -1453,22 +1453,14 @@ static int check_extent_data_ref(struct extent_buffer *leaf, return -EUCLEAN; } for (; ptr < end; ptr += sizeof(*dref)) { - u64 root_objectid; - u64 owner; u64 offset; - u64 hash; + /* + * We cannot check the extent_data_ref hash due to possible + * overflow from the leaf due to hash collisions. + */ dref = (struct btrfs_extent_data_ref *)ptr; - root_objectid = btrfs_extent_data_ref_root(leaf, dref); - owner = btrfs_extent_data_ref_objectid(leaf, dref); offset = btrfs_extent_data_ref_offset(leaf, dref); - hash = hash_extent_data_ref(root_objectid, owner, offset); - if (unlikely(hash != key->offset)) { - extent_err(leaf, slot, - "invalid extent data ref hash, item has 0x%016llx key has 0x%016llx", - hash, key->offset); - return -EUCLEAN; - } if (unlikely(!IS_ALIGNED(offset, leaf->fs_info->sectorsize))) { extent_err(leaf, slot, "invalid extent data backref offset, have %llu expect aligned to %u",

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: tree-checker: do not error out if extent ref hash" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1119a72e223f3073a604f8fccb3a470ccd8a4416 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 16 Feb 2021 15:43:22 -0500 Subject: [PATCH] btrfs: tree-checker: do not error out if extent ref hash doesn't match MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The tree checker checks the extent ref hash at read and write time to make sure we do not corrupt the file system. Generally extent references go inline, but if we have enough of them we need to make an item, which looks like key.objectid = <bytenr> key.type = <BTRFS_EXTENT_DATA_REF_KEY|BTRFS_TREE_BLOCK_REF_KEY> key.offset = hash(tree, owner, offset) However if key.offset collide with an unrelated extent reference we'll simply key.offset++ until we get something that doesn't collide. Obviously this doesn't match at tree checker time, and thus we error while writing out the transaction. This is relatively easy to reproduce, simply do something like the following xfs_io -f -c "pwrite 0 1M" file offset=2 for i in {0..10000} do xfs_io -c "reflink file 0 ${offset}M 1M" file offset=$(( offset + 2 )) done xfs_io -c "reflink file 0 17999258914816 1M" file xfs_io -c "reflink file 0 35998517829632 1M" file xfs_io -c "reflink file 0 53752752058368 1M" file btrfs filesystem sync And the sync will error out because we'll abort the transaction. The magic values above are used because they generate hash collisions with the first file in the main subvol. The fix for this is to remove the hash value check from tree checker, as we have no idea which offset ours should belong to. Reported-by: Tuomas Lähdekorpi <tuomas.lahdekorpi(a)gmail.com> Fixes: 0785a9aacf9d ("btrfs: tree-checker: Add EXTENT_DATA_REF check") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ add comment] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 582061c7b547..f4ade821307d 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -1453,22 +1453,14 @@ static int check_extent_data_ref(struct extent_buffer *leaf, return -EUCLEAN; } for (; ptr < end; ptr += sizeof(*dref)) { - u64 root_objectid; - u64 owner; u64 offset; - u64 hash; + /* + * We cannot check the extent_data_ref hash due to possible + * overflow from the leaf due to hash collisions. + */ dref = (struct btrfs_extent_data_ref *)ptr; - root_objectid = btrfs_extent_data_ref_root(leaf, dref); - owner = btrfs_extent_data_ref_objectid(leaf, dref); offset = btrfs_extent_data_ref_offset(leaf, dref); - hash = hash_extent_data_ref(root_objectid, owner, offset); - if (unlikely(hash != key->offset)) { - extent_err(leaf, slot, - "invalid extent data ref hash, item has 0x%016llx key has 0x%016llx", - hash, key->offset); - return -EUCLEAN; - } if (unlikely(!IS_ALIGNED(offset, leaf->fs_info->sectorsize))) { extent_err(leaf, slot, "invalid extent data backref offset, have %llu expect aligned to %u",

4 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix stale data exposure after cloning a hole with" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3660d0bcdb82807d434da9d2e57d88b37331182d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 16 Feb 2021 11:09:25 +0000 Subject: [PATCH] btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled When using the NO_HOLES feature, if we clone a file range that spans only a hole into a range that is at or beyond the current i_size of the destination file, we end up not setting the full sync runtime flag on the inode. As a result, if we then fsync the destination file and have a power failure, after log replay we can end up exposing stale data instead of having a hole for that range. The conditions for this to happen are the following: 1) We have a file with a size of, for example, 1280K; 2) There is a written (non-prealloc) extent for the file range from 1024K to 1280K with a length of 256K; 3) This particular file extent layout is durably persisted, so that the existing superblock persisted on disk points to a subvolume root where the file has that exact file extent layout and state; 4) The file is truncated to a smaller size, to an offset lower than the start offset of its last extent, for example to 800K. The truncate sets the full sync runtime flag on the inode; 6) Fsync the file to log it and clear the full sync runtime flag; 7) Clone a region that covers only a hole (implicit hole due to NO_HOLES) into the file with a destination offset that starts at or beyond the 256K file extent item we had - for example to offset 1024K; 8) Since the clone operation does not find extents in the source range, we end up in the if branch at the bottom of btrfs_clone() where we punch a hole for the file range starting at offset 1024K by calling btrfs_replace_file_extents(). There we end up not setting the full sync flag on the inode, because we don't know we are being called in a clone context (and not fallocate's punch hole operation), and neither do we create an extent map to represent a hole because the requested range is beyond eof; 9) A further fsync to the file will be a fast fsync, since the clone operation did not set the full sync flag, and therefore it relies on modified extent maps to correctly log the file layout. But since it does not find any extent map marking the range from 1024K (the previous eof) to the new eof, it does not log a file extent item for that range representing the hole; 10) After a power failure no hole for the range starting at 1024K is punched and we end up exposing stale data from the old 256K extent. Turning this into exact steps: $ mkfs.btrfs -f -O no-holes /dev/sdi $ mount /dev/sdi /mnt # Create our test file with 3 extents of 256K and a 256K hole at offset # 256K. The file has a size of 1280K. $ xfs_io -f -s \ -c "pwrite -S 0xab -b 256K 0 256K" \ -c "pwrite -S 0xcd -b 256K 512K 256K" \ -c "pwrite -S 0xef -b 256K 768K 256K" \ -c "pwrite -S 0x73 -b 256K 1024K 256K" \ /mnt/sdi/foobar # Make sure it's durably persisted. We want the last committed super # block to point to this particular file extent layout. sync # Now truncate our file to a smaller size, falling within a position of # the second extent. This sets the full sync runtime flag on the inode. # Then fsync the file to log it and clear the full sync flag from the # inode. The third extent is no longer part of the file and therefore # it is not logged. $ xfs_io -c "truncate 800K" -c "fsync" /mnt/foobar # Now do a clone operation that only clones the hole and sets back the # file size to match the size it had before the truncate operation # (1280K). $ xfs_io \ -c "reflink /mnt/foobar 256K 1024K 256K" \ -c "fsync" \ /mnt/foobar # File data before power failure: $ od -A d -t x1 /mnt/foobar 0000000 ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab * 0262144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 0524288 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd * 0786432 ef ef ef ef ef ef ef ef ef ef ef ef ef ef ef ef * 0819200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 1310720 <power fail> # Mount the fs again to replay the log tree. $ mount /dev/sdi /mnt # File data after power failure: $ od -A d -t x1 /mnt/foobar 0000000 ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab * 0262144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 0524288 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd * 0786432 ef ef ef ef ef ef ef ef ef ef ef ef ef ef ef ef * 0819200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 1048576 73 73 73 73 73 73 73 73 73 73 73 73 73 73 73 73 * 1310720 The range from 1024K to 1280K should correspond to a hole but instead it points to stale data, to the 256K extent that should not exist after the truncate operation. The issue does not exists when not using NO_HOLES, because for that case we use file extent items to represent holes, these are found and copied during the loop that iterates over extents at btrfs_clone(), and that causes btrfs_replace_file_extents() to be called with a non-NULL extent_info argument and therefore set the full sync runtime flag on the inode. So fix this by making the code that deals with a trailing hole during cloning, at btrfs_clone(), to set the full sync flag on the inode, if the range starts at or beyond the current i_size. A test case for fstests will follow soon. Backporting notes: for kernel 5.4 the change goes to ioctl.c into btrfs_clone before the last call to btrfs_punch_hole_range. CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c index b24396cf2f99..5413578d2c32 100644 --- a/fs/btrfs/reflink.c +++ b/fs/btrfs/reflink.c @@ -553,6 +553,24 @@ static int btrfs_clone(struct inode *src, struct inode *inode, */ btrfs_release_path(path); + /* + * When using NO_HOLES and we are cloning a range that covers + * only a hole (no extents) into a range beyond the current + * i_size, punching a hole in the target range will not create + * an extent map defining a hole, because the range starts at or + * beyond current i_size. If the file previously had an i_size + * greater than the new i_size set by this clone operation, we + * need to make sure the next fsync is a full fsync, so that it + * detects and logs a hole covering a range from the current + * i_size to the new i_size. If the clone range covers extents, + * besides a hole, then we know the full sync flag was already + * set by previous calls to btrfs_replace_file_extents() that + * replaced file extent items. + */ + if (last_dest_end >= i_size_read(inode)) + set_bit(BTRFS_INODE_NEEDS_FULL_SYNC, + &BTRFS_I(inode)->runtime_flags); + ret = btrfs_replace_file_extents(inode, path, last_dest_end, destoff + len - 1, NULL, &trans); if (ret)

4 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror