linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00

Linux kernel source tree

Go to file

Qu Wenruo b5c42ef09d btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls commit `d4e204948f` upstream. [BUG] The following script can cause btrfs qgroup data space leak: mkfs.btrfs -f $dev mount $dev -o nospace_cache $mnt btrfs subv create $mnt/subv btrfs quota en $mnt btrfs quota rescan -w $mnt btrfs qgroup limit 128m $mnt/subv for (( i = 0; i < 3; i++)); do # Create 3 64M holes for latter fallocate to fail truncate -s 192m $mnt/subv/file xfs_io -c "pwrite 64m 4k" $mnt/subv/file > /dev/null xfs_io -c "pwrite 128m 4k" $mnt/subv/file > /dev/null sync # it's supposed to fail, and each failure will leak at least 64M # data space xfs_io -f -c "falloc 0 192m" $mnt/subv/file &> /dev/null rm $mnt/subv/file sync done # Shouldn't fail after we removed the file xfs_io -f -c "falloc 0 64m" $mnt/subv/file [CAUSE] Btrfs qgroup data reserve code allow multiple reservations to happen on a single extent_changeset: E.g: btrfs_qgroup_reserve_data(inode, &data_reserved, 0, SZ_1M); btrfs_qgroup_reserve_data(inode, &data_reserved, SZ_1M, SZ_2M); btrfs_qgroup_reserve_data(inode, &data_reserved, 0, SZ_4M); Btrfs qgroup code has its internal tracking to make sure we don't double-reserve in above example. The only pattern utilizing this feature is in the main while loop of btrfs_fallocate() function. However btrfs_qgroup_reserve_data()'s error handling has a bug in that on error it clears all ranges in the io_tree with EXTENT_QGROUP_RESERVED flag but doesn't free previously reserved bytes. This bug has a two fold effect: - Clearing EXTENT_QGROUP_RESERVED ranges This is the correct behavior, but it prevents btrfs_qgroup_check_reserved_leak() to catch the leakage as the detector is purely EXTENT_QGROUP_RESERVED flag based. - Leak the previously reserved data bytes. The bug manifests when N calls to btrfs_qgroup_reserve_data are made and the last one fails, leaking space reserved in the previous ones. [FIX] Also free previously reserved data bytes when btrfs_qgroup_reserve_data fails. Fixes: `5247255370` ("btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function") CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-10-05 13:10:09 +02:00
arch	arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328	2019-10-05 13:10:07 +02:00
block	block: fix null pointer dereference in blk_mq_rq_timed_out()	2019-10-05 13:10:08 +02:00
certs	export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()	2018-08-22 23:21:44 +09:00
crypto	crypto: chacha20poly1305 - fix atomic sleep when using async algorithm	2019-07-26 09:14:19 +02:00
Documentation	ovl: fix regression caused by overlapping layers detection	2019-09-21 07:17:14 +02:00
drivers	i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask	2019-10-05 13:10:08 +02:00
firmware	kbuild: remove all dummy assignments to obj-	2017-11-18 11:46:06 +09:00
fs	btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls	2019-10-05 13:10:09 +02:00
include	blk-mq: add callback of .cleanup_rq	2019-10-05 13:10:03 +02:00
init	initramfs: don't free a non-existent initrd	2019-10-01 08:26:09 +02:00
ipc	ipc/mqueue.c: only perform resource calculation if user valid	2019-08-06 19:06:52 +02:00
kernel	alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP	2019-10-05 13:10:07 +02:00
lib	lib: logic_pio: Add logic_pio_unregister_range()	2019-09-06 10:22:19 +02:00
LICENSES	LICENSES: Remove CC-BY-SA-4.0 license text	2018-10-18 11:28:50 +02:00
mm	memcg, kmem: do not fail __GFP_NOFAIL charges	2019-10-05 13:10:08 +02:00
net	nfc: enforce CAP_NET_RAW for raw sockets	2019-10-05 13:09:32 +02:00
samples	samples, bpf: suppress compiler warning	2019-07-14 08:11:04 +02:00
scripts	randstruct: Check member structs in is_pure_ops_struct()	2019-10-05 13:10:02 +02:00
security	keys: Fix missing null pointer check in request_key_auth_describe()	2019-09-21 07:17:13 +02:00
sound	ASoC: Intel: Fix use of potentially uninitialized variable	2019-10-05 13:10:06 +02:00
tools	libtraceevent: Change users plugin directory	2019-10-05 13:09:53 +02:00
usr	initramfs: move gen_initramfs_list.sh from scripts/ to usr/	2018-08-22 23:21:44 +09:00
virt	KVM: coalesced_mmio: add bounds checking	2019-09-21 07:16:44 +02:00
.clang-format	clang-format: Set IndentWrappedFunctionNames false	2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore	Kbuild updates for v4.17 (2nd)	2018-04-15 17:21:30 -07:00
.mailmap	libnvdimm-for-4.19_misc	2018-08-25 18:13:10 -07:00
COPYING	COPYING: use the new text with points to the license files	2018-03-23 12:41:45 -06:00
CREDITS	9p: remove Ron Minnich from MAINTAINERS	2018-08-17 16:20:26 -07:00
Kbuild	Kbuild updates for v4.15	2017-11-17 17:45:29 -08:00
Kconfig	kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt	2018-08-02 08:06:55 +09:00
MAINTAINERS	platform/x86: Add Intel AtomISP2 dummy / power-management driver	2019-04-20 09:16:02 +02:00
Makefile	Linux 4.19.76	2019-10-01 08:26:13 +02:00
README	Docs: Added a pointer to the formatted docs to README	2018-03-21 09:02:53 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.