From patchwork Fri Apr 10 21:32:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 228112 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7DE1C2BB55 for ; Fri, 10 Apr 2020 21:32:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8FDC32083E for ; Fri, 10 Apr 2020 21:32:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554339; bh=WRe7kV3lhUCdTQYUsHgLOqTVX+XkxJ9DIyWyNEGVShg=; h=Date:From:To:Subject:In-Reply-To:List-ID:From; b=wKGbag0sWcaO288c3DbYU2GZXgS3WBwN8WbJsVPWJpPPm71693I7Xp0nU5i+ctvrN cHbHpxWCQWFZewYDMOPu2DNjjuqhkjrb5cO+ZdGfPaTjJfVN0SWWp6ZleKuY4CbpHP Vvk8I0ozRA70Uba+pvzNBj1T6HLU5+ZPzVQvqQbI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726646AbgDJVcS (ORCPT ); Fri, 10 Apr 2020 17:32:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:46070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726582AbgDJVcS (ORCPT ); Fri, 10 Apr 2020 17:32:18 -0400 Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 92E8520753; Fri, 10 Apr 2020 21:32:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554336; bh=WRe7kV3lhUCdTQYUsHgLOqTVX+XkxJ9DIyWyNEGVShg=; h=Date:From:To:Subject:In-Reply-To:From; b=GGIaX8QG2QAoGFU52jscBeZoES7VPlftAOI3JYbcvTOEGRymeLWqKivgN6ur4+5mS rgdB5VQy8xQmmEHcMXZGApJ2fUJpb/Q/ROs7R+OET7jtXPF6mPc+0L9WSYoK3uKgKo 8VTYLCpe8PObwvXllc/KF+SIf8J+hwIlyumT6mpI= Date: Fri, 10 Apr 2020 14:32:16 -0700 From: Andrew Morton To: akpm@linux-foundation.org, anton@tuxera.com, linux-mm@kvack.org, mm-commits@vger.kernel.org, simon@tuxera.com, stable@vger.kernel.org, torvalds@linux-foundation.org Subject: [patch 01/35] hfsplus: fix crash and filesystem corruption when deleting files Message-ID: <20200410213216.yyMwFshfU%akpm@linux-foundation.org> In-Reply-To: <20200410143047.bf34a933ce1affdc042c7c80@linux-foundation.org> User-Agent: s-nail v14.8.16 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Simon Gander Subject: hfsplus: fix crash and filesystem corruption when deleting files When removing files containing extended attributes, the hfsplus driver may remove the wrong entries from the attributes b-tree, causing major filesystem damage and in some cases even kernel crashes. To remove a file, all its extended attributes have to be removed as well. The driver does this by looking up all keys in the attributes b-tree with the cnid of the file. Each of these entries then gets deleted using the key used for searching, which doesn't contain the attribute's name when it should. Since the key doesn't contain the name, the deletion routine will not find the correct entry and instead remove the one in front of it. If parent nodes have to be modified, these become corrupt as well. This causes invalid links and unsorted entries that not even macOS's fsck_hfs is able to fix. To fix this, modify the search key before an entry is deleted from the attributes b-tree by copying the found entry's key into the search key, therefore ensuring that the correct entry gets removed from the tree. Link: http://lkml.kernel.org/r/20200327155541.1521-1-simon@tuxera.com Signed-off-by: Simon Gander Reviewed-by: Anton Altaparmakov Cc: Signed-off-by: Andrew Morton --- fs/hfsplus/attributes.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/hfsplus/attributes.c~hfsplus-fix-crash-and-filesystem-corruption-when-deleting-files +++ a/fs/hfsplus/attributes.c @@ -292,6 +292,10 @@ static int __hfsplus_delete_attr(struct return -ENOENT; } + /* Avoid btree corruption */ + hfs_bnode_read(fd->bnode, fd->search_key, + fd->keyoffset, fd->keylength); + err = hfs_brec_remove(fd); if (err) return err; From patchwork Fri Apr 10 21:32:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 228111 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F714C2BB85 for ; Fri, 10 Apr 2020 21:32:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 479B12087E for ; Fri, 10 Apr 2020 21:32:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554362; bh=cBWRW76SvB24Ppziggmko24ngvHKcl9FYD2nWQmJ0CM=; h=Date:From:To:Subject:In-Reply-To:List-ID:From; b=IsJ207gzEkOkRXaqWHxxh4F1PG2eJuHzjrrTDRVe3a1gLGp/h+vN9n/fxpZt+2fhY +iaIwS2vmcfMGFKz2cNKtMn/r7Qaf+hHQ3fCqpuPg508KwocH4W5na9naTqiC0VxKG t92emqhKc9lXhxjHEuK7LubgOnU2Zk4dJw3z4Z6w= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726652AbgDJVcl (ORCPT ); Fri, 10 Apr 2020 17:32:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:46480 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726582AbgDJVcl (ORCPT ); Fri, 10 Apr 2020 17:32:41 -0400 Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 34E0E20753; Fri, 10 Apr 2020 21:32:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554359; bh=cBWRW76SvB24Ppziggmko24ngvHKcl9FYD2nWQmJ0CM=; h=Date:From:To:Subject:In-Reply-To:From; b=cYwA0gE0gYA4rPXtIIgLOsI4Arhq5khxiWAGLzsqHc3xXuqfSnWtnQLDgJL2Up320 m9Khb4clEI67SUMcS6QauStN+Ps/u08vGk91Y3iVl6BuEiF2e26/uwDALVS2jdZcQm xg39sG09tq9acI+3snqaypHciV9+0nInOEGYh+PU= Date: Fri, 10 Apr 2020 14:32:38 -0700 From: Andrew Morton To: akpm@linux-foundation.org, chge@linux.alibaba.com, gechangwei@live.cn, ghe@suse.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, junxiao.bi@oracle.com, linux-mm@kvack.org, mark@fasheh.com, mm-commits@vger.kernel.org, piaojun@huawei.com, stable@vger.kernel.org, torvalds@linux-foundation.org Subject: [patch 08/35] ocfs2: no need try to truncate file beyond i_size Message-ID: <20200410213238.KttQSeJuw%akpm@linux-foundation.org> In-Reply-To: <20200410143047.bf34a933ce1affdc042c7c80@linux-foundation.org> User-Agent: s-nail v14.8.16 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Changwei Ge Subject: ocfs2: no need try to truncate file beyond i_size Linux fallocate(2) with FALLOC_FL_PUNCH_HOLE mode set, its offset can exceed inode size. Ocfs2 now does't allow that offset beyond inode size. This restriction is not necessary and voilates fallocate(2) semantics. If fallocate(2) offset is beyond inode size, just return success and do nothing further. Otherwise, ocfs2 will crash the kernel. kernel BUG at fs/ocfs2//alloc.c:7264! ocfs2_truncate_inline+0x20f/0x360 [ocfs2] ? ocfs2_read_blocks+0x2f3/0x5f0 [ocfs2] ocfs2_remove_inode_range+0x23c/0xcb0 [ocfs2] ? ocfs2_read_inode_block+0x10/0x20 [ocfs2] ? ocfs2_allocate_extend_trans+0x1a0/0x1a0 [ocfs2] __ocfs2_change_file_space+0x4a5/0x650 [ocfs2] ocfs2_fallocate+0x83/0xa0 [ocfs2] ? __audit_syscall_entry+0xb8/0x100 ? __sb_start_write+0x3b/0x70 vfs_fallocate+0x148/0x230 SyS_fallocate+0x48/0x80 do_syscall_64+0x79/0x170 Link: http://lkml.kernel.org/r/20200407082754.17565-1-chge@linux.alibaba.com Signed-off-by: Changwei Ge Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Cc: Signed-off-by: Andrew Morton --- fs/ocfs2/alloc.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/ocfs2/alloc.c~ocfs2-no-need-try-to-truncate-file-beyond-i_size +++ a/fs/ocfs2/alloc.c @@ -7402,6 +7402,10 @@ int ocfs2_truncate_inline(struct inode * struct ocfs2_dinode *di = (struct ocfs2_dinode *)di_bh->b_data; struct ocfs2_inline_data *idata = &di->id2.i_data; + /* No need to punch hole beyond i_size. */ + if (start >= i_size_read(inode)) + return 0; + if (end > i_size_read(inode)) end = i_size_read(inode); From patchwork Fri Apr 10 21:33:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 228110 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B80C9C2BBFD for ; Fri, 10 Apr 2020 21:33:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 91AED21556 for ; Fri, 10 Apr 2020 21:33:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554429; bh=ck61gAKMCOZGyQ5F1WxYtliEKRvgStAxqlgmwfklr9o=; h=Date:From:To:Subject:In-Reply-To:List-ID:From; b=C5vT+9SOCsO6M0Zsy6JmuEvFDL731XkcViHPmClgVygq0VXd6MayXLssnhmFJKUF5 yKTDPuL9c2fE3zWG+UXaJm3I95NdV5F1tcPdc5FNQEGd/V3CTKesk+NP/ksUVr4V9A maHm0C/QnaHW6lUwV7LQdfhI4naM4MjAqqRlkeZA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726712AbgDJVds (ORCPT ); Fri, 10 Apr 2020 17:33:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:47950 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726594AbgDJVdr (ORCPT ); Fri, 10 Apr 2020 17:33:47 -0400 Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A581F215A4; Fri, 10 Apr 2020 21:33:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586554428; bh=ck61gAKMCOZGyQ5F1WxYtliEKRvgStAxqlgmwfklr9o=; h=Date:From:To:Subject:In-Reply-To:From; b=pAcM0ax2JIotRyjuoIWWF3Fo+OkhL2S77Qt2yUFT4nGQAkI4aNtQ94LQtB9nqVZGM AZ8ri7CqltVM1STcKjVLtoW5/QDgyJJkO1Qpd46iyP2MkfnSEAGPZ5z91EYCvEEYOy +duElrlWzuC86zsmAX8iOQY/7ivzvImqY7chUEBo= Date: Fri, 10 Apr 2020 14:33:47 -0700 From: Andrew Morton To: akpm@linux-foundation.org, ast@kernel.org, ebiggers@google.com, gregkh@linuxfoundation.org, jeffv@google.com, jeyu@kernel.org, keescook@chromium.org, linux-mm@kvack.org, mcgrof@kernel.org, mm-commits@vger.kernel.org, neilb@suse.com, stable@vger.kernel.org, torvalds@linux-foundation.org Subject: [patch 27/35] fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() Message-ID: <20200410213347.RHoMObc5Z%akpm@linux-foundation.org> In-Reply-To: <20200410143047.bf34a933ce1affdc042c7c80@linux-foundation.org> User-Agent: s-nail v14.8.16 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Biggers Subject: fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() After request_module(), nothing is stopping the module from being unloaded until someone takes a reference to it via try_get_module(). The WARN_ONCE() in get_fs_type() is thus user-reachable, via userspace running 'rmmod' concurrently. Since WARN_ONCE() is for kernel bugs only, not for user-reachable situations, downgrade this warning to pr_warn_once(). Keep it printed once only, since the intent of this warning is to detect a bug in modprobe at boot time. Printing the warning more than once wouldn't really provide any useful extra information. Link: http://lkml.kernel.org/r/20200312202552.241885-3-ebiggers@kernel.org Fixes: 41124db869b7 ("fs: warn in case userspace lied about modprobe return") Signed-off-by: Eric Biggers Reviewed-by: Jessica Yu Cc: Alexei Starovoitov Cc: Greg Kroah-Hartman Cc: Jeff Vander Stoep Cc: Jessica Yu Cc: Kees Cook Cc: Luis Chamberlain Cc: NeilBrown Cc: [4.13+] Signed-off-by: Andrew Morton --- fs/filesystems.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/filesystems.c~fs-filesystemsc-downgrade-user-reachable-warn_once-to-pr_warn_once +++ a/fs/filesystems.c @@ -272,7 +272,9 @@ struct file_system_type *get_fs_type(con fs = __get_fs_type(name, len); if (!fs && (request_module("fs-%.*s", len, name) == 0)) { fs = __get_fs_type(name, len); - WARN_ONCE(!fs, "request_module fs-%.*s succeeded, but still no fs?\n", len, name); + if (!fs) + pr_warn_once("request_module fs-%.*s succeeded, but still no fs?\n", + len, name); } if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {