diff options
| author | Dave Chinner <dchinner@redhat.com> | 2014-05-05 17:37:31 -0400 |
|---|---|---|
| committer | Dave Chinner <david@fromorbit.com> | 2014-05-05 17:37:31 -0400 |
| commit | 8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (patch) | |
| tree | 2f249712b18b943a8d3667dd7c5c6ef614e4fa59 /fs/xfs | |
| parent | d540e43b0ab134b22f015f725ce6e070d12b0244 (diff) | |
xfs: remote attribute overwrite causes transaction overrun
Commit e461fcb ("xfs: remote attribute lookups require the value
length") passes the remote attribute length in the xfs_da_args
structure on lookup so that CRC calculations and validity checking
can be performed correctly by related code. This, unfortunately has
the side effect of changing the args->valuelen parameter in cases
where it shouldn't.
That is, when we replace a remote attribute, the incoming
replacement stores the value and length in args->value and
args->valuelen, but then the lookup which finds the existing remote
attribute overwrites args->valuelen with the length of the remote
attribute being replaced. Hence when we go to create the new
attribute, we create it of the size of the existing remote
attribute, not the size it is supposed to be. When the new attribute
is much smaller than the old attribute, this results in a
transaction overrun and an ASSERT() failure on a debug kernel:
XFS: Assertion failed: tp->t_blk_res_used <= tp->t_blk_res, file: fs/xfs/xfs_trans.c, line: 331
Fix this by keeping the remote attribute value length separate to
the attribute value length in the xfs_da_args structure. The enables
us to pass the length of the remote attribute to be removed without
overwriting the new attribute's length.
Also, ensure that when we save remote block contexts for a later
rename we zero the original state variables so that we don't confuse
the state of the attribute to be removes with the state of the new
attribute that we just added. [Spotted by Brain Foster.]
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Diffstat (limited to 'fs/xfs')
| -rw-r--r-- | fs/xfs/xfs_attr.c | 24 | ||||
| -rw-r--r-- | fs/xfs/xfs_attr_leaf.c | 21 | ||||
| -rw-r--r-- | fs/xfs/xfs_attr_list.c | 1 | ||||
| -rw-r--r-- | fs/xfs/xfs_attr_remote.c | 8 | ||||
| -rw-r--r-- | fs/xfs/xfs_da_btree.h | 2 |
5 files changed, 42 insertions, 14 deletions
diff --git a/fs/xfs/xfs_attr.c b/fs/xfs/xfs_attr.c index 01b6a0102fbd..abda1124a70f 100644 --- a/fs/xfs/xfs_attr.c +++ b/fs/xfs/xfs_attr.c | |||
| @@ -213,7 +213,7 @@ xfs_attr_calc_size( | |||
| 213 | * Out of line attribute, cannot double split, but | 213 | * Out of line attribute, cannot double split, but |
| 214 | * make room for the attribute value itself. | 214 | * make room for the attribute value itself. |
| 215 | */ | 215 | */ |
| 216 | uint dblocks = XFS_B_TO_FSB(mp, valuelen); | 216 | uint dblocks = xfs_attr3_rmt_blocks(mp, valuelen); |
| 217 | nblks += dblocks; | 217 | nblks += dblocks; |
| 218 | nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK); | 218 | nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK); |
| 219 | } | 219 | } |
| @@ -698,11 +698,22 @@ xfs_attr_leaf_addname(xfs_da_args_t *args) | |||
| 698 | 698 | ||
| 699 | trace_xfs_attr_leaf_replace(args); | 699 | trace_xfs_attr_leaf_replace(args); |
| 700 | 700 | ||
| 701 | /* save the attribute state for later removal*/ | ||
| 701 | args->op_flags |= XFS_DA_OP_RENAME; /* an atomic rename */ | 702 | args->op_flags |= XFS_DA_OP_RENAME; /* an atomic rename */ |
| 702 | args->blkno2 = args->blkno; /* set 2nd entry info*/ | 703 | args->blkno2 = args->blkno; /* set 2nd entry info*/ |
| 703 | args->index2 = args->index; | 704 | args->index2 = args->index; |
| 704 | args->rmtblkno2 = args->rmtblkno; | 705 | args->rmtblkno2 = args->rmtblkno; |
| 705 | args->rmtblkcnt2 = args->rmtblkcnt; | 706 | args->rmtblkcnt2 = args->rmtblkcnt; |
| 707 | args->rmtvaluelen2 = args->rmtvaluelen; | ||
| 708 | |||
| 709 | /* | ||
| 710 | * clear the remote attr state now that it is saved so that the | ||
| 711 | * values reflect the state of the attribute we are about to | ||
| 712 | * add, not the attribute we just found and will remove later. | ||
| 713 | */ | ||
| 714 | args->rmtblkno = 0; | ||
| 715 | args->rmtblkcnt = 0; | ||
| 716 | args->rmtvaluelen = 0; | ||
| 706 | } | 717 | } |
| 707 | 718 | ||
| 708 | /* | 719 | /* |
| @@ -794,6 +805,7 @@ xfs_attr_leaf_addname(xfs_da_args_t *args) | |||
| 794 | args->blkno = args->blkno2; | 805 | args->blkno = args->blkno2; |
| 795 | args->rmtblkno = args->rmtblkno2; | 806 | args->rmtblkno = args->rmtblkno2; |
| 796 | args->rmtblkcnt = args->rmtblkcnt2; | 807 | args->rmtblkcnt = args->rmtblkcnt2; |
| 808 | args->rmtvaluelen = args->rmtvaluelen2; | ||
| 797 | if (args->rmtblkno) { | 809 | if (args->rmtblkno) { |
| 798 | error = xfs_attr_rmtval_remove(args); | 810 | error = xfs_attr_rmtval_remove(args); |
| 799 | if (error) | 811 | if (error) |
| @@ -999,13 +1011,22 @@ restart: | |||
| 999 | 1011 | ||
| 1000 | trace_xfs_attr_node_replace(args); | 1012 | trace_xfs_attr_node_replace(args); |
| 1001 | 1013 | ||
| 1014 | /* save the attribute state for later removal*/ | ||
| 1002 | args->op_flags |= XFS_DA_OP_RENAME; /* atomic rename op */ | 1015 | args->op_flags |= XFS_DA_OP_RENAME; /* atomic rename op */ |
| 1003 | args->blkno2 = args->blkno; /* set 2nd entry info*/ | 1016 | args->blkno2 = args->blkno; /* set 2nd entry info*/ |
| 1004 | args->index2 = args->index; | 1017 | args->index2 = args->index; |
| 1005 | args->rmtblkno2 = args->rmtblkno; | 1018 | args->rmtblkno2 = args->rmtblkno; |
| 1006 | args->rmtblkcnt2 = args->rmtblkcnt; | 1019 | args->rmtblkcnt2 = args->rmtblkcnt; |
| 1020 | args->rmtvaluelen2 = args->rmtvaluelen; | ||
| 1021 | |||
| 1022 | /* | ||
| 1023 | * clear the remote attr state now that it is saved so that the | ||
| 1024 | * values reflect the state of the attribute we are about to | ||
| 1025 | * add, not the attribute we just found and will remove later. | ||
| 1026 | */ | ||
| 1007 | args->rmtblkno = 0; | 1027 | args->rmtblkno = 0; |
| 1008 | args->rmtblkcnt = 0; | 1028 | args->rmtblkcnt = 0; |
| 1029 | args->rmtvaluelen = 0; | ||
| 1009 | } | 1030 | } |
| 1010 | 1031 | ||
| 1011 | retval = xfs_attr3_leaf_add(blk->bp, state->args); | 1032 | retval = xfs_attr3_leaf_add(blk->bp, state->args); |
| @@ -1133,6 +1154,7 @@ restart: | |||
| 1133 | args->blkno = args->blkno2; | 1154 | args->blkno = args->blkno2; |
| 1134 | args->rmtblkno = args->rmtblkno2; | 1155 | args->rmtblkno = args->rmtblkno2; |
| 1135 | args->rmtblkcnt = args->rmtblkcnt2; | 1156 | args->rmtblkcnt = args->rmtblkcnt2; |
| 1157 | args->rmtvaluelen = args->rmtvaluelen2; | ||
| 1136 | if (args->rmtblkno) { | 1158 | if (args->rmtblkno) { |
| 1137 | error = xfs_attr_rmtval_remove(args); | 1159 | error = xfs_attr_rmtval_remove(args); |
| 1138 | if (error) | 1160 | if (error) |
diff --git a/fs/xfs/xfs_attr_leaf.c b/fs/xfs/xfs_attr_leaf.c index fe9587fab17a..511c283459b1 100644 --- a/fs/xfs/xfs_attr_leaf.c +++ b/fs/xfs/xfs_attr_leaf.c | |||
| @@ -1229,6 +1229,7 @@ xfs_attr3_leaf_add_work( | |||
| 1229 | name_rmt->valueblk = 0; | 1229 | name_rmt->valueblk = 0; |
| 1230 | args->rmtblkno = 1; | 1230 | args->rmtblkno = 1; |
| 1231 | args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen); | 1231 | args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen); |
| 1232 | args->rmtvaluelen = args->valuelen; | ||
| 1232 | } | 1233 | } |
| 1233 | xfs_trans_log_buf(args->trans, bp, | 1234 | xfs_trans_log_buf(args->trans, bp, |
| 1234 | XFS_DA_LOGRANGE(leaf, xfs_attr3_leaf_name(leaf, args->index), | 1235 | XFS_DA_LOGRANGE(leaf, xfs_attr3_leaf_name(leaf, args->index), |
| @@ -2167,11 +2168,11 @@ xfs_attr3_leaf_lookup_int( | |||
| 2167 | if (!xfs_attr_namesp_match(args->flags, entry->flags)) | 2168 | if (!xfs_attr_namesp_match(args->flags, entry->flags)) |
| 2168 | continue; | 2169 | continue; |
| 2169 | args->index = probe; | 2170 | args->index = probe; |
| 2170 | args->valuelen = be32_to_cpu(name_rmt->valuelen); | 2171 | args->rmtvaluelen = be32_to_cpu(name_rmt->valuelen); |
| 2171 | args->rmtblkno = be32_to_cpu(name_rmt->valueblk); | 2172 | args->rmtblkno = be32_to_cpu(name_rmt->valueblk); |
| 2172 | args->rmtblkcnt = xfs_attr3_rmt_blocks( | 2173 | args->rmtblkcnt = xfs_attr3_rmt_blocks( |
| 2173 | args->dp->i_mount, | 2174 | args->dp->i_mount, |
| 2174 | args->valuelen); | 2175 | args->rmtvaluelen); |
| 2175 | return XFS_ERROR(EEXIST); | 2176 | return XFS_ERROR(EEXIST); |
| 2176 | } | 2177 | } |
| 2177 | } | 2178 | } |
| @@ -2220,19 +2221,19 @@ xfs_attr3_leaf_getvalue( | |||
| 2220 | name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); | 2221 | name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); |
| 2221 | ASSERT(name_rmt->namelen == args->namelen); | 2222 | ASSERT(name_rmt->namelen == args->namelen); |
| 2222 | ASSERT(memcmp(args->name, name_rmt->name, args->namelen) == 0); | 2223 | ASSERT(memcmp(args->name, name_rmt->name, args->namelen) == 0); |
| 2223 | valuelen = be32_to_cpu(name_rmt->valuelen); | 2224 | args->rmtvaluelen = be32_to_cpu(name_rmt->valuelen); |
| 2224 | args->rmtblkno = be32_to_cpu(name_rmt->valueblk); | 2225 | args->rmtblkno = be32_to_cpu(name_rmt->valueblk); |
| 2225 | args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount, | 2226 | args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount, |
| 2226 | valuelen); | 2227 | args->rmtvaluelen); |
| 2227 | if (args->flags & ATTR_KERNOVAL) { | 2228 | if (args->flags & ATTR_KERNOVAL) { |
| 2228 | args->valuelen = valuelen; | 2229 | args->valuelen = args->rmtvaluelen; |
| 2229 | return 0; | 2230 | return 0; |
| 2230 | } | 2231 | } |
| 2231 | if (args->valuelen < valuelen) { | 2232 | if (args->valuelen < args->rmtvaluelen) { |
| 2232 | args->valuelen = valuelen; | 2233 | args->valuelen = args->rmtvaluelen; |
| 2233 | return XFS_ERROR(ERANGE); | 2234 | return XFS_ERROR(ERANGE); |
| 2234 | } | 2235 | } |
| 2235 | args->valuelen = valuelen; | 2236 | args->valuelen = args->rmtvaluelen; |
| 2236 | } | 2237 | } |
| 2237 | return 0; | 2238 | return 0; |
| 2238 | } | 2239 | } |
| @@ -2519,7 +2520,7 @@ xfs_attr3_leaf_clearflag( | |||
| 2519 | ASSERT((entry->flags & XFS_ATTR_LOCAL) == 0); | 2520 | ASSERT((entry->flags & XFS_ATTR_LOCAL) == 0); |
| 2520 | name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); | 2521 | name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); |
| 2521 | name_rmt->valueblk = cpu_to_be32(args->rmtblkno); | 2522 | name_rmt->valueblk = cpu_to_be32(args->rmtblkno); |
| 2522 | name_rmt->valuelen = cpu_to_be32(args->valuelen); | 2523 | name_rmt->valuelen = cpu_to_be32(args->rmtvaluelen); |
| 2523 | xfs_trans_log_buf(args->trans, bp, | 2524 | xfs_trans_log_buf(args->trans, bp, |
| 2524 | XFS_DA_LOGRANGE(leaf, name_rmt, sizeof(*name_rmt))); | 2525 | XFS_DA_LOGRANGE(leaf, name_rmt, sizeof(*name_rmt))); |
| 2525 | } | 2526 | } |
| @@ -2677,7 +2678,7 @@ xfs_attr3_leaf_flipflags( | |||
| 2677 | ASSERT((entry1->flags & XFS_ATTR_LOCAL) == 0); | 2678 | ASSERT((entry1->flags & XFS_ATTR_LOCAL) == 0); |
| 2678 | name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index); | 2679 | name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index); |
| 2679 | name_rmt->valueblk = cpu_to_be32(args->rmtblkno); | 2680 | name_rmt->valueblk = cpu_to_be32(args->rmtblkno); |
| 2680 | name_rmt->valuelen = cpu_to_be32(args->valuelen); | 2681 | name_rmt->valuelen = cpu_to_be32(args->rmtvaluelen); |
| 2681 | xfs_trans_log_buf(args->trans, bp1, | 2682 | xfs_trans_log_buf(args->trans, bp1, |
| 2682 | XFS_DA_LOGRANGE(leaf1, name_rmt, sizeof(*name_rmt))); | 2683 | XFS_DA_LOGRANGE(leaf1, name_rmt, sizeof(*name_rmt))); |
| 2683 | } | 2684 | } |
diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 01db96f60cf0..833fe5d98d80 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c | |||
| @@ -447,6 +447,7 @@ xfs_attr3_leaf_list_int( | |||
| 447 | args.dp = context->dp; | 447 | args.dp = context->dp; |
| 448 | args.whichfork = XFS_ATTR_FORK; | 448 | args.whichfork = XFS_ATTR_FORK; |
| 449 | args.valuelen = valuelen; | 449 | args.valuelen = valuelen; |
| 450 | args.rmtvaluelen = valuelen; | ||
| 450 | args.value = kmem_alloc(valuelen, KM_SLEEP | KM_NOFS); | 451 | args.value = kmem_alloc(valuelen, KM_SLEEP | KM_NOFS); |
| 451 | args.rmtblkno = be32_to_cpu(name_rmt->valueblk); | 452 | args.rmtblkno = be32_to_cpu(name_rmt->valueblk); |
| 452 | args.rmtblkcnt = xfs_attr3_rmt_blocks( | 453 | args.rmtblkcnt = xfs_attr3_rmt_blocks( |
diff --git a/fs/xfs/xfs_attr_remote.c b/fs/xfs/xfs_attr_remote.c index 6e37823e2932..d2e6e948cec7 100644 --- a/fs/xfs/xfs_attr_remote.c +++ b/fs/xfs/xfs_attr_remote.c | |||
| @@ -337,7 +337,7 @@ xfs_attr_rmtval_get( | |||
| 337 | struct xfs_buf *bp; | 337 | struct xfs_buf *bp; |
| 338 | xfs_dablk_t lblkno = args->rmtblkno; | 338 | xfs_dablk_t lblkno = args->rmtblkno; |
| 339 | __uint8_t *dst = args->value; | 339 | __uint8_t *dst = args->value; |
| 340 | int valuelen = args->valuelen; | 340 | int valuelen; |
| 341 | int nmap; | 341 | int nmap; |
| 342 | int error; | 342 | int error; |
| 343 | int blkcnt = args->rmtblkcnt; | 343 | int blkcnt = args->rmtblkcnt; |
| @@ -347,7 +347,9 @@ xfs_attr_rmtval_get( | |||
| 347 | trace_xfs_attr_rmtval_get(args); | 347 | trace_xfs_attr_rmtval_get(args); |
| 348 | 348 | ||
| 349 | ASSERT(!(args->flags & ATTR_KERNOVAL)); | 349 | ASSERT(!(args->flags & ATTR_KERNOVAL)); |
| 350 | ASSERT(args->rmtvaluelen == args->valuelen); | ||
| 350 | 351 | ||
| 352 | valuelen = args->rmtvaluelen; | ||
| 351 | while (valuelen > 0) { | 353 | while (valuelen > 0) { |
| 352 | nmap = ATTR_RMTVALUE_MAPSIZE; | 354 | nmap = ATTR_RMTVALUE_MAPSIZE; |
| 353 | error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno, | 355 | error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno, |
| @@ -415,7 +417,7 @@ xfs_attr_rmtval_set( | |||
| 415 | * attributes have headers, we can't just do a straight byte to FSB | 417 | * attributes have headers, we can't just do a straight byte to FSB |
| 416 | * conversion and have to take the header space into account. | 418 | * conversion and have to take the header space into account. |
| 417 | */ | 419 | */ |
| 418 | blkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen); | 420 | blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen); |
| 419 | error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff, | 421 | error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff, |
| 420 | XFS_ATTR_FORK); | 422 | XFS_ATTR_FORK); |
| 421 | if (error) | 423 | if (error) |
| @@ -480,7 +482,7 @@ xfs_attr_rmtval_set( | |||
| 480 | */ | 482 | */ |
| 481 | lblkno = args->rmtblkno; | 483 | lblkno = args->rmtblkno; |
| 482 | blkcnt = args->rmtblkcnt; | 484 | blkcnt = args->rmtblkcnt; |
| 483 | valuelen = args->valuelen; | 485 | valuelen = args->rmtvaluelen; |
| 484 | while (valuelen > 0) { | 486 | while (valuelen > 0) { |
| 485 | struct xfs_buf *bp; | 487 | struct xfs_buf *bp; |
| 486 | xfs_daddr_t dblkno; | 488 | xfs_daddr_t dblkno; |
diff --git a/fs/xfs/xfs_da_btree.h b/fs/xfs/xfs_da_btree.h index 6e95ea79f5d7..201c6091d26a 100644 --- a/fs/xfs/xfs_da_btree.h +++ b/fs/xfs/xfs_da_btree.h | |||
| @@ -60,10 +60,12 @@ typedef struct xfs_da_args { | |||
| 60 | int index; /* index of attr of interest in blk */ | 60 | int index; /* index of attr of interest in blk */ |
| 61 | xfs_dablk_t rmtblkno; /* remote attr value starting blkno */ | 61 | xfs_dablk_t rmtblkno; /* remote attr value starting blkno */ |
| 62 | int rmtblkcnt; /* remote attr value block count */ | 62 | int rmtblkcnt; /* remote attr value block count */ |
| 63 | int rmtvaluelen; /* remote attr value length in bytes */ | ||
| 63 | xfs_dablk_t blkno2; /* blkno of 2nd attr leaf of interest */ | 64 | xfs_dablk_t blkno2; /* blkno of 2nd attr leaf of interest */ |
| 64 | int index2; /* index of 2nd attr in blk */ | 65 | int index2; /* index of 2nd attr in blk */ |
| 65 | xfs_dablk_t rmtblkno2; /* remote attr value starting blkno */ | 66 | xfs_dablk_t rmtblkno2; /* remote attr value starting blkno */ |
| 66 | int rmtblkcnt2; /* remote attr value block count */ | 67 | int rmtblkcnt2; /* remote attr value block count */ |
| 68 | int rmtvaluelen2; /* remote attr value length in bytes */ | ||
| 67 | int op_flags; /* operation flags */ | 69 | int op_flags; /* operation flags */ |
| 68 | enum xfs_dacmp cmpresult; /* name compare result for lookups */ | 70 | enum xfs_dacmp cmpresult; /* name compare result for lookups */ |
| 69 | } xfs_da_args_t; | 71 | } xfs_da_args_t; |