1. 29 Jan, 2013 1 commit
  2. 07 Jan, 2013 2 commits
  3. 27 Dec, 2012 1 commit
    • Theodore Ts'o's avatar
      ext4: avoid hang when mounting non-journal filesystems with orphan list · 0e9a9a1a
      Theodore Ts'o authored
      
      
      When trying to mount a file system which does not contain a journal,
      but which does have a orphan list containing an inode which needs to
      be truncated, the mount call with hang forever in
      ext4_orphan_cleanup() because ext4_orphan_del() will return
      immediately without removing the inode from the orphan list, leading
      to an uninterruptible loop in kernel code which will busy out one of
      the CPU's on the system.
      
      This can be trivially reproduced by trying to mount the file system
      found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs
      source tree.  If a malicious user were to put this on a USB stick, and
      mount it on a Linux desktop which has automatic mounts enabled, this
      could be considered a potential denial of service attack.  (Not a big
      deal in practice, but professional paranoids worry about such things,
      and have even been known to allocate CVE numbers for such problems.)
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Reviewed-by: default avatarZheng Liu <wenqing.lz@taobao.com>
      Cc: stable@vger.kernel.org
      0e9a9a1a
  4. 10 Dec, 2012 11 commits
  5. 13 Nov, 2012 1 commit
  6. 11 Nov, 2012 1 commit
  7. 27 Sep, 2012 2 commits
    • Carlos Maiolino's avatar
      ext4: ext4_bread usage audit · 6d1ab10e
      Carlos Maiolino authored
      When ext4_bread() returns NULL and err is set to zero, this means
      there is no phyical block mapped to the specified logical block
      number.  (Previous to commit 90b0a973
      
      , err was uninitialized in this
      case, which caused other problems.)
      
      The directory handling routines use ext4_bread() in many places, the
      fact that ext4_bread() now returns NULL with err set to zero could
      cause problems since a number of these functions will simply return
      the value of err if the result of ext4_bread() was the NULL pointer,
      causing the caller of the function to think that the function was
      successful.
      
      Since directories should never contain holes, this case can only
      happen if the file system is corrupted.  This commit audits all of the
      callers of ext4_bread(), and makes sure they do the right thing if a
      hole in a directory is found by ext4_bread().
      
      Some ext4_bread() callers did not need any changes either because they
      already had its own hole detector paths.
      Signed-off-by: default avatarCarlos Maiolino <cmaiolino@redhat.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      6d1ab10e
    • Bernd Schubert's avatar
      ext4: always set i_op in ext4_mknod() · 6a08f447
      Bernd Schubert authored
      
      
      ext4_special_inode_operations have their own ifdef CONFIG_EXT4_FS_XATTR
      to mask those methods. And ext4_iget also always sets it, so there is
      an inconsistency.
      Signed-off-by: default avatarBernd Schubert <bernd.schubert@itwm.fraunhofer.de>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      6a08f447
  8. 18 Sep, 2012 2 commits
    • Anatol Pomozov's avatar
      ext4: make orphan functions be no-op in no-journal mode · c9b92530
      Anatol Pomozov authored
      
      
      Instead of checking whether the handle is valid, we check if journal
      is enabled. This avoids taking the s_orphan_lock mutex in all cases
      when there is no journal in use, including the error paths where
      ext4_orphan_del() is called with a handle set to NULL.
      Signed-off-by: default avatarAnatol Pomozov <anatol.pomozov@gmail.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      c9b92530
    • Carlos Maiolino's avatar
      ext4: fix possible non-initialized variable in htree_dirblock_to_tree() · 90b0a973
      Carlos Maiolino authored
      
      
      htree_dirblock_to_tree() declares a non-initialized 'err' variable,
      which is passed as a reference to another functions expecting them to
      set this variable with their error codes.
      
      It's passed to ext4_bread(), which then passes it to ext4_getblk(). If
      ext4_map_blocks() returns 0 due to a lookup failure, leaving the
      ext4_getblk() buffer_head uninitialized, it will make ext4_getblk()
      return to ext4_bread() without initialize the 'err' variable, and
      ext4_bread() will return to htree_dirblock_to_tree() with this variable
      still uninitialized.  htree_dirblock_to_tree() will pass this variable
      with garbage back to ext4_htree_fill_tree(), which expects a number of
      directory entries added to the rb-tree. which, in case, might return a
      fake non-zero value due the garbage left in the 'err' variable, leading
      the kernel to an Oops in ext4_dx_readdir(), once this is expecting a
      filled rb-tree node, when in turn it will have a NULL-ed one, causing an
      invalid page request when trying to get a fname struct from this NULL-ed
      rb-tree node in this line:
      
      fname = rb_entry(info->curr_node, struct fname, rb_hash);
      
      The patch itself initializes the err variable in
      htree_dirblock_to_tree() to avoid usage mistakes by the called
      functions, and also fix ext4_getblk() to return a initialized 'err'
      variable when ext4_map_blocks() fails a lookup.
      Signed-off-by: default avatarCarlos Maiolino <cmaiolino@redhat.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      90b0a973
  9. 17 Aug, 2012 1 commit
    • Theodore Ts'o's avatar
      ext4: add max_dir_size_kb mount option · df981d03
      Theodore Ts'o authored
      
      
      Very large directories can cause significant performance problems, or
      perhaps even invoke the OOM killer, if the process is running in a
      highly constrained memory environment (whether it is VM's with a small
      amount of memory or in a small memory cgroup).
      
      So it is useful, in cloud server/data center environments, to be able
      to set a filesystem-wide cap on the maximum size of a directory, to
      ensure that directories never get larger than a sane size.  We do this
      via a new mount option, max_dir_size_kb.  If there is an attempt to
      grow the directory larger than max_dir_size_kb, the system call will
      return ENOSPC instead.
      
      Google-Bug-Id: 6863013
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      
      
      
      df981d03
  10. 23 Jul, 2012 1 commit
  11. 22 Jul, 2012 1 commit
  12. 14 Jul, 2012 2 commits
  13. 09 Jul, 2012 1 commit
  14. 28 May, 2012 1 commit
  15. 11 May, 2012 1 commit
    • Linus Torvalds's avatar
      vfs: make it possible to access the dentry hash/len as one 64-bit entry · 26fe5750
      Linus Torvalds authored
      
      
      This allows comparing hash and len in one operation on 64-bit
      architectures.  Right now only __d_lookup_rcu() takes advantage of this,
      since that is the case we care most about.
      
      The use of anonymous struct/unions hides the alternate 64-bit approach
      from most users, the exception being a few cases where we initialize a
      'struct qstr' with a static initializer.  This makes the problematic
      cases use a new QSTR_INIT() helper function for that (but initializing
      just the name pointer with a "{ .name = xyzzy }" initializer remains
      valid, as does just copying another qstr structure).
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      26fe5750
  16. 30 Apr, 2012 1 commit
  17. 29 Apr, 2012 4 commits
  18. 21 Feb, 2012 1 commit
  19. 09 Jan, 2012 1 commit
    • Al Viro's avatar
      ext[34]: avoid i_nlink warnings triggered by drop_nlink/inc_nlink kludge in symlink() · 0ce8c010
      Al Viro authored
      
      
      Both ext3 and ext4 put the half-created symlink inode into the orphan list
      for a while (see the comment in ext[34]_symlink() for gory details).  Then,
      if everything went fine, they pull it out of the orphan list and bump the
      link count back to 1.  The thing is, inc_nlink() is going to complain about
      seeing somebody changing i_nlink from 0 to 1.  With a good reason, since
      normally something like that is a bug.  Explicit set_nlink(inode, 1) does
      the same thing as inc_nlink() here, but it does *not* complain - exactly
      because it should be usable in strange situations like this one.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0ce8c010
  20. 04 Jan, 2012 3 commits
  21. 02 Nov, 2011 1 commit