kernel-ark

History

Liu Bo 2932505abe Btrfs: fix use-after-free bug during umount Commit `be283b2e67` ( Btrfs: use helper to cleanup tree roots) introduced the following bug, BUG: unable to handle kernel NULL pointer dereference at 0000000000000034 IP: [<ffffffffa039368c>] extent_buffer_get+0x4/0xa [btrfs] [...] Pid: 2463, comm: btrfs-cache-1 Tainted: G O 3.9.0+ #4 innotek GmbH VirtualBox/VirtualBox RIP: 0010:[<ffffffffa039368c>] [<ffffffffa039368c>] extent_buffer_get+0x4/0xa [btrfs] Process btrfs-cache-1 (pid: 2463, threadinfo ffff880112d60000, task ffff880117679730) [...] Call Trace: [<ffffffffa0398a99>] btrfs_search_slot+0x104/0x64d [btrfs] [<ffffffffa039aea4>] btrfs_next_old_leaf+0xa7/0x334 [btrfs] [<ffffffffa039b141>] btrfs_next_leaf+0x10/0x12 [btrfs] [<ffffffffa039ea13>] caching_thread+0x1a3/0x2e0 [btrfs] [<ffffffffa03d8811>] worker_loop+0x14b/0x48e [btrfs] [<ffffffffa03d86c6>] ? btrfs_queue_worker+0x25c/0x25c [btrfs] [<ffffffff81068d3d>] kthread+0x8d/0x95 [<ffffffff81068cb0>] ? kthread_freezable_should_stop+0x43/0x43 [<ffffffff8151e5ac>] ret_from_fork+0x7c/0xb0 [<ffffffff81068cb0>] ? kthread_freezable_should_stop+0x43/0x43 RIP [<ffffffffa039368c>] extent_buffer_get+0x4/0xa [btrfs] We've free'ed commit_root before actually getting to free block groups where caching thread needs valid extent_root->commit_root. Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com> Signed-off-by: Chris Mason <chris.mason@fusionio.com>		2013-06-08 15:10:01 -04:00
..
acl.c	Btrfs: skip adding an acl attribute if we don't have to	2012-12-16 20:46:15 -05:00
async-thread.c	Btrfs: call the ordered free operation without any locks held	2012-07-25 16:15:07 -04:00
async-thread.h	btrfs: return void in functions without error conditions	2012-03-22 01:45:34 +01:00
backref.c	Btrfs: fix possible memory leak in the find_parent_nodes()	2013-05-17 21:40:17 -04:00
backref.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
btrfs_inode.h	btrfs: fix minor typo in comment	2013-05-06 15:54:49 -04:00
check-integrity.c	Btrfs: use a btrfs bioset instead of abusing bio internals	2013-05-17 21:52:52 -04:00
check-integrity.h	Btrfs: add optional integrity check code	2011-12-21 19:14:09 +01:00
compat.h
compression.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
compression.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
ctree.c	Btrfs: handle running extent ops with skinny metadata	2013-05-17 21:40:15 -04:00
ctree.h	Btrfs: handle running extent ops with skinny metadata	2013-05-17 21:40:15 -04:00
delayed-inode.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
delayed-inode.h	Btrfs: improve the delayed inode throttling	2013-03-07 07:52:40 -05:00
delayed-ref.c	Btrfs: separate sequence numbers for delayed ref tracking and tree mod log	2013-05-06 15:55:17 -04:00
delayed-ref.h	Btrfs: handle running extent ops with skinny metadata	2013-05-17 21:40:15 -04:00
dev-replace.c	Btrfs: don't allow device replace on RAID5/RAID6	2013-05-17 21:40:16 -04:00
dev-replace.h	Btrfs: add new sources for device replace code	2012-12-12 17:15:41 -05:00
dir-item.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
disk-io.c	Btrfs: fix use-after-free bug during umount	2013-06-08 15:10:01 -04:00
disk-io.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
export.c	fs: encode_fh: return FILEID_INVALID if invalid fid_type	2013-02-26 02:46:10 -05:00
export.h
extent_io.c	Merge branch 'for-chris' of git://git.kernel.org/pub/scm/linux/kernel/git/josef/btrfs-next	2013-05-17 21:53:17 -04:00
extent_io.h	Btrfs: use a btrfs bioset instead of abusing bio internals	2013-05-17 21:52:52 -04:00
extent_map.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
extent_map.h	Btrfs: fix bad extent logging	2013-05-06 15:54:34 -04:00
extent-tree.c	Btrfs: explicitly use global_block_rsv for quota_tree	2013-05-17 21:40:36 -04:00
file-item.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
file.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
free-space-cache.c	Btrfs: don't use global block reservation for inode cache truncation	2013-05-17 21:40:22 -04:00
free-space-cache.h	Btrfs: don't use global block reservation for inode cache truncation	2013-05-17 21:40:22 -04:00
hash.h	btrfs: extended inode refs	2012-10-09 09:14:45 -04:00
inode-item.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
inode-map.c	Btrfs: don't use global block reservation for inode cache truncation	2013-05-17 21:40:22 -04:00
inode-map.h	Btrfs: Support reading/writing on disk free ino cache	2011-04-25 16:46:11 +08:00
inode.c	btrfs: Drop inode if inode root is NULL	2013-06-08 15:07:53 -04:00
ioctl.c	btrfs: don't stop searching after encountering the wrong item	2013-05-17 21:40:10 -04:00
Kconfig	btrfs: move leak debug code to functions	2013-05-06 15:55:16 -04:00
locking.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
locking.h	Btrfs: remove btrfs_try_spin_lock	2013-03-14 14:57:10 -04:00
lzo.c	btrfs: remove the second argument of k[un]map_atomic()	2012-03-20 21:48:21 +08:00
Makefile	Btrfs: RAID5 and RAID6	2013-02-01 14:24:23 -05:00
math.h	Btrfs: cleanup duplicated division functions	2012-12-11 13:31:30 -05:00
ordered-data.c	Btrfs: improve the performance of the csums lookup	2013-05-06 15:54:35 -04:00
ordered-data.h	Btrfs: improve the performance of the csums lookup	2013-05-06 15:54:35 -04:00
orphan.c	btrfs: replace many BUG_ONs with proper error handling	2012-03-22 11:52:54 +01:00
print-tree.c	Btrfs: Include the device in most error printk()s	2013-05-06 15:54:23 -04:00
print-tree.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
qgroup.c	Btrfs: automatic rescan after "quota enable" command	2013-05-06 15:55:20 -04:00
raid56.c	Btrfs: use a btrfs bioset instead of abusing bio internals	2013-05-17 21:52:52 -04:00
raid56.h	Btrfs: RAID5 and RAID6	2013-02-01 14:24:23 -05:00
rcu-string.h	Btrfs: use rcu to protect device->name	2012-06-14 21:29:16 -04:00
reada.c	Btrfs: fix reada debug code compilation	2013-05-06 15:54:55 -04:00
relocation.c	Btrfs: init relocate extent_io_tree with a mapping	2013-06-08 15:07:53 -04:00
root-tree.c	Btrfs: delete unused parameter to btrfs_read_root_item()	2013-05-06 15:55:14 -04:00
scrub.c	Btrfs: use a btrfs bioset instead of abusing bio internals	2013-05-17 21:52:52 -04:00
send.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
send.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
struct-funcs.c	Btrfs: rewrite BTRFS_SETGET_FUNCS	2012-07-23 16:28:06 -04:00
super.c	Btrfs: pause the space balance when remounting to R/O	2013-05-17 21:40:31 -04:00
sysfs.c	btrfs: fixup/remove module.h usage as required	2013-03-01 15:01:01 -05:00
transaction.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
transaction.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
tree-defrag.c	btrfs: remove cache only arguments from defrag path	2013-02-20 12:59:36 -05:00
tree-log.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
tree-log.h	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
ulist.c	Btrfs: add a rb_tree to improve performance of ulist search	2013-05-06 15:54:44 -04:00
ulist.h	Btrfs: add a rb_tree to improve performance of ulist search	2013-05-06 15:54:44 -04:00
version.h
volumes.c	Merge branch 'for-chris' of git://git.kernel.org/pub/scm/linux/kernel/git/josef/btrfs-next	2013-05-17 21:53:17 -04:00
volumes.h	Btrfs: use a btrfs bioset instead of abusing bio internals	2013-05-17 21:52:52 -04:00
xattr.c	btrfs: make static code static & remove dead code	2013-05-06 15:55:23 -04:00
xattr.h	fs/vfs/security: pass last path component to LSM on inode creation	2011-02-01 11:12:29 -05:00
zlib.c	btrfs: fix message printing	2012-10-09 09:19:57 -04:00