linux-sg2042/fs
Bob Peterson 728a756b8f GFS2: rename causes kernel Oops
This patch fixes a kernel Oops in the GFS2 rename code.

The problem was in the way the gfs2 directory code was trying
to re-use sentinel directory entries.

In the failing case, gfs2's rename function was renaming a
file to another name that had the same non-trivial length.
The file being renamed happened to be the first directory
entry on the leaf block.

First, the rename code (gfs2_rename in ops_inode.c) found the
original directory entry and decided it could do its job by
simply replacing the directory entry with another.  Therefore
it determined correctly that no block allocations were needed.

Next, the rename code deleted the old directory entry prior to
replacing it with the new name.  Therefore, the soon-to-be
replaced directory entry was temporarily made into a directory
entry "sentinel" or a place holder at the start of a leaf block.

Lastly, it went to re-add the replacement directory entry in
that leaf block.  However, when gfs2_dirent_find_space was
looking for space in the leaf block, it used the wrong value
for the sentinel.  That threw off its calculations so later
it decides it can't really re-use the sentinel and therefore
must allocate a new leaf block.  But because it previously decided
to re-use the directory entry, it didn't waste the time to
grab a new block allocation for the inode.  Therefore, the
inode's i_alloc pointer was still NULL and it crashes trying to
reference it.

In the case of sentinel directory entries, the entire dirent is
reused, not just the "free space" portion of it, and therefore
the function gfs2_dirent_find_space should use the value 0
rather than GFS2_DIRENT_SIZE(0) for the actual dirent size.

Fixing this calculation enables the reproducer programs to work
properly.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-07-15 09:07:56 +01:00
..
9p drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
adfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
affs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
afs writeback: remove writeback_inodes_wbc 2010-07-06 08:54:03 +02:00
autofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
autofs4 fs/autofs4: use memdup_user 2010-05-27 09:12:41 -07:00
befs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
btrfs writeback: remove writeback_inodes_wbc 2010-07-06 08:54:03 +02:00
cachefiles CacheFiles: Fix error handling in cachefiles_determine_cache_security() 2010-05-12 18:23:58 -07:00
ceph ceph: fix crush device 'out' threshold to 1.0, not 0.1 2010-07-05 09:44:17 -07:00
cifs cifs: remove bogus first_time check in NTLMv2 session setup code 2010-06-16 13:40:18 -04:00
coda drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
configfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
cramfs
debugfs Add x64 support to debugfs 2010-05-19 22:41:57 -04:00
devpts Simplify devpts_get_sb() failure exits 2010-05-21 18:31:12 -04:00
dlm dlm: fix ast ordering for user locks 2010-04-30 14:52:51 -05:00
ecryptfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
efs
exofs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
exportfs
ext2 ext2: update ctime when changing the file's permission by setfacl 2010-06-25 01:20:37 +02:00
ext3 ext3: update ctime when changing the file's permission by setfacl 2010-06-25 01:20:37 +02:00
ext4 ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags 2010-06-05 11:51:27 -04:00
fat fat: convert to use the new truncate convention. 2010-05-27 22:16:02 -04:00
freevxfs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
fscache FS-Cache: Remove unneeded null checks 2010-06-01 13:32:11 -07:00
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2010-05-30 09:16:14 -07:00
gfs2 GFS2: rename causes kernel Oops 2010-07-15 09:07:56 +01:00
hfs include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
hfsplus hfsplus: Push down BKL into ioctl function 2010-05-17 05:27:03 +02:00
hostfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hppfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hugetlbfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
isofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
jbd ext3: Fix waiting on transaction during fsync 2010-05-21 19:30:41 +02:00
jbd2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2010-05-27 10:26:37 -07:00
jffs2 Merge git://git.infradead.org/~dwmw2/mtd-2.6.35 2010-06-07 17:10:06 -07:00
jfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
lockd include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
logfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
minix Minix: Clean up left over label 2010-06-04 17:16:30 -04:00
ncpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
nfs NFSv4: Fix an embarassing typo in encode_attrs() 2010-06-22 13:22:54 -04:00
nfs_common include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfsd Merge branch 'for-2.6.35' of git://linux-nfs.org/~bfields/linux 2010-06-09 12:43:04 -07:00
nilfs2 nilfs2: remove obsolete declarations of cache constructor and destructor 2010-05-31 20:50:29 +09:00
nls
notify Saner locking around deactivate_super() 2010-05-21 18:31:14 -04:00
ntfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
ocfs2 ocfs2: update gfp/slab.h includes 2010-06-28 10:19:19 +10:00
omfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
openpromfs
partitions fs: ldm: don't use own implementation of hex_to_bin() 2010-05-25 08:07:06 -07:00
proc nommu: add '[stack]' label to /proc/pid/maps output 2010-06-29 15:29:30 -07:00
qnx4 rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ramfs fs: convert simple fs to new truncate 2010-05-27 22:15:47 -04:00
reiserfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
romfs fix leak in romfs_fill_super() 2010-01-26 22:22:26 -05:00
smbfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
squashfs squashfs: fix name reading in squashfs_xattr_get 2010-05-23 08:27:42 +01:00
sysfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
sysv sysvfs: fix NULL deref. when allocating new inode 2010-06-29 15:29:32 -07:00
ubifs writeback: enforce s_umount locking in writeback_inodes_sb 2010-06-11 12:58:07 +02:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ufs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
xfs xfs: remove block number from inode lookup code 2010-06-24 11:35:17 +10:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
Kconfig.binfmt
Makefile Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
aio.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
anon_inodes.c Revert "anon_inode: set S_IFREG on the anon_inode" 2010-05-27 22:03:05 -04:00
attr.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
bad_inode.c drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
binfmt_aout.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_elf.c coredump: pass mm->flags as a coredump parameter for consistency 2010-03-06 11:26:46 -08:00
binfmt_elf_fdpic.c binfmt_elf_fdpic: Fix clear_user() error handling 2010-06-01 08:11:06 -07:00
binfmt_em86.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_flat.c flat: tweak default stack alignment 2010-06-29 15:29:31 -07:00
binfmt_misc.c
binfmt_script.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
binfmt_som.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
bio-integrity.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bio.c Merge branch 'master' into for-linus 2010-03-19 08:05:10 +01:00
block_dev.c block: remove duplicate BUG_ON() in bd_finish_claiming() 2010-06-10 19:08:34 +02:00
buffer.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
char_dev.c
compat.c fs/compat_rw_copy_check_uvector: add missing compat_ptr call 2010-06-04 15:21:44 -07:00
compat_binfmt_elf.c elf coredump: replace ELF_CORE_EXTRA_* macros by functions 2010-03-06 11:26:45 -08:00
compat_ioctl.c pktcdvd: improve BKL and compat_ioctl.c usage 2010-04-29 08:44:37 -07:00
dcache.c fs: fix superblock iteration race 2010-06-29 10:38:22 -07:00
dcookies.c
direct-io.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
drop_caches.c new helper: iterate_supers() 2010-05-21 18:31:16 -04:00
eventfd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
eventpoll.c sched, wait: Use wrapper functions 2010-05-11 17:43:58 +02:00
exec.c exit: avoid sig->count in de_thread/__exit_signal synchronization 2010-05-27 09:12:46 -07:00
fcntl.c fs/fcntl.c:kill_fasync_rcu() fa_lock must be IRQ-safe 2010-06-29 15:29:32 -07:00
fifo.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
file.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
file_table.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
filesystems.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fs-writeback.c writeback: simplify the write back thread queue 2010-07-06 08:59:53 +02:00
fs_struct.c
generic_acl.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00
inode.c vfs: Add inode uid,gid,mode init helper 2010-05-21 18:31:22 -04:00
internal.h Bury __put_super_and_need_restart() 2010-05-21 18:31:16 -04:00
ioctl.c Introduce freeze_super and thaw_super for the fsfreeze ioctl 2010-05-21 18:31:18 -04:00
ioprio.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
libfs.c wrong type for 'magic' argument in simple_fill_super() 2010-06-04 17:16:28 -04:00
locks.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
mbcache.c
mpage.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
namei.c VFS: fix recent breakage of FS_REVAL_DOT 2010-05-27 22:03:06 -04:00
namespace.c Merge branch 'next' into for-linus 2010-05-18 08:57:00 +10:00
nfsctl.c Switch may_open() and break_lease() to passing O_... 2010-03-03 13:00:21 -05:00
no-block.c
open.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
pipe.c pipe: fix check in "set size" fcntl 2010-06-10 19:08:34 +02:00
pnode.c Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source() 2010-03-03 13:00:22 -05:00
pnode.h VFS: Clean up shared mount flag propagation 2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c vfs: introduce noop_llseek() 2010-05-27 09:12:56 -07:00
read_write.h
readdir.c
select.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
seq_file.c seq_file: fix new kernel-doc warnings 2010-03-07 15:48:26 -08:00
signalfd.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
splice.c splice: check f_mode for seekable file 2010-06-30 08:12:37 +02:00
stack.c
stat.c
statfs.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
super.c fs: fix superblock iteration race 2010-06-29 10:38:22 -07:00
sync.c Merge branch 'master' into for-linus 2010-06-01 12:42:12 +02:00
timerfd.c fs/timerfd.c: make use of wait_event_interruptible_locked_irq() 2010-05-20 13:21:42 -07:00
utimes.c
xattr.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00
xattr_acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00