linux-hardened/fs/btrfs
Liu Bo 14c7cca780 Btrfs: fix an oops when deleting snapshots
We can reproduce this oops via the following steps:

$ mkfs.btrfs /dev/sdb7
$ mount /dev/sdb7 /mnt/btrfs
$ for ((i=0; i<3; i++)); do btrfs sub snap /mnt/btrfs /mnt/btrfs/s_$i; done
$ rm -fr /mnt/btrfs/*
$ rm -fr /mnt/btrfs/*

then we'll get
------------[ cut here ]------------
kernel BUG at fs/btrfs/inode.c:2264!
[...]
Call Trace:
 [<ffffffffa05578c7>] btrfs_rmdir+0xf7/0x1b0 [btrfs]
 [<ffffffff81150b95>] vfs_rmdir+0xa5/0xf0
 [<ffffffff81153cc3>] do_rmdir+0x123/0x140
 [<ffffffff81145ac7>] ? fput+0x197/0x260
 [<ffffffff810aecff>] ? audit_syscall_entry+0x1bf/0x1f0
 [<ffffffff81153d0d>] sys_unlinkat+0x2d/0x40
 [<ffffffff8147896b>] system_call_fastpath+0x16/0x1b
RIP  [<ffffffffa054f7b9>] btrfs_orphan_add+0x179/0x1a0 [btrfs]

When it comes to btrfs_lookup_dentry, we may set a snapshot's inode->i_ino
to BTRFS_EMPTY_SUBVOL_DIR_OBJECTID instead of BTRFS_FIRST_FREE_OBJECTID,
while the snapshot's location.objectid remains unchanged.

However, btrfs_ino() does not take this into account, and returns a wrong ino,
and causes the oops.

Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
2011-09-11 10:52:24 -04:00
..
acl.c Btrfs: make acl functions really no-op if acl is not enabled 2011-08-01 14:30:48 -04:00
async-thread.c Btrfs: don't walk around with task->state != TASK_RUNNING 2010-05-25 10:34:58 -04:00
async-thread.h Btrfs: fix deadlock on async thread startup 2009-10-05 09:44:45 -04:00
btrfs_inode.h Btrfs: fix an oops when deleting snapshots 2011-09-11 10:52:24 -04:00
compat.h Btrfs: drop remaining LINUX_KERNEL_VERSION checks and compat code 2009-01-06 09:38:55 -05:00
compression.c Btrfs: check the nodatasum flag when writing compressed files 2011-08-01 14:30:46 -04:00
compression.h btrfs: rename variables clashing with global function names 2011-05-02 13:57:19 +02:00
ctree.c Btrfs: remove lockdep magic from btrfs_next_leaf 2011-07-27 12:46:47 -04:00
ctree.h Btrfs: use plain page_address() in header fields setget functions 2011-08-16 21:09:15 -04:00
delayed-inode.c Btrfs: switch the btrfs tree locks to reader/writer 2011-07-27 12:46:46 -04:00
delayed-inode.h btrfs: fix inconsonant inode information 2011-06-27 11:34:27 -04:00
delayed-ref.c btrfs: remove old unused commented out code 2011-05-06 12:34:10 +02:00
delayed-ref.h btrfs: remove all unused functions 2011-05-06 12:34:03 +02:00
dir-item.c Btrfs: remove redundant code for dir item lookup 2011-08-01 14:30:48 -04:00
disk-io.c Btrfs: make a lockdep class for each root 2011-07-27 12:46:46 -04:00
disk-io.h Btrfs: make a lockdep class for each root 2011-07-27 12:46:46 -04:00
export.c Merge branch 'ino-alloc' of git://repo.or.cz/linux-btrfs-devel into inode_numbers 2011-05-21 09:27:38 -04:00
export.h NFS support for btrfs - v3 2008-09-25 11:04:06 -04:00
extent-tree.c Btrfs: forced readonly when btrfs_drop_snapshot() fails 2011-08-16 21:09:15 -04:00
extent_io.c Btrfs: don't call writepages from within write_full_page 2011-08-01 14:37:36 -04:00
extent_io.h Btrfs: remove unused members from struct extent_state 2011-08-01 14:30:50 -04:00
extent_map.c Btrfs: clean up code for merging extent maps 2011-08-01 14:30:50 -04:00
extent_map.h btrfs: drop gfp parameter from alloc_extent_map 2011-05-02 13:57:21 +02:00
file-item.c Merge branch 'alloc_path' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/btrfs-error-handling into for-linus 2011-08-01 14:27:34 -04:00
file.c Btrfs: set i_size properly when fallocating and we already 2011-08-18 10:36:39 -04:00
free-space-cache.c Btrfs: fix wrong free space information 2011-08-16 21:09:31 -04:00
free-space-cache.h btrfs: remove all unused functions 2011-05-06 12:34:03 +02:00
hash.h Btrfs: remove crc32c.h and use libcrc32c directly. 2009-06-10 11:29:53 -04:00
inode-item.c Btrfs: BUG_ON is deleted from the caller of btrfs_truncate_item & btrfs_extend_item 2011-05-23 13:24:39 -04:00
inode-map.c btrfs: add helper for fs_info->closing 2011-06-04 08:11:22 -04:00
inode-map.h Btrfs: Support reading/writing on disk free ino cache 2011-04-25 16:46:11 +08:00
inode.c btrfs: Make extent-io callbacks that never fail return void 2011-08-01 14:30:43 -04:00
ioctl.c Btrfs: truncate pages from clone ioctl target range 2011-08-16 21:09:31 -04:00
ioctl.h Btrfs: add mount -o auto_defrag 2011-05-26 17:52:15 -04:00
Kconfig btrfs: Add lzo compression support 2010-12-22 23:15:47 +08:00
locking.c Btrfs: switch the btrfs tree locks to reader/writer 2011-07-27 12:46:46 -04:00
locking.h Btrfs: switch the btrfs tree locks to reader/writer 2011-07-27 12:46:46 -04:00
lzo.c Btrfs: Avoid accessing unmapped kernel address 2011-02-16 15:37:58 -05:00
Makefile Btrfs: make acl functions really no-op if acl is not enabled 2011-08-01 14:30:48 -04:00
ordered-data.c Btrfs: add initial tracepoint support for btrfs 2011-03-28 05:37:33 -04:00
ordered-data.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
orphan.c Btrfs: fixup return code for btrfs_del_orphan_item 2010-12-09 13:57:15 -05:00
print-tree.c btrfs: fix missing break in switch phrase 2011-01-28 16:40:37 -05:00
print-tree.h
relocation.c Merge branch 'integration' into for-linus 2011-07-27 16:18:13 -04:00
root-tree.c btrfs: make btrfs_set_root_node void 2011-08-01 14:30:44 -04:00
scrub.c btrfs: remove unneeded includes from scrub.c 2011-06-10 14:59:52 +02:00
struct-funcs.c Btrfs: stop using highmem for extent_buffers 2011-07-27 12:46:45 -04:00
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2011-07-08 23:25:45 -07:00
sysfs.c btrfs: Remove unused sysfs code 2011-06-17 14:54:18 -04:00
transaction.c Btrfs: remove a BUG_ON() in btrfs_commit_transaction() 2011-08-01 14:30:47 -04:00
transaction.h Merge branch 'for-chris' of 2011-05-28 07:00:39 -04:00
tree-defrag.c btrfs: drop unused parameter from btrfs_release_path 2011-05-02 13:57:22 +02:00
tree-log.c Btrfs: fix an oops of log replay 2011-08-16 21:09:15 -04:00
tree-log.h btrfs: remove unused function prototypes 2011-05-04 14:01:26 +02:00
version.h Update Btrfs files for in-kernel usage 2008-09-25 15:41:59 -04:00
volumes.c Btrfs: fix uninitialized sync_pending 2011-08-16 21:09:31 -04:00
volumes.h Btrfs: detect wether a device supports discard 2011-08-16 21:09:15 -04:00
xattr.c Btrfs: try to only do one btrfs_search_slot in do_setxattr 2011-07-11 09:58:45 -04:00
xattr.h fs/vfs/security: pass last path component to LSM on inode creation 2011-02-01 11:12:29 -05:00
zlib.c zlib: slim down zlib_deflate() workspace when possible 2011-03-22 17:44:17 -07:00