linux-hardened/fs/xfs
Dave Chinner f94c44573e xfs: growfs overruns AGFL buffer on V4 filesystems
This loop in xfs_growfs_data_private() is incorrect for V4
superblocks filesystems:

		for (bucket = 0; bucket < XFS_AGFL_SIZE(mp); bucket++)
			agfl->agfl_bno[bucket] = cpu_to_be32(NULLAGBLOCK);

For V4 filesystems, we don't have a agfl header structure, and so
XFS_AGFL_SIZE() returns an entire sector's worth of entries, which
we then index from an offset into the sector. Hence: buffer overrun.

This problem was introduced in 3.10 by commit 77c95bba ("xfs: add
CRC checks to the AGFL") which changed the AGFL structure but failed
to update the growfs code to handle the different structures.

Fix it by using the correct offset into the buffer for both V4 and
V5 filesystems.

Cc: <stable@vger.kernel.org>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Jie Liu <jeff.liu@oracle.com>
Signed-off-by: Ben Myers <bpm@sgi.com>

(cherry picked from commit b7d961b35b)
2013-12-10 10:04:27 -06:00
..
Kconfig xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
kmem.c xfs: simplify kmem_{zone_}zalloc 2013-11-06 16:31:27 -06:00
kmem.h xfs: simplify kmem_{zone_}zalloc 2013-11-06 16:31:27 -06:00
Makefile xfs: abstract the differences in dir2/dir3 via an ops vector 2013-10-30 13:37:38 -05:00
mrlock.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
time.h
uuid.c
uuid.h xfs: add CRC infrastructure 2012-11-19 20:11:24 -06:00
xfs.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
xfs_acl.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_acl.h xfs: increase number of ACL entries for V5 superblocks 2013-06-06 10:52:15 -05:00
xfs_ag.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_alloc.c xfs: add tracepoints to AGF/AGI read operations 2013-11-06 12:42:52 -06:00
xfs_alloc.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_alloc_btree.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_alloc_btree.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_aops.c xfs: prevent stack overflows from page cache allocation 2013-10-30 15:44:51 -05:00
xfs_aops.h direct-io: Implement generic deferred AIO completions 2013-09-04 09:23:46 -04:00
xfs_attr.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_attr.h xfs: kill xfs_vnodeops.[ch] 2013-08-12 16:53:39 -05:00
xfs_attr_inactive.c xfs: vectorise encoding/decoding directory headers 2013-10-30 13:47:22 -05:00
xfs_attr_leaf.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_attr_leaf.h xfs: unify directory/attribute format definitions 2013-10-23 14:21:40 -05:00
xfs_attr_list.c xfs: vectorise encoding/decoding directory headers 2013-10-30 13:47:22 -05:00
xfs_attr_remote.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_attr_remote.h xfs: unify directory/attribute format definitions 2013-10-23 14:21:40 -05:00
xfs_attr_sf.h
xfs_bit.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_bit.h
xfs_bmap.c xfs: fix unlock in xfs_bmap_add_attrfork 2013-11-18 09:12:54 -06:00
xfs_bmap.h xfs: remove __KERNEL__ from debug code 2013-08-12 16:58:37 -05:00
xfs_bmap_btree.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_bmap_btree.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_bmap_util.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_bmap_util.h xfs: fold xfs_change_file_space into xfs_ioc_space 2013-10-21 16:57:03 -05:00
xfs_btree.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_btree.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_buf.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_buf.h xfs: rework buffer dispose list tracking 2013-09-10 18:56:31 -04:00
xfs_buf_item.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_buf_item.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_cksum.h xfs: add CRC infrastructure 2012-11-19 20:11:24 -06:00
xfs_da_btree.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_da_btree.h xfs: abstract the differences in dir2/dir3 via an ops vector 2013-10-30 13:37:38 -05:00
xfs_da_format.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_da_format.h xfs: convert directory vector functions to constants 2013-10-30 13:48:41 -05:00
xfs_dinode.h xfs: di_flushiter considered harmful 2013-07-25 10:41:42 -05:00
xfs_dir2.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_dir2.h xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_dir2_block.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_dir2_data.c xfs: validity check the directory block leaf entry count 2013-10-30 13:57:14 -05:00
xfs_dir2_leaf.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_dir2_node.c xfs:xfs_dir2_node.c: pointer use before check for null 2013-10-30 15:53:14 -05:00
xfs_dir2_priv.h xfs: vectorise encoding/decoding directory headers 2013-10-30 13:47:22 -05:00
xfs_dir2_readdir.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_dir2_sf.c xfs: convert directory vector functions to constants 2013-10-30 13:49:18 -05:00
xfs_discard.c xfs: don't perform discard if the given range length is less than block size 2013-12-10 10:00:33 -06:00
xfs_discard.h
xfs_dquot.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_dquot.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_dquot_buf.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_dquot_item.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_dquot_item.h
xfs_error.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_error.h
xfs_export.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_export.h xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
xfs_extent_busy.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_extent_busy.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_extfree_item.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_extfree_item.h xfs: split out EFI/EFD log item format definition 2013-08-12 16:07:13 -05:00
xfs_file.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_filestream.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_filestream.h xfs: xfs_filestreams.h doesn't need __KERNEL__ 2013-08-12 17:00:11 -05:00
xfs_format.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_fs.h xfs: add the inode directory type support to XFS_IOC_FSGEOM 2013-10-08 14:28:09 -05:00
xfs_fsops.c xfs: growfs overruns AGFL buffer on V4 filesystems 2013-12-10 10:04:27 -06:00
xfs_fsops.h
xfs_globals.c xfs: add background scanning to clear eofblocks inodes 2012-11-08 15:34:59 -06:00
xfs_ialloc.c xfs: add tracepoints to AGF/AGI read operations 2013-11-06 12:42:52 -06:00
xfs_ialloc.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_ialloc_btree.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_ialloc_btree.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_icache.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_icache.h xfs: update #2 for v3.12-rc1 2013-09-12 16:13:41 -07:00
xfs_icreate_item.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_icreate_item.h xfs: separate icreate log format definitions from xfs_icreate_item.h 2013-08-12 16:10:35 -05:00
xfs_inode.c xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering 2013-11-04 13:18:48 -06:00
xfs_inode.h xfs: abstract the differences in dir2/dir3 via an ops vector 2013-10-30 13:37:38 -05:00
xfs_inode_buf.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_inode_buf.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_inode_fork.c xfs: fix the extent count when allocating an new indirection array entry 2013-10-31 16:43:19 -05:00
xfs_inode_fork.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_inode_item.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_inode_item.h xfs: split out inode log item format definition 2013-08-12 16:05:19 -05:00
xfs_inum.h
xfs_ioctl.c xfs: underflow bug in xfs_attrlist_by_handle() 2013-12-10 09:59:37 -06:00
xfs_ioctl.h xfs: consolidate extent swap code 2013-08-12 16:56:06 -05:00
xfs_ioctl32.c xfs: underflow bug in xfs_attrlist_by_handle() 2013-12-10 09:59:37 -06:00
xfs_ioctl32.h
xfs_iomap.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_iomap.h xfs: get rid of count from xfs_iomap_write_allocate() 2013-10-01 15:42:34 -05:00
xfs_iops.c xfs: prevent stack overflows from page cache allocation 2013-10-30 15:44:51 -05:00
xfs_iops.h xfs: fold xfs_change_file_space into xfs_ioc_space 2013-10-21 16:57:03 -05:00
xfs_itable.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_itable.h
xfs_linux.h xfs: remove two unused macro definitions in xfs_linux.h 2013-08-20 15:30:23 -05:00
xfs_log.c xfs: trace AIL manipulations 2013-11-06 12:41:51 -06:00
xfs_log.h xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_log_cil.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_log_format.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_log_priv.h xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_log_recover.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_log_recover.h
xfs_log_rlimit.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_message.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_message.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
xfs_mount.c xfs: increase inode cluster size for v5 filesystems 2013-11-18 09:29:36 -06:00
xfs_mount.h xfs: increase inode cluster size for v5 filesystems 2013-11-18 09:29:36 -06:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_qm.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_qm.h xfs: split dquot buffer operations out 2013-10-23 14:28:35 -05:00
xfs_qm_bhv.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_qm_syscalls.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_quota.h xfs: split dquot buffer operations out 2013-10-23 14:28:35 -05:00
xfs_quota_defs.h xfs: split dquot buffer operations out 2013-10-23 14:28:35 -05:00
xfs_quota_priv.h
xfs_quotaops.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_rtalloc.c xfs: split xfs_rtalloc.c for userspace sanity 2013-10-23 17:16:32 -05:00
xfs_rtalloc.h xfs: split xfs_rtalloc.c for userspace sanity 2013-10-23 17:16:32 -05:00
xfs_rtbitmap.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_sb.c xfs: be more forgiving of a v4 secondary sb w/ junk in v5 fields 2013-10-30 16:38:29 -05:00
xfs_sb.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_shared.h xfs: create a shared header file for format-related information 2013-10-23 14:11:30 -05:00
xfs_stats.c
xfs_stats.h
xfs_super.c xfs: update for v3.13-rc1 2013-11-14 17:16:35 +09:00
xfs_super.h xfs: xfs_sync_data is redundant. 2012-10-17 12:01:25 -05:00
xfs_symlink.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_symlink.h xfs: push down inactive transaction mgmt for remote symlinks 2013-10-08 14:53:02 -05:00
xfs_symlink_remote.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_sysctl.c xfs: Convert use of typedef ctl_table to struct ctl_table 2013-06-17 17:42:25 -05:00
xfs_sysctl.h xfs: add background scanning to clear eofblocks inodes 2012-11-08 15:34:59 -06:00
xfs_trace.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_trace.h xfs: add tracepoints to AGF/AGI read operations 2013-11-06 12:42:52 -06:00
xfs_trans.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_trans.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_trans_ail.c xfs: trace AIL manipulations 2013-11-06 12:41:51 -06:00
xfs_trans_buf.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_trans_dquot.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_trans_extfree.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_trans_inode.c xfs: open code inc_inode_iversion when logging an inode 2013-11-18 09:42:08 -06:00
xfs_trans_priv.h xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_trans_resv.c xfs: increase inode cluster size for v5 filesystems 2013-11-18 09:29:36 -06:00
xfs_trans_resv.h xfs: Get rid of all XFS_XXX_LOG_RES() macro 2013-08-12 17:48:08 -05:00
xfs_trans_space.h
xfs_types.h xfs: Add read-only support for dirent filetype field 2013-08-22 08:40:24 -05:00
xfs_vnode.h xfs: clean up xfs_inactive() error handling, kill VN_INACTIVE_[NO]CACHE 2013-10-08 17:20:41 -05:00
xfs_xattr.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00