linux/fs
Dave Chinner 7124fe0a5b xfs: validate untrusted inode numbers during lookup
When we decode a handle or do a bulkstat lookup, we are using an
inode number we cannot trust to be valid. If we are deleting inode
chunks from disk (default noikeep mode), then we cannot trust the on
disk inode buffer for any given inode number to correctly reflect
whether the inode has been unlinked as the di_mode nor the
generation number may have been updated on disk.

This is due to the fact that when we delete an inode chunk, we do
not write the clusters back to disk when they are removed - instead
we mark them stale to avoid them being written back potentially over
the top of something that has been subsequently allocated at that
location. The result is that we can have locations of disk that look
like they contain valid inodes but in reality do not. Hence we
cannot simply convert the inode number to a block number and read
the location from disk to determine if the inode is valid or not.

As a result, and XFS_IGET_BULKSTAT lookup needs to actually look the
inode up in the inode allocation btree to determine if the inode
number is valid or not.

It should be noted even on ikeep filesystems, there is the
possibility that blocks on disk may look like valid inode clusters.
e.g. if there are filesystem images hosted on the filesystem. Hence
even for ikeep filesystems we really need to validate that the inode
number is valid before issuing the inode buffer read.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2010-06-24 11:15:33 +10:00
..
9p drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
adfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
affs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
afs AFS: Fix possible null pointer dereference in afs_alloc_server() 2010-06-01 09:26:36 -07:00
autofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
autofs4 fs/autofs4: use memdup_user 2010-05-27 09:12:41 -07:00
befs
bfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-06-11 14:18:47 -07:00
cachefiles
ceph ceph: try to send partial cap release on cap message on missing inode 2010-06-10 13:30:25 -07:00
cifs cifs: fix page refcount leak 2010-06-01 17:15:52 +00:00
coda drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
configfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
cramfs
debugfs Add x64 support to debugfs 2010-05-19 22:41:57 -04:00
devpts Simplify devpts_get_sb() failure exits 2010-05-21 18:31:12 -04:00
dlm
ecryptfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
efs
exofs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
exportfs
ext2 fix truncate inode time modification breakage 2010-06-04 17:16:30 -04:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ext4 ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags 2010-06-05 11:51:27 -04:00
fat fat: convert to use the new truncate convention. 2010-05-27 22:16:02 -04:00
freevxfs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
fscache FS-Cache: Remove unneeded null checks 2010-06-01 13:32:11 -07:00
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2010-05-30 09:16:14 -07:00
gfs2 kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
hfs
hfsplus hfsplus: Push down BKL into ioctl function 2010-05-17 05:27:03 +02:00
hostfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hppfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hugetlbfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
isofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
jbd ext3: Fix waiting on transaction during fsync 2010-05-21 19:30:41 +02:00
jbd2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2010-05-27 10:26:37 -07:00
jffs2 Merge git://git.infradead.org/~dwmw2/mtd-2.6.35 2010-06-07 17:10:06 -07:00
jfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
lockd
logfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
minix Minix: Clean up left over label 2010-06-04 17:16:30 -04:00
ncpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
nfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
nfs_common
nfsd Merge branch 'for-2.6.35' of git://linux-nfs.org/~bfields/linux 2010-06-09 12:43:04 -07:00
nilfs2 nilfs2: remove obsolete declarations of cache constructor and destructor 2010-05-31 20:50:29 +09:00
nls
notify Saner locking around deactivate_super() 2010-05-21 18:31:14 -04:00
ntfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
ocfs2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
omfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
openpromfs
partitions fs: ldm: don't use own implementation of hex_to_bin() 2010-05-25 08:07:06 -07:00
proc kcore: add _text to KCORE_TEXT 2010-05-27 09:12:47 -07:00
qnx4 rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ramfs fs: convert simple fs to new truncate 2010-05-27 22:15:47 -04:00
reiserfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
romfs
smbfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
squashfs squashfs: fix name reading in squashfs_xattr_get 2010-05-23 08:27:42 +01:00
sysfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
sysv fix fs/sysv s_dirt handling 2010-05-27 22:16:05 -04:00
ubifs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ufs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
xfs xfs: validate untrusted inode numbers during lookup 2010-06-24 11:15:33 +10:00
aio.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
anon_inodes.c Revert "anon_inode: set S_IFREG on the anon_inode" 2010-05-27 22:03:05 -04:00
attr.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
bad_inode.c drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
binfmt_aout.c
binfmt_elf_fdpic.c binfmt_elf_fdpic: Fix clear_user() error handling 2010-06-01 08:11:06 -07:00
binfmt_elf.c
binfmt_em86.c
binfmt_flat.c flat: fix unmap len in load error path 2010-06-04 15:21:45 -07:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c
block_dev.c block: remove duplicate BUG_ON() in bd_finish_claiming() 2010-06-10 19:08:34 +02:00
buffer.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c fs/compat_rw_copy_check_uvector: add missing compat_ptr call 2010-06-04 15:21:44 -07:00
dcache.c fix prune_dcache()/umount() race 2010-05-21 18:31:16 -04:00
dcookies.c
direct-io.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
drop_caches.c new helper: iterate_supers() 2010-05-21 18:31:16 -04:00
eventfd.c
eventpoll.c
exec.c exit: avoid sig->count in de_thread/__exit_signal synchronization 2010-05-27 09:12:46 -07:00
fcntl.c fcntl: return -EFAULT if copy_to_user fails 2010-06-04 17:16:28 -04:00
fifo.c
file_table.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
file.c
filesystems.c
fs_struct.c
fs-writeback.c Merge branch 'master' into for-linus 2010-06-01 12:42:12 +02:00
generic_acl.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00
inode.c vfs: Add inode uid,gid,mode init helper 2010-05-21 18:31:22 -04:00
internal.h Bury __put_super_and_need_restart() 2010-05-21 18:31:16 -04:00
ioctl.c Introduce freeze_super and thaw_super for the fsfreeze ioctl 2010-05-21 18:31:18 -04:00
ioprio.c
Kconfig
Kconfig.binfmt
libfs.c wrong type for 'magic' argument in simple_fill_super() 2010-06-04 17:16:28 -04:00
locks.c
Makefile Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
mbcache.c
mpage.c
namei.c VFS: fix recent breakage of FS_REVAL_DOT 2010-05-27 22:03:06 -04:00
namespace.c Merge branch 'next' into for-linus 2010-05-18 08:57:00 +10:00
nfsctl.c
no-block.c
open.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
pipe.c pipe: fix check in "set size" fcntl 2010-06-10 19:08:34 +02:00
pnode.c
pnode.h
posix_acl.c
read_write.c vfs: introduce noop_llseek() 2010-05-27 09:12:56 -07:00
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c fs/splice.c: fix mapping_gfp_mask usage 2010-05-25 10:25:26 +02:00
stack.c
stat.c
statfs.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
super.c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
sync.c Merge branch 'master' into for-linus 2010-06-01 12:42:12 +02:00
timerfd.c fs/timerfd.c: make use of wait_event_interruptible_locked_irq() 2010-05-20 13:21:42 -07:00
utimes.c
xattr_acl.c
xattr.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00