packages/xfsprogs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 5.9.0

Browse Source
This commit is contained in:
markeryang 2021-01-30 10:33:18 +08:00
parent b94bb034c5
commit 4b05d35e01
14 changed files with 5 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
0001-xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch
View File

@ -1,110 +0,0 @@
From ba1a8f18fcb80e3b11a318ad8adf75cd0a750000 Mon Sep 17 00:00:00 2001
From: Zheng Bin <zhengbin13@huawei.com>
Date: Wed, 29 Apr 2020 14:10:49 -0400
Subject: [PATCH 01/16] xfs: add agf freeblocks verify in xfs_agf_verify
Source kernel commit: d0c7feaf87678371c2c09b3709400be416b2dc62
We recently used fuzz(hydra) to test XFS and automatically generate
tmp.img(XFS v5 format, but some metadata is wrong)
xfs_repair information(just one AG):
agf_freeblks 0, counted 3224 in ag 0
agf_longest 536874136, counted 3224 in ag 0
sb_fdblocks 613, counted 3228
Test as follows:
mount tmp.img tmpdir
cp file1M tmpdir
sync
In 4.19-stable, sync will stuck, the reason is:
xfs_mountfs
xfs_check_summary_counts
if ((!xfs_sb_version_haslazysbcount(&mp->m_sb) ||
XFS_LAST_UNMOUNT_WAS_CLEAN(mp)) &&
!xfs_fs_has_sickness(mp, XFS_SICK_FS_COUNTERS))
return 0; -->just return, incore sb_fdblocks still be 613
xfs_initialize_perag_data
cp file1M tmpdir -->ok(write file to pagecache)
sync -->stuck(write pagecache to disk)
xfs_map_blocks
xfs_iomap_write_allocate
while (count_fsb != 0) {
nimaps = 0;
while (nimaps == 0) { --> endless loop
nimaps = 1;
xfs_bmapi_write(..., &nimaps) --> nimaps becomes 0 again
xfs_bmapi_write
xfs_bmap_alloc
xfs_bmap_btalloc
xfs_alloc_vextent
xfs_alloc_fix_freelist
xfs_alloc_space_available -->fail(agf_freeblks is 0)
In linux-next, sync not stuck, cause commit c2b3164320b5 ("xfs:
use the latest extent at writeback delalloc conversion time") remove
the above while, dmesg is as follows:
[ 55.250114] XFS (loop0): page discard on page ffffea0008bc7380, inode 0x1b0c, offset 0.
Users do not know why this page is discard, the better soultion is:
1. Like xfs_repair, make sure sb_fdblocks is equal to counted
(xfs_initialize_perag_data did this, who is not called at this mount)
2. Add agf verify, if fail, will tell users to repair
This patch use the second soultion.
Signed-off-by: Zheng Bin <zhengbin13@huawei.com>
Signed-off-by: Ren Xudong <renxudong1@huawei.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_alloc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/libxfs/xfs_alloc.c b/libxfs/xfs_alloc.c
index a92ca52..09db669 100644
--- a/libxfs/xfs_alloc.c
+++ b/libxfs/xfs_alloc.c
@@ -2854,6 +2854,13 @@ xfs_agf_verify(
be32_to_cpu(agf->agf_flcount) <= xfs_agfl_size(mp)))
return __this_address;
+ if (be32_to_cpu(agf->agf_length) > mp->m_sb.sb_dblocks)
+ return __this_address;
+
+ if (be32_to_cpu(agf->agf_freeblks) < be32_to_cpu(agf->agf_longest) ||
+ be32_to_cpu(agf->agf_freeblks) > be32_to_cpu(agf->agf_length))
+ return __this_address;
+
if (be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) > XFS_BTREE_MAXLEVELS ||
@@ -2865,6 +2872,10 @@ xfs_agf_verify(
be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) > XFS_BTREE_MAXLEVELS))
return __this_address;
+ if (xfs_sb_version_hasrmapbt(&mp->m_sb) &&
+ be32_to_cpu(agf->agf_rmap_blocks) > be32_to_cpu(agf->agf_length))
+ return __this_address;
+
/*
* during growfs operations, the perag is not fully initialised,
* so we can't use it for any useful checking. growfs ensures we can't
@@ -2879,6 +2890,11 @@ xfs_agf_verify(
return __this_address;
if (xfs_sb_version_hasreflink(&mp->m_sb) &&
+ be32_to_cpu(agf->agf_refcount_blocks) >
+ be32_to_cpu(agf->agf_length))
+ return __this_address;
+
+ if (xfs_sb_version_hasreflink(&mp->m_sb) &&
(be32_to_cpu(agf->agf_refcount_level) < 1 ||
be32_to_cpu(agf->agf_refcount_level) > XFS_BTREE_MAXLEVELS))
return __this_address;
--
1.8.3.1

67
0002-xfs-fix-an-undefined-behaviour-in-_da3_path_shift.patch
View File

@ -1,67 +0,0 @@
From 397f529d466e9fcd2224631abf65b0a3c0166b4e Mon Sep 17 00:00:00 2001
From: Qian Cai <cai@lca.pw>
Date: Wed, 29 Apr 2020 16:08:34 -0400
Subject: [PATCH 02/16] xfs: fix an undefined behaviour in _da3_path_shift
Source kernel commit: 4982bff1ace1196843f55536fcd4cc119738fe39
In xfs_da3_path_shift() "blk" can be assigned to state->path.blk[-1] if
state->path.active is 1 (which is a valid state) when it tries to add an
entry to a single dir leaf block and then to shift forward to see if
there's a sibling block that would be a better place to put the new
entry. This causes a UBSAN warning given negative array indices are
undefined behavior in C. In practice the warning is entirely harmless
given that "blk" is never dereferenced in this case, but it is still
better to fix up the warning and slightly improve the code.
UBSAN: Undefined behaviour in fs/xfs/libxfs/xfs_da_btree.c:1989:14
index -1 is out of range for type 'xfs_da_state_blk_t [5]'
Call trace:
dump_backtrace+0x0/0x2c8
show_stack+0x20/0x2c
dump_stack+0xe8/0x150
__ubsan_handle_out_of_bounds+0xe4/0xfc
xfs_da3_path_shift+0x860/0x86c [xfs]
xfs_da3_node_lookup_int+0x7c8/0x934 [xfs]
xfs_dir2_node_addname+0x2c8/0xcd0 [xfs]
xfs_dir_createname+0x348/0x38c [xfs]
xfs_create+0x6b0/0x8b4 [xfs]
xfs_generic_create+0x12c/0x1f8 [xfs]
xfs_vn_mknod+0x3c/0x4c [xfs]
xfs_vn_create+0x34/0x44 [xfs]
do_last+0xd4c/0x10c8
path_openat+0xbc/0x2f4
do_filp_open+0x74/0xf4
do_sys_openat2+0x98/0x180
__arm64_sys_openat+0xf8/0x170
do_el0_svc+0x170/0x240
el0_sync_handler+0x150/0x250
el0_sync+0x164/0x180
Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_da_btree.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxfs/xfs_da_btree.c b/libxfs/xfs_da_btree.c
index 3f40e99..7f26d12 100644
--- a/libxfs/xfs_da_btree.c
+++ b/libxfs/xfs_da_btree.c
@@ -1983,7 +1983,8 @@ xfs_da3_path_shift(
ASSERT(path != NULL);
ASSERT((path->active > 0) && (path->active < XFS_DA_NODE_MAXDEPTH));
level = (path->active-1) - 1; /* skip bottom layer in path */
- for (blk = &path->blk[level]; level >= 0; blk--, level--) {
+ for (; level >= 0; level--) {
+ blk = &path->blk[level];
xfs_da3_node_hdr_from_disk(dp->i_mount, &nodehdr,
blk->bp->b_addr);
--
1.8.3.1

37
0003-xfs-fix-incorrect-test-in-xfs_alloc_ag_vextent_lastb.patch
View File

@ -1,37 +0,0 @@
From a53b5f2f5f2ec70bc44a45d4b7c3ab2f2470cc0e Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Fri, 1 May 2020 17:37:09 -0400
Subject: [PATCH 05/16] xfs: fix incorrect test in
xfs_alloc_ag_vextent_lastblock
Source kernel commit: 77ca1eed5a7d2bf0905562eb1a15aac76bc19fe4
When I lifted the code in xfs_alloc_ag_vextent_lastblock out of a loop,
I forgot to convert all the accesses to len to be pointer dereferences.
Coverity-id: 1457918
Fixes: 5113f8ec3753ed ("xfs: clean up weird while loop in xfs_alloc_ag_vextent_near")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libxfs/xfs_alloc.c b/libxfs/xfs_alloc.c
index 09db669..58f4f07 100644
--- a/libxfs/xfs_alloc.c
+++ b/libxfs/xfs_alloc.c
@@ -1511,7 +1511,7 @@ xfs_alloc_ag_vextent_lastblock(
* maxlen, go to the start of this block, and skip all those smaller
* than minlen.
*/
- if (len || args->alignment > 1) {
+ if (*len || args->alignment > 1) {
acur->cnt->bc_ptrs[0] = 1;
do {
error = xfs_alloc_get_rec(acur->cnt, bno, len, &i);
--
1.8.3.1

41
0004-xfs_db-fix-crc-invalidation-segfault.patch
View File

@ -1,41 +0,0 @@
From 46ab86660a841a6ec5100d183f3881632a3055cf Mon Sep 17 00:00:00 2001
From: Anthony Iliopoulos <ailiop@suse.com>
Date: Tue, 26 May 2020 14:35:51 -0400
Subject: [PATCH 06/16] xfs_db: fix crc invalidation segfault
The nowrite_ops var is declared within nested block scope but used
outside that scope, causing xfs_db to crash while trying to defererence
the verify_write pointer. Fix it by lifting the declaration to the outer
scope, where it is accessed.
Fixes: b64af2c48220c8 ("xfs_db: add crc manipulation commands")
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
db/crc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/db/crc.c b/db/crc.c
index 95161c6..b23417a 100644
--- a/db/crc.c
+++ b/db/crc.c
@@ -53,6 +53,7 @@ crc_f(
char **argv)
{
const struct xfs_buf_ops *stashed_ops = NULL;
+ struct xfs_buf_ops nowrite_ops;
extern char *progname;
const field_t *fields;
const ftattr_t *fa;
@@ -127,7 +128,6 @@ crc_f(
}
if (invalidate) {
- struct xfs_buf_ops nowrite_ops;
flist_t *sfl;
int bit_length;
int parentoffset;
--
1.8.3.1

45
0005-xfs-fix-inode-allocation-block-res-calculation-prece.patch
View File

@ -1,45 +0,0 @@
From ebd6cdd32653b6f44ca270ea08571fb4fe1ad85f Mon Sep 17 00:00:00 2001
From: Brian Foster <bfoster@redhat.com>
Date: Fri, 4 Sep 2020 16:01:20 -0400
Subject: [PATCH 10/16] xfs: fix inode allocation block res calculation
precedence
Source kernel commit: b2a8864728683443f34a9fd33a2b78b860934cc1
The block reservation calculation for inode allocation is supposed
to consist of the blocks required for the inode chunk plus
(maxlevels-1) of the inode btree multiplied by the number of inode
btrees in the fs (2 when finobt is enabled, 1 otherwise).
Instead, the macro returns (ialloc_blocks + 2) due to a precedence
error in the calculation logic. This leads to block reservation
overruns via generic/531 on small block filesystems with finobt
enabled. Add braces to fix the calculation and reserve the
appropriate number of blocks.
Fixes: 9d43b180af67 ("xfs: update inode allocation/free transaction reservations for finobt")
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_trans_space.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libxfs/xfs_trans_space.h b/libxfs/xfs_trans_space.h
index 88221c7..c6df01a 100644
--- a/libxfs/xfs_trans_space.h
+++ b/libxfs/xfs_trans_space.h
@@ -57,7 +57,7 @@
XFS_DAREMOVE_SPACE_RES(mp, XFS_DATA_FORK)
#define XFS_IALLOC_SPACE_RES(mp) \
(M_IGEO(mp)->ialloc_blks + \
- (xfs_sb_version_hasfinobt(&mp->m_sb) ? 2 : 1 * \
+ ((xfs_sb_version_hasfinobt(&mp->m_sb) ? 2 : 1) * \
(M_IGEO(mp)->inobt_maxlevels - 1)))
/*
--
1.8.3.1

79
0006-xfs-fix-off-by-one-in-inode-alloc-block-reservation-.patch
View File

@ -1,79 +0,0 @@
From de7d5664d0f7a4a29c32aa98331d965f6c5c6de8 Mon Sep 17 00:00:00 2001
From: Brian Foster <bfoster@redhat.com>
Date: Tue, 15 Sep 2020 15:59:38 -0400
Subject: [PATCH 11/16] xfs: fix off-by-one in inode alloc block reservation
calculation
Source kernel commit: 657f101930bc6c5b41bd7d6c22565c4302a80d33
The inode chunk allocation transaction reserves inobt_maxlevels-1
blocks to accommodate a full split of the inode btree. A full split
requires an allocation for every existing level and a new root
block, which means inobt_maxlevels is the worst case block
requirement for a transaction that inserts to the inobt. This can
lead to a transaction block reservation overrun when tmpfile
creation allocates an inode chunk and expands the inobt to its
maximum depth. This problem has been observed in conjunction with
overlayfs, which makes frequent use of tmpfiles internally.
The existing reservation code goes back as far as the Linux git repo
history (v2.6.12). It was likely never observed as a problem because
the traditional file/directory creation transactions also include
worst case block reservation for directory modifications, which most
likely is able to make up for a single block deficiency in the inode
allocation portion of the calculation. tmpfile support is relatively
more recent (v3.15), less heavily used, and only includes the inode
allocation block reservation as tmpfiles aren't linked into the
directory tree on creation.
Fix up the inode alloc block reservation macro and a couple of the
block allocator minleft parameters that enforce an allocation to
leave enough free blocks in the AG for a full inobt split.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_ialloc.c | 4 ++--
libxfs/xfs_trans_space.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libxfs/xfs_ialloc.c b/libxfs/xfs_ialloc.c
index 00b3326..750b223 100644
--- a/libxfs/xfs_ialloc.c
+++ b/libxfs/xfs_ialloc.c
@@ -683,7 +683,7 @@ xfs_ialloc_ag_alloc(
args.minalignslop = igeo->cluster_align - 1;
/* Allow space for the inode btree to split. */
- args.minleft = igeo->inobt_maxlevels - 1;
+ args.minleft = igeo->inobt_maxlevels;
if ((error = xfs_alloc_vextent(&args)))
return error;
@@ -731,7 +731,7 @@ xfs_ialloc_ag_alloc(
/*
* Allow space for the inode btree to split.
*/
- args.minleft = igeo->inobt_maxlevels - 1;
+ args.minleft = igeo->inobt_maxlevels;
if ((error = xfs_alloc_vextent(&args)))
return error;
}
diff --git a/libxfs/xfs_trans_space.h b/libxfs/xfs_trans_space.h
index c6df01a..7ad3659 100644
--- a/libxfs/xfs_trans_space.h
+++ b/libxfs/xfs_trans_space.h
@@ -58,7 +58,7 @@
#define XFS_IALLOC_SPACE_RES(mp) \
(M_IGEO(mp)->ialloc_blks + \
((xfs_sb_version_hasfinobt(&mp->m_sb) ? 2 : 1) * \
- (M_IGEO(mp)->inobt_maxlevels - 1)))
+ M_IGEO(mp)->inobt_maxlevels))
/*
* Space reservation values for various transactions.
--
1.8.3.1

52
0007-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch
View File

@ -1,52 +0,0 @@
From 9182dbe5d9667454d782e334de483c8ff48ab102 Mon Sep 17 00:00:00 2001
From: Eric Sandeen <sandeen@redhat.com>
Date: Tue, 15 Sep 2020 15:59:38 -0400
Subject: [PATCH 12/16] xfs: fix boundary test in xfs_attr_shortform_verify
Source kernel commit: f4020438fab05364018c91f7e02ebdd192085933
The boundary test for the fixed-offset parts of xfs_attr_sf_entry in
xfs_attr_shortform_verify is off by one, because the variable array
at the end is defined as nameval[1] not nameval[].
Hence we need to subtract 1 from the calculation.
This can be shown by:
# touch file
# setfattr -n root.a file
and verifications will fail when it's written to disk.
This only matters for a last attribute which has a single-byte name
and no value, otherwise the combination of namelen & valuelen will
push endp further out and this test won't fail.
Fixes: 1e1bbd8e7ee06 ("xfs: create structure verifier function for shortform xattrs")
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_attr_leaf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libxfs/xfs_attr_leaf.c b/libxfs/xfs_attr_leaf.c
index 541a1ff..cca10ff 100644
--- a/libxfs/xfs_attr_leaf.c
+++ b/libxfs/xfs_attr_leaf.c
@@ -1007,8 +1007,10 @@ xfs_attr_shortform_verify(
* struct xfs_attr_sf_entry has a variable length.
* Check the fixed-offset parts of the structure are
* within the data buffer.
+ * xfs_attr_sf_entry is defined with a 1-byte variable
+ * array at the end, so we must subtract that off.
*/
- if (((char *)sfep + sizeof(*sfep)) >= endp)
+ if (((char *)sfep + sizeof(*sfep) - 1) >= endp)
return __this_address;
/* Don't allow names with known bad length. */
--
1.8.3.1

35
0008-xfs-fix-xfs_bmap_validate_extent_raw-when-checking-a.patch
View File

@ -1,35 +0,0 @@
From 601bb251c71860fbbf2b8054a6b4ac46d80c00d8 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Thu, 17 Sep 2020 10:16:02 -0400
Subject: [PATCH 13/16] xfs: fix xfs_bmap_validate_extent_raw when checking
attr fork of rt files
Source kernel commit: d0c20d38af135b2b4b90aa59df7878ef0c8fbef4
The realtime flag only applies to the data fork, so don't use the
realtime block number checks on the attr fork of a realtime file.
Fixes: 30b0984d9117 ("xfs: refactor bmap record validation")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libxfs/xfs_bmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libxfs/xfs_bmap.c b/libxfs/xfs_bmap.c
index d43155d..219ae27 100644
--- a/libxfs/xfs_bmap.c
+++ b/libxfs/xfs_bmap.c
@@ -6291,7 +6291,7 @@ xfs_bmap_validate_extent(
isrt = XFS_IS_REALTIME_INODE(ip);
endfsb = irec->br_startblock + irec->br_blockcount - 1;
- if (isrt) {
+ if (isrt && whichfork == XFS_DATA_FORK) {
if (!xfs_verify_rtbno(mp, irec->br_startblock))
return __this_address;
if (!xfs_verify_rtbno(mp, endfsb))
--
1.8.3.1

41
0009-xfs_repair-fix-error-in-process_sf_dir2_fixi8.patch
View File

@ -1,41 +0,0 @@
From c1f6f901b402278f3fcd08000e0579e346167ef6 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Mon, 28 Sep 2020 17:35:37 -0400
Subject: [PATCH 14/16] xfs_repair: fix error in process_sf_dir2_fixi8
The goal of process_sf_dir2_fixi8 is to convert an i8 shortform
directory into a (shorter) i4 shortform directory. It achieves this by
duplicating the old sf directory contents (as oldsfp), zeroing i8count
in the caller's directory buffer (i.e. newsfp/sfp), and reinitializing
the new directory with the old directory's entries.
Unfortunately, it copies the parent pointer from sfp (the buffer we've
already started changing), not oldsfp. This leads to directory
corruption since at that point we zeroed i8count, which means that we
save only the upper four bytes from the parent pointer entry.
This was found by fuzzing u3.sfdir3.hdr.i8count = ones in xfs/384.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
repair/dir2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/repair/dir2.c b/repair/dir2.c
index cbbce60..d0daff7 100644
--- a/repair/dir2.c
+++ b/repair/dir2.c
@@ -84,7 +84,7 @@ process_sf_dir2_fixi8(
memmove(oldsfp, newsfp, oldsize);
newsfp->count = oldsfp->count;
newsfp->i8count = 0;
- ino = libxfs_dir2_sf_get_parent_ino(sfp);
+ ino = libxfs_dir2_sf_get_parent_ino(oldsfp);
libxfs_dir2_sf_put_parent_ino(newsfp, ino);
oldsfep = xfs_dir2_sf_firstentry(oldsfp);
newsfep = xfs_dir2_sf_firstentry(newsfp);
--
1.8.3.1

36
0010-libfrog-fix-a-potential-null-pointer-dereference.patch
View File

@ -1,36 +0,0 @@
From 1741c05193b561c01a7532d9536f3a8033102684 Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Mon, 12 Oct 2020 11:59:19 -0400
Subject: [PATCH 15/16] libfrog: fix a potential null pointer dereference
Apparently, gcc 10.2 thinks that it's possible for either of the calloc
arguments to be zero here, in which case it will return NULL with a zero
errno. I suppose it's possible to do that via integer overflow in the
macro, though I find it unlikely unless someone passes in a yuuuge value.
Nevertheless, just shut up the warning by hardcoding the error number
so I can move on to nastier bugs.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libfrog/bulkstat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libfrog/bulkstat.c b/libfrog/bulkstat.c
index c3e5c5f..195f6ea 100644
--- a/libfrog/bulkstat.c
+++ b/libfrog/bulkstat.c
@@ -428,7 +428,7 @@ xfrog_bulkstat_alloc_req(
breq = calloc(1, XFS_BULKSTAT_REQ_SIZE(nr));
if (!breq)
- return -errno;
+ return -ENOMEM;
breq->hdr.icount = nr;
breq->hdr.ino = startino;
--
1.8.3.1

34
0011-libhandle-fix-potential-unterminated-string-problem.patch
View File

@ -1,34 +0,0 @@
From 62be9551c3656effc2e013da12c9e1c9698c104f Mon Sep 17 00:00:00 2001
From: "Darrick J. Wong" <darrick.wong@oracle.com>
Date: Mon, 12 Oct 2020 11:59:19 -0400
Subject: [PATCH 16/16] libhandle: fix potential unterminated string problem
gcc 10.2 complains about the strncpy call here, since it's possible that
the source string is so long that the fspath inside the fdhash structure
will end up without a null terminator. Work around strncpy braindamage
yet again by forcing the string to be terminated properly.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---
libhandle/handle.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libhandle/handle.c b/libhandle/handle.c
index eb099f4..5c1686b 100644
--- a/libhandle/handle.c
+++ b/libhandle/handle.c
@@ -107,7 +107,8 @@ path_to_fshandle(
}
fdhp->fsfd = fd;
- strncpy(fdhp->fspath, fspath, sizeof(fdhp->fspath));
+ strncpy(fdhp->fspath, fspath, sizeof(fdhp->fspath) - 1);
+ fdhp->fspath[sizeof(fdhp->fspath) - 1] = 0;
memcpy(fdhp->fsh, *fshanp, FSIDSIZE);
fdhp->fnxt = fdhash_head;
--
1.8.3.1

BIN
xfsprogs-5.6.0.tar.xz
View File

Binary file not shown.

BIN
xfsprogs-5.9.0.tar.xz Normal file
View File

Binary file not shown.

18
xfsprogs.spec
View File

@ -1,22 +1,11 @@
Name: xfsprogs
Version: 5.6.0
Release: 3
Version: 5.9.0
Release: 1
Summary: Administration and debugging tools for the XFS file system
License: GPL+ and LGPLv2+
URL: https://xfs.wiki.kernel.org
Source0: http://kernel.org/pub/linux/utils/fs/xfs/xfsprogs/%{name}-%{version}.tar.xz
Patch1: 0001-xfs-add-agf-freeblocks-verify-in-xfs_agf_verify.patch
Patch2: 0002-xfs-fix-an-undefined-behaviour-in-_da3_path_shift.patch
Patch3: 0003-xfs-fix-incorrect-test-in-xfs_alloc_ag_vextent_lastb.patch
Patch4: 0004-xfs_db-fix-crc-invalidation-segfault.patch
Patch5: 0005-xfs-fix-inode-allocation-block-res-calculation-prece.patch
Patch6: 0006-xfs-fix-off-by-one-in-inode-alloc-block-reservation-.patch
Patch7: 0007-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch
Patch8: 0008-xfs-fix-xfs_bmap_validate_extent_raw-when-checking-a.patch
Patch9: 0009-xfs_repair-fix-error-in-process_sf_dir2_fixi8.patch
Patch10: 0010-libfrog-fix-a-potential-null-pointer-dereference.patch
Patch11: 0011-libhandle-fix-potential-unterminated-string-problem.patch
BuildRequires: libtool libattr-devel libuuid-devel gcc git
BuildRequires: readline-devel libblkid-devel >= 2.30 lvm2-devel libicu-devel >= 62.0
@ -110,6 +99,9 @@ rm -rf %{buildroot}%{_datadir}/doc/xfsprogs/
%changelog
* Sat Jan 30 2021 yanglongkang <yanglongkang@huawei.com> - 5.9.0-1
- update xfsprogs version to 5.9.0
* Tue Dec 2 2020 lixiaokeng <lixiaokeng@huawei.com> - 5.6.0-3
- backport patch from epoch2