aboutsummaryrefslogtreecommitdiffstats
path: root/virt
diff options
context:
space:
mode:
authorChris Mason <chris.mason@oracle.com>2009-06-04 15:34:51 -0400
committerChris Mason <chris.mason@oracle.com>2009-06-04 15:41:27 -0400
commit44fb5511638938a2c37c895abc14df648ffc07e9 (patch)
tree0554a8a71403958b279ddcb601a3d0bb85943a59 /virt
parent2cc3c559fb2fe8cecca82a517bc56e88b0c1effd (diff)
downloadkernel_samsung_crespo-44fb5511638938a2c37c895abc14df648ffc07e9.zip
kernel_samsung_crespo-44fb5511638938a2c37c895abc14df648ffc07e9.tar.gz
kernel_samsung_crespo-44fb5511638938a2c37c895abc14df648ffc07e9.tar.bz2
Btrfs: Fix oops and use after free during space balancing
The btrfs allocator uses list_for_each to walk the available block groups when searching for free blocks. It starts off with a hint to help find the best block group for a given allocation. The hint is resolved into a block group, but we don't properly check to make sure the block group we find isn't in the middle of being freed due to filesystem shrinking or balancing. If it is being freed, the list pointers in it are bogus and can't be trusted. But, the code happily goes along and uses them in the list_for_each loop, leading to all kinds of fun. The fix used here is to check to make sure the block group we find really is on the list before we use it. list_del_init is used when removing it from the list, so we can do a proper check. The allocation clustering code has a similar bug where it will trust the block group in the current free space cluster. If our allocation flags have changed (going from single spindle dup to raid1 for example) because the drives in the FS have changed, we're not allowed to use the old block group any more. The fix used here is to check the current cluster against the current allocation flags. Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions