diff --git a/0005-fix-use-after-free.patch b/0005-fix-use-after-free.patch new file mode 100644 index 0000000..c354c3a --- /dev/null +++ b/0005-fix-use-after-free.patch @@ -0,0 +1,39 @@ +From: Jeff Mahoney +Subject: btrfsprogs: Fix use after free in close_ctree +References: bnc#603620 + + After the roots are closed, root is freed. Yet close_ctree continues + to use it. It works generally because no new memory is allocated in + the interim, but with glibc malloc perturbing enabled, it crashes + every time. This is because root->fs_info points to garbage. + + This patch uses the already-cached fs_info variable for the rest of + the accesses and fixes the crash. + + +Signed-off-by: Jeff Mahoney +--- + disk-io.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/disk-io.c ++++ b/disk-io.c +@@ -971,13 +971,13 @@ int close_ctree(struct btrfs_root *root) + if (fs_info->csum_root->node) + free_extent_buffer(fs_info->csum_root->node); + +- if (root->fs_info->log_root_tree) { +- if (root->fs_info->log_root_tree->node) +- free_extent_buffer(root->fs_info->log_root_tree->node); +- free(root->fs_info->log_root_tree); ++ if (fs_info->log_root_tree) { ++ if (fs_info->log_root_tree->node) ++ free_extent_buffer(fs_info->log_root_tree->node); ++ free(fs_info->log_root_tree); + } + +- close_all_devices(root->fs_info); ++ close_all_devices(fs_info); + extent_io_tree_cleanup(&fs_info->extent_cache); + extent_io_tree_cleanup(&fs_info->free_space_cache); + extent_io_tree_cleanup(&fs_info->block_group_cache); diff --git a/btrfsprogs.changes b/btrfsprogs.changes index 72442eb..91d2d5f 100644 --- a/btrfsprogs.changes +++ b/btrfsprogs.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed May 26 17:00:46 CEST 2010 - dmueller@suse.de + +- fix crash on creating filesystems (bnc#603620) + +------------------------------------------------------------------- +Fri May 7 15:05:11 CEST 2010 - dmueller@suse.de + +- revert last change (bnc#599224#c3) + ------------------------------------------------------------------- Thu Apr 29 11:11:13 CEST 2010 - dmueller@suse.de diff --git a/btrfsprogs.spec b/btrfsprogs.spec index 5fa18e4..45bddf6 100644 --- a/btrfsprogs.spec +++ b/btrfsprogs.spec @@ -20,7 +20,7 @@ Name: btrfsprogs Url: http://oss.oracle.com/~mason/btrfs/ Version: 0.19 -Release: 8 +Release: 9 Summary: Btrfs File System Utilities License: GNU General Public License (GPL) Group: System/Filesystems @@ -32,6 +32,7 @@ Patch2: 0002-btrfsctl-add-snapshot-subvolume-destroy-ioctl.patch Patch3: 0003-btrfsck-check-root-back-forward-references.patch Patch4: 0004-Add-btrfs-map-logical-program-to-map-and-read-logica.patch Patch5: 0001-Plug-Memory-leak-in-find_and_setup_log_root.patch +Patch6: 0005-fix-use-after-free.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libacl-devel libext2fs-devel libuuid-devel zlib-devel @@ -47,13 +48,15 @@ file systems. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build make %{?jobs:-j%jobs} CFLAGS="%{optflags}" all convert %install make install DESTDIR=${RPM_BUILD_ROOT} prefix=%{_prefix} bindir=/sbin mandir=%{_mandir} -ln ${RPM_BUILD_ROOT}/sbin/btrfsck ${RPM_BUILD_ROOT}/sbin/fsck.btrfs +# command line options are not compatible (bnc#599224) +#ln ${RPM_BUILD_ROOT}/sbin/btrfsck ${RPM_BUILD_ROOT}/sbin/fsck.btrfs %files %defattr(-, root, root) @@ -64,7 +67,7 @@ ln ${RPM_BUILD_ROOT}/sbin/btrfsck ${RPM_BUILD_ROOT}/sbin/fsck.btrfs /sbin/btrfsck /sbin/btrfsctl /sbin/mkfs.btrfs -/sbin/fsck.btrfs +#/sbin/fsck.btrfs /sbin/btrfs-map-logical %_mandir/man8/btrfs-image.8.gz %_mandir/man8/btrfs-show.8.gz