Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp5236761ybl;
        Tue, 27 Aug 2019 01:18:38 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxoy3m3HFKiHWLt0KoRDNz41cSqo0FkVO4LOQ7IRa+ul46twXbxjKZSRIhh3rlPOnG1J7Zv
X-Received: by 2002:a63:9e56:: with SMTP id r22mr20146481pgo.221.1566893917923;
        Tue, 27 Aug 2019 01:18:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566893917; cv=none;
        d=google.com; s=arc-20160816;
        b=VRz2yJwO1GnwlD6ClmDtD8aPEnlGpKaxekXQM6XabfBXgyJ7bqfyPdT6+TJzzGWWgI
         DsBdtvcBM48mRoBY1q4XzthGUKUpixDuyzrZiHPUhUnhMsluIGespj/oiok9XujShY1h
         ra0PJvYjCu+gJEFuvpRA4kNL9y2A0aV7jP5JttUileBwbfBLAgEDRrTpM6WpDa4aqJzV
         mqQuVyMHg/PS0yr1rZ3J1jpRfW+jn/eCVAmSpEc0HxgTm1KPAaMgTRR4xugXcKxkVG6y
         qqX3kIT03Ck5V6OrjoxoklLvL6CFHdeBUm5DPEM1TaKekb8IV4E2VUxAeUJYApa0FVDt
         WwcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=0aI3qWED2Uuor+t3zFLQZt7yWLnZ+qJKixpOHx2+kV4=;
        b=hET8XY18p2vmrWYaRVdR9qjog/kh9H0U+NHZnO/8N6pYOoEjj2cQ241m3kTz6UJ7Bp
         DOLJQF8i4aawFmOW0i91mVa/Fz5TvffvBmOLZLo7nKzHYLTtdXIGfeuDQHHiVgUYbEjL
         jTtV2IjDNo2YqHvf5ngDf50cgtY7xP9XSrXDeUBPWpb7pnIeOoHsIkizsZmGBrf9YPYH
         NEmQ5cOkQgByE5aDFZMIqB/R+pTUlufnIOAYiA3eTAL3zUckTmN+7UHyrRf+nSMwe9vN
         V+Wu7di5m9vk718Ar5tphcm0yH4KxTKR4GqD1Osf3PaSL6QLPN/TBeAk7aBUlyTAtE5r
         vOSw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="IqFNUN/h";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h31si10950734pgb.67.2019.08.27.01.18.22;
        Tue, 27 Aug 2019 01:18:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="IqFNUN/h";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729916AbfH0Hxx (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Tue, 27 Aug 2019 03:53:53 -0400
Received: from mail.kernel.org ([198.145.29.99]:45412 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729315AbfH0Hxv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Aug 2019 03:53:51 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 6E68D2186A;
        Tue, 27 Aug 2019 07:53:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1566892430;
        bh=8EqrmYTm5gwpS9GJIxi7ddxWodcfC4nUipeB9mMnheU=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=IqFNUN/hhUsOPu+4Z2dABSua3pyVOgRS3byudjqQ8/Ea/AlFOhHhVPW5LKRNV+qcs
         N7jR4xXfDEIKN/nF5AKHTr7BbACGrzIPW9qd/sEep7WNpYx6YT5wvPpCYJ3f61Zvx3
         g93o1A06D5vOpgXpxo396tFjVyrx7dHRRDcHqAPE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, ZhangXiaoxu <zhangxiaoxu5@huawei.com>,
        Mike Snitzer <snitzer@redhat.com>
Subject: [PATCH 4.14 50/62] dm btree: fix order of block initialization in btree_split_beneath
Date:   Tue, 27 Aug 2019 09:50:55 +0200
Message-Id: <20190827072703.381543115@linuxfoundation.org>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190827072659.803647352@linuxfoundation.org>
References: <20190827072659.803647352@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>

commit e4f9d6013820d1eba1432d51dd1c5795759aa77f upstream.

When btree_split_beneath() splits a node to two new children, it will
allocate two blocks: left and right.  If right block's allocation
failed, the left block will be unlocked and marked dirty.  If this
happened, the left block'ss content is zero, because it wasn't
initialized with the btree struct before the attempot to allocate the
right block.  Upon return, when flushing the left block to disk, the
validator will fail when check this block.  Then a BUG_ON is raised.

Fix this by completely initializing the left block before allocating and
initializing the right block.

Fixes: 4dcb8b57df359 ("dm btree: fix leak of bufio-backed block in btree_split_beneath error path")
Cc: stable@vger.kernel.org
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/persistent-data/dm-btree.c |   31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -628,39 +628,40 @@ static int btree_split_beneath(struct sh
 
 	new_parent = shadow_current(s);
 
+	pn = dm_block_data(new_parent);
+	size = le32_to_cpu(pn->header.flags) & INTERNAL_NODE ?
+		sizeof(__le64) : s->info->value_type.size;
+
+	/* create & init the left block */
 	r = new_block(s->info, &left);
 	if (r < 0)
 		return r;
 
+	ln = dm_block_data(left);
+	nr_left = le32_to_cpu(pn->header.nr_entries) / 2;
+
+	ln->header.flags = pn->header.flags;
+	ln->header.nr_entries = cpu_to_le32(nr_left);
+	ln->header.max_entries = pn->header.max_entries;
+	ln->header.value_size = pn->header.value_size;
+	memcpy(ln->keys, pn->keys, nr_left * sizeof(pn->keys[0]));
+	memcpy(value_ptr(ln, 0), value_ptr(pn, 0), nr_left * size);
+
+	/* create & init the right block */
 	r = new_block(s->info, &right);
 	if (r < 0) {
 		unlock_block(s->info, left);
 		return r;
 	}
 
-	pn = dm_block_data(new_parent);
-	ln = dm_block_data(left);
 	rn = dm_block_data(right);
-
-	nr_left = le32_to_cpu(pn->header.nr_entries) / 2;
 	nr_right = le32_to_cpu(pn->header.nr_entries) - nr_left;
 
-	ln->header.flags = pn->header.flags;
-	ln->header.nr_entries = cpu_to_le32(nr_left);
-	ln->header.max_entries = pn->header.max_entries;
-	ln->header.value_size = pn->header.value_size;
-
 	rn->header.flags = pn->header.flags;
 	rn->header.nr_entries = cpu_to_le32(nr_right);
 	rn->header.max_entries = pn->header.max_entries;
 	rn->header.value_size = pn->header.value_size;
-
-	memcpy(ln->keys, pn->keys, nr_left * sizeof(pn->keys[0]));
 	memcpy(rn->keys, pn->keys + nr_left, nr_right * sizeof(pn->keys[0]));
-
-	size = le32_to_cpu(pn->header.flags) & INTERNAL_NODE ?
-		sizeof(__le64) : s->info->value_type.size;
-	memcpy(value_ptr(ln, 0), value_ptr(pn, 0), nr_left * size);
 	memcpy(value_ptr(rn, 0), value_ptr(pn, nr_left),
 	       nr_right * size);