SOURCES (LINUX_2_6_28): kernel-small_fixes.patch - inode validation

arekm arekm at pld-linux.org
Sat Apr 4 20:02:16 CEST 2009


Author: arekm                        Date: Sat Apr  4 18:02:16 2009 GMT
Module: SOURCES                       Tag: LINUX_2_6_28
---- Log message:
- inode validation

---- Files affected:
SOURCES:
   kernel-small_fixes.patch (1.1.2.18 -> 1.1.2.18.4.1) 

---- Diffs:

================================================================
Index: SOURCES/kernel-small_fixes.patch
diff -u SOURCES/kernel-small_fixes.patch:1.1.2.18 SOURCES/kernel-small_fixes.patch:1.1.2.18.4.1
--- SOURCES/kernel-small_fixes.patch:1.1.2.18	Wed Dec 31 14:34:42 2008
+++ SOURCES/kernel-small_fixes.patch	Sat Apr  4 20:02:11 2009
@@ -299,3 +299,47 @@
  	err = submit_inquiry(sdev, 0xC9, sizeof(struct c9_inquiry), h);
  	if (err == SCSI_DH_OK) {
  		inqp = &h->inq.c9;
+commit e8fa6b483feebd23ded5eb01afd7a6e82b6078c6
+Author: Christoph Hellwig <hch at infradead.org>
+Date:   Tue Mar 3 14:48:36 2009 -0500
+
+    xfs: prevent kernel crash due to corrupted inode log format
+    
+    Andras Korn reported an oops on log replay causes by a corrupted
+    xfs_inode_log_format_t passing a 0 size to kmem_zalloc.  This patch handles
+    to small or too large numbers of log regions gracefully by rejecting the
+    log replay with a useful error message.
+    
+    Signed-off-by: Christoph Hellwig <hch at lst.de>
+    Reported-by: Andras Korn <korn-sgi.com at chardonnay.math.bme.hu>
+    Reviewed-by: Eric Sandeen <sandeen at sandeen.net>
+    Signed-off-by: Felix Blyakher <felixb at sgi.com>
+
+diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
+index 504d540..ceeba45 100644
+--- a/fs/xfs/xfs_log_recover.c
++++ b/fs/xfs/xfs_log_recover.c
+@@ -1455,10 +1455,19 @@ xlog_recover_add_to_trans(
+ 	item = item->ri_prev;
+ 
+ 	if (item->ri_total == 0) {		/* first region to be added */
+-		item->ri_total	= in_f->ilf_size;
+-		ASSERT(item->ri_total <= XLOG_MAX_REGIONS_IN_ITEM);
+-		item->ri_buf = kmem_zalloc((item->ri_total *
+-					    sizeof(xfs_log_iovec_t)), KM_SLEEP);
++		if (in_f->ilf_size == 0 ||
++		    in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
++			xlog_warn(
++	"XFS: bad number of regions (%d) in inode log format",
++				  in_f->ilf_size);
++			ASSERT(0);
++			return XFS_ERROR(EIO);
++		}
++
++		item->ri_total = in_f->ilf_size;
++		item->ri_buf =
++			kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
++				    KM_SLEEP);
+ 	}
+ 	ASSERT(item->ri_total > item->ri_cnt);
+ 	/* Description region is ri_buf[0] */
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-small_fixes.patch?r1=1.1.2.18&r2=1.1.2.18.4.1&f=u



More information about the pld-cvs-commit mailing list