packages (LINUX_2_6_27): kernel/kernel-small_fixes.patch - xfs fix
arekm
arekm at pld-linux.org
Fri May 1 21:32:27 CEST 2009
Author: arekm Date: Fri May 1 19:32:27 2009 GMT
Module: packages Tag: LINUX_2_6_27
---- Log message:
- xfs fix
---- Files affected:
packages/kernel:
kernel-small_fixes.patch (1.1.2.15.2.1 -> 1.1.2.15.2.2)
---- Diffs:
================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.1.2.15.2.1 packages/kernel/kernel-small_fixes.patch:1.1.2.15.2.2
--- packages/kernel/kernel-small_fixes.patch:1.1.2.15.2.1 Wed Dec 31 00:40:11 2008
+++ packages/kernel/kernel-small_fixes.patch Fri May 1 21:32:22 2009
@@ -349,3 +349,47 @@
err = submit_inquiry(sdev, 0xC9, sizeof(struct c9_inquiry), h);
if (err == SCSI_DH_OK) {
inqp = &h->inq.c9;
+commit e8fa6b483feebd23ded5eb01afd7a6e82b6078c6
+Author: Christoph Hellwig <hch at infradead.org>
+Date: Tue Mar 3 14:48:36 2009 -0500
+
+ xfs: prevent kernel crash due to corrupted inode log format
+
+ Andras Korn reported an oops on log replay causes by a corrupted
+ xfs_inode_log_format_t passing a 0 size to kmem_zalloc. This patch handles
+ to small or too large numbers of log regions gracefully by rejecting the
+ log replay with a useful error message.
+
+ Signed-off-by: Christoph Hellwig <hch at lst.de>
+ Reported-by: Andras Korn <korn-sgi.com at chardonnay.math.bme.hu>
+ Reviewed-by: Eric Sandeen <sandeen at sandeen.net>
+ Signed-off-by: Felix Blyakher <felixb at sgi.com>
+
+diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
+index 504d540..ceeba45 100644
+--- a/fs/xfs/xfs_log_recover.c
++++ b/fs/xfs/xfs_log_recover.c
+@@ -1455,10 +1455,19 @@ xlog_recover_add_to_trans(
+ item = item->ri_prev;
+
+ if (item->ri_total == 0) { /* first region to be added */
+- item->ri_total = in_f->ilf_size;
+- ASSERT(item->ri_total <= XLOG_MAX_REGIONS_IN_ITEM);
+- item->ri_buf = kmem_zalloc((item->ri_total *
+- sizeof(xfs_log_iovec_t)), KM_SLEEP);
++ if (in_f->ilf_size == 0 ||
++ in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
++ xlog_warn(
++ "XFS: bad number of regions (%d) in inode log format",
++ in_f->ilf_size);
++ ASSERT(0);
++ return XFS_ERROR(EIO);
++ }
++
++ item->ri_total = in_f->ilf_size;
++ item->ri_buf =
++ kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
++ KM_SLEEP);
+ }
+ ASSERT(item->ri_total > item->ri_cnt);
+ /* Description region is ri_buf[0] */
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.1.2.15.2.1&r2=1.1.2.15.2.2&f=u
More information about the pld-cvs-commit
mailing list