Make sure number of entires doesn't exceed max journal size.
Cc: sta...@vger.kernel.org
Signed-off-by: Jin Qian <jinq...@android.com>
---
fs/f2fs/segment.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index de31030b5041..b07385630150 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -2337,10 +2337,15 @@ static int read_compacted_summaries(struct
f2fs_sb_info *sbi)
/* Step 1: restore nat cache */
seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA);
memcpy(seg_i->journal, kaddr, SUM_JOURNAL_SIZE);
+ if (nats_in_cursum(seg_i->journal) > NAT_JOURNAL_ENTRIES)
+ return -EINVAL;
/* Step 2: restore sit cache */
seg_i = CURSEG_I(sbi, CURSEG_COLD_DATA);
memcpy(seg_i->journal, kaddr + SUM_JOURNAL_SIZE, SUM_JOURNAL_SIZE);
+ if (sits_in_cursum(seg_i->journal) > SIT_JOURNAL_ENTRIES)
+ return -EINVAL;
+
offset = 2 * SUM_JOURNAL_SIZE;
/* Step 3: restore summary entries */
@@ -2431,6 +2436,12 @@ static int read_normal_summaries(struct
f2fs_sb_info *sbi, int type)
return err;
}
}
+ } else {
+ if ((type == CURSEG_HOT_DATA &&
+ nats_in_cursum(sum->journal) > NAT_JOURNAL_ENTRIES) ||
+ (type == CURSEG_COLD_DATA &&
+ sits_in_cursum(sum->journal) > SIT_JOURNAL_ENTRIES))
+ return -EINVAL;
}
/* set uncompleted segment to curseg */
--
2.13.0.506.g27d5fe0cd-goog
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
