SOURCES (LINUX_2_6_28): kernel-small_fixes.patch - inode validation

Sat, 04 Apr 2009 11:02:27 -0700 

Author: arekm                        Date: Sat Apr  4 18:02:16 2009 GMT
Module: SOURCES                       Tag: LINUX_2_6_28
---- Log message:
- inode validation

---- Files affected:
SOURCES:
   kernel-small_fixes.patch (1.1.2.18 -> 1.1.2.18.4.1) 

---- Diffs:

================================================================
Index: SOURCES/kernel-small_fixes.patch
diff -u SOURCES/kernel-small_fixes.patch:1.1.2.18 
SOURCES/kernel-small_fixes.patch:1.1.2.18.4.1
--- SOURCES/kernel-small_fixes.patch:1.1.2.18   Wed Dec 31 14:34:42 2008
+++ SOURCES/kernel-small_fixes.patch    Sat Apr  4 20:02:11 2009
@@ -299,3 +299,47 @@
        err = submit_inquiry(sdev, 0xC9, sizeof(struct c9_inquiry), h);
        if (err == SCSI_DH_OK) {
                inqp = &h->inq.c9;
+commit e8fa6b483feebd23ded5eb01afd7a6e82b6078c6
+Author: Christoph Hellwig <[email protected]>
+Date:   Tue Mar 3 14:48:36 2009 -0500
+
+    xfs: prevent kernel crash due to corrupted inode log format
+    
+    Andras Korn reported an oops on log replay causes by a corrupted
+    xfs_inode_log_format_t passing a 0 size to kmem_zalloc.  This patch handles
+    to small or too large numbers of log regions gracefully by rejecting the
+    log replay with a useful error message.
+    
+    Signed-off-by: Christoph Hellwig <[email protected]>
+    Reported-by: Andras Korn <[email protected]>
+    Reviewed-by: Eric Sandeen <[email protected]>
+    Signed-off-by: Felix Blyakher <[email protected]>
+
+diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
+index 504d540..ceeba45 100644
+--- a/fs/xfs/xfs_log_recover.c
++++ b/fs/xfs/xfs_log_recover.c
+@@ -1455,10 +1455,19 @@ xlog_recover_add_to_trans(
+       item = item->ri_prev;
+ 
+       if (item->ri_total == 0) {              /* first region to be added */
+-              item->ri_total  = in_f->ilf_size;
+-              ASSERT(item->ri_total <= XLOG_MAX_REGIONS_IN_ITEM);
+-              item->ri_buf = kmem_zalloc((item->ri_total *
+-                                          sizeof(xfs_log_iovec_t)), KM_SLEEP);
++              if (in_f->ilf_size == 0 ||
++                  in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
++                      xlog_warn(
++      "XFS: bad number of regions (%d) in inode log format",
++                                in_f->ilf_size);
++                      ASSERT(0);
++                      return XFS_ERROR(EIO);
++              }
++
++              item->ri_total = in_f->ilf_size;
++              item->ri_buf =
++                      kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
++                                  KM_SLEEP);
+       }
+       ASSERT(item->ri_total > item->ri_cnt);
+       /* Description region is ri_buf[0] */
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-small_fixes.patch?r1=1.1.2.18&r2=1.1.2.18.4.1&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to