From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Theodore Tso" <tytso@mit.edu>,
Christoph Hellwig <hch@lst.de>,
Christoph Hellwig <hch@infradead.org>, Jan Kara <jack@suse.cz>
Subject: [PATCH 3.10 20/24] ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
Date: Sun, 14 Dec 2014 12:20:40 -0800 [thread overview]
Message-ID: <20141214201801.286709991@linuxfoundation.org> (raw)
In-Reply-To: <20141214201800.613573495@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit df4e7ac0bb70abc97fbfd9ef09671fc084b3f9db upstream.
ext2_quota_write() doesn't properly setup bh it passes to
ext2_get_block() and thus we hit assertion BUG_ON(maxblocks == 0) in
ext2_get_blocks() (or we could actually ask for mapping arbitrary number
of blocks depending on whatever value was on stack).
Fix ext2_quota_write() to properly fill in number of blocks to map.
Reviewed-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reported-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext2/super.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -1493,6 +1493,7 @@ static ssize_t ext2_quota_write(struct s
sb->s_blocksize - offset : towrite;
tmp_bh.b_state = 0;
+ tmp_bh.b_size = sb->s_blocksize;
err = ext2_get_block(inode, blk, &tmp_bh, 1);
if (err < 0)
goto out;
next prev parent reply other threads:[~2014-12-14 20:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-14 20:20 [PATCH 3.10 00/24] 3.10.63-stable review Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 01/24] mm: frontswap: invalidate expired data on a dup-store failure Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 02/24] mm: fix swapoff hang after page migration and fork Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 03/24] xen-netfront: Remove BUGs on paged skb data which crosses a page boundary Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 04/24] i2c: omap: fix NACK and Arbitration Lost irq handling Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 05/24] i2c: omap: fix i207 errata handling Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 07/24] drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6 Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 08/24] drm/i915: Unlock panel even when LVDS is disabled Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 09/24] media: smiapp: Only some selection targets are settable Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 10/24] AHCI: Add DeviceIDs for Sunrise Point-LP SATA controller Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 11/24] ahci: disable MSI on SAMSUNG 0xa800 SSD Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 12/24] sata_fsl: fix error handling of irq_of_parse_and_map Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 13/24] ipv6: gre: fix wrong skb->protocol in WCCP Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 14/24] tg3: fix ring init when there are more TX than RX channels Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 15/24] net/mlx4_core: Limit count field to 24 bits in qp_alloc_res Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 16/24] rtnetlink: release net refcnt on error in do_setlink() Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 17/24] net: mvneta: fix Tx interrupt delay Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 19/24] nEPT: Nested INVEPT Greg Kroah-Hartman
2014-12-15 9:32 ` Paolo Bonzini
2014-12-14 20:20 ` Greg Kroah-Hartman [this message]
2014-12-14 20:20 ` [PATCH 3.10 21/24] igb: bring link up when PHY is powered up Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 22/24] ARM: sched_clock: Load cycle count after epoch stabilizes Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 23/24] powerpc: 32 bit getcpu VDSO function uses 64 bit instructions Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.10 24/24] ALSA: usb-audio: Dont resubmit pending URBs at MIDI error recovery Greg Kroah-Hartman
2014-12-15 3:29 ` [PATCH 3.10 00/24] 3.10.63-stable review Guenter Roeck
2014-12-16 3:06 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141214201801.286709991@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.