From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Morton <akpm@zip.com.au>
Subject: Re: ext3 -> crash -> fsck -> readlink -> oops
Date: Thu, 16 May 2002 19:37:36 -0700
Sender: linux-fsdevel-owner@vger.kernel.org
Message-ID: <3CE46CF0.E0C9BCC5@zip.com.au>
References: <ac1k4v$ce0$1@cesium.transmeta.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: linux-fsdevel@vger.kernel.org, ext2-devel@lists.sourceforge.net
Return-path: <linux-fsdevel-owner@vger.kernel.org>
To: "H. Peter Anvin" <hpa@zytor.com>
List-Id: linux-fsdevel.vger.kernel.org

"H. Peter Anvin" wrote:
> 
> Hi there,
> 
> We just suffered some SCSI bus problems on kernel.org that resulted in
> significant data loss on our mirror volume, but not enough to ditch
> the whole filesystem and start over (rsync --checksum is a good
> thing.)  However, we keep getting oopses, ostensibly as the result of
> a garbaged symlink.  This filesystem has been run through fsck -y
> (e2fstools 1.26).
> 
> Oops details at:
> 
>     http://userweb.kernel.org/~hpa/oops-20020516/
> 
> The kernel running is 2.4.19-pre8.
> 

I assume that was `fsck -fy'?

You seem have a 4k symlink.   I'd have expected fsck to detect that.

It crashed because vfs_readlink ran off the end of the page.

--- linux-2.4.19-pre8/fs/namei.c	Thu May  2 17:44:56 2002
+++ linux-akpm/fs/namei.c	Thu May 16 19:34:57 2002
@@ -1947,7 +1947,7 @@ int vfs_readlink(struct dentry *dentry, 
 	if (IS_ERR(link))
 		goto out;
 
-	len = strlen(link);
+	len = strnlen(link, PAGE_CACHE_SIZE);
 	if (len > (unsigned) buflen)
 		len = buflen;
 	if (copy_to_user(buffer, link, len))


-