From: "Doug Graham" <dgraham@nortel.com>
To: linux-kernel@vger.kernel.org
Subject: V3 minixfs bug (attempt #2)
Date: Thu, 02 Jul 2009 17:51:00 -0400 [thread overview]
Message-ID: <4A4D2BC4.3010703@nortel.com> (raw)
There are a few places in the Minix FS code
where the "inode" field of a minix_dir_entry is used without checking
first to see if the dirent is really a minix3_dir_entry. The inode number
in a V1/V2 dirent is 16 bits, whereas that in a V3 dirent is 32 bits.
Accessing
it as a 16 bit field when it really should be accessed as a 32 bit field
probably kinda sorta works on a little-endian machine, but leads to some
rather odd behaviour on big-endian machines.
Signed-off-by: Doug Graham <dgraham@nortel.com>
---
--- linux-2.6.29.2/fs/minix/dir.c 2009/07/02 21:05:33 1.1
+++ linux-2.6.29.2/fs/minix/dir.c 2009/07/02 21:10:31
@@ -311,14 +311,18 @@ int minix_delete_entry(struct minix_dir_
struct inode *inode = (struct inode*)mapping->host;
char *kaddr = page_address(page);
loff_t pos = page_offset(page) + (char*)de - kaddr;
- unsigned len = minix_sb(inode->i_sb)->s_dirsize;
+ struct minix_sb_info *sbi = minix_sb(inode->i_sb);
+ unsigned len = sbi->s_dirsize;
int err;
lock_page(page);
err = __minix_write_begin(NULL, mapping, pos, len,
AOP_FLAG_UNINTERRUPTIBLE, &page,
NULL);
if (err == 0) {
- de->inode = 0;
+ if (sbi->s_version == MINIX_V3)
+ ((minix3_dirent *) de)->inode = 0;
+ else
+ de->inode = 0;
err = dir_commit_chunk(page, pos, len);
} else {
unlock_page(page);
@@ -443,7 +447,10 @@ void minix_set_link(struct minix_dir_ent
err = __minix_write_begin(NULL, mapping, pos, sbi->s_dirsize,
AOP_FLAG_UNINTERRUPTIBLE, &page,
NULL);
if (err == 0) {
- de->inode = inode->i_ino;
+ if (sbi->s_version == MINIX_V3)
+ ((minix3_dirent *) de)->inode = inode->i_ino;
+ else
+ de->inode = inode->i_ino;
err = dir_commit_chunk(page, pos, sbi->s_dirsize);
} else {
unlock_page(page);
@@ -473,7 +480,14 @@ ino_t minix_inode_by_name(struct dentry
ino_t res = 0;
if (de) {
- res = de->inode;
+ struct address_space *mapping = page->mapping;
+ struct inode *inode = (struct inode*)mapping->host;
+ struct minix_sb_info *sbi = minix_sb(inode->i_sb);
+
+ if (sbi->s_version == MINIX_V3)
+ res = ((minix3_dirent *) de)->inode;
+ else
+ res = de->inode;
dir_put_page(page);
}
return res;
reply other threads:[~2009-07-02 21:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A4D2BC4.3010703@nortel.com \
--to=dgraham@nortel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.