* [PATCH] ext4: ext4_fill_super shouldn't return 0 on corruption
@ 2010-11-15 21:48 Darrick J. Wong
2010-11-15 21:55 ` Eric Sandeen
0 siblings, 1 reply; 3+ messages in thread
From: Darrick J. Wong @ 2010-11-15 21:48 UTC (permalink / raw)
To: Theodore Ts'o, Patrick J. LoPresti
Cc: linux-kernel, linux-ext4, Mingming Cao
At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
out of that function returns this ret. However, the generic_check_addressable
clause sets ret = 0 if it passes, which means that a subsequent failure (e.g.
a group checksum error) returns 0 even though the mount should fail. This
causes vfs_kern_mount in turn to think that the mount succeeded (because
PTR_ERR(0) is false), leading to an oops.
A simple fix is to avoid using ret for the generic_check_addressable check,
which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
---
fs/ext4/super.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 40131b7..a44bc59 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3257,9 +3257,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
- ext4_blocks_count(es));
- if (ret) {
+ if (generic_check_addressable(sb->s_blocksize_bits,
+ ext4_blocks_count(es))) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ext4: ext4_fill_super shouldn't return 0 on corruption
2010-11-15 21:48 Darrick J. Wong
@ 2010-11-15 21:55 ` Eric Sandeen
0 siblings, 0 replies; 3+ messages in thread
From: Eric Sandeen @ 2010-11-15 21:55 UTC (permalink / raw)
To: djwong
Cc: Theodore Ts'o, Patrick J. LoPresti, linux-kernel, linux-ext4,
Mingming Cao
On 11/15/10 3:48 PM, Darrick J. Wong wrote:
> At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
> out of that function returns this ret. However, the generic_check_addressable
> clause sets ret = 0 if it passes, which means that a subsequent failure (e.g.
> a group checksum error) returns 0 even though the mount should fail. This
> causes vfs_kern_mount in turn to think that the mount succeeded (because
> PTR_ERR(0) is false), leading to an oops.
>
> A simple fix is to avoid using ret for the generic_check_addressable check,
> which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
>
> Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
looks right, but one comment below:
> ---
>
> fs/ext4/super.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 40131b7..a44bc59 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3257,9 +3257,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> * Test whether we have more sectors than will fit in sector_t,
> * and whether the max offset is addressable by the page cache.
> */
> - ret = generic_check_addressable(sb->s_blocksize_bits,
> - ext4_blocks_count(es));
> - if (ret) {
> + if (generic_check_addressable(sb->s_blocksize_bits,
> + ext4_blocks_count(es))) {
> ext4_msg(sb, KERN_ERR, "filesystem"
> " too large to mount safely on this system");
> if (sizeof(sector_t) < 8)
you probably want to set a "ret = -EFBIG" in here.
-Eric
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] ext4: ext4_fill_super shouldn't return 0 on corruption
@ 2010-11-18 8:45 Lukas Czerner
0 siblings, 0 replies; 3+ messages in thread
From: Lukas Czerner @ 2010-11-18 8:45 UTC (permalink / raw)
To: tytso; +Cc: linux-ext4, sandeen, djwong, lczerner
At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
out of that function returns ret. However, the generic_check_addressable
clause sets ret = 0 (if it passes), which means that a subsequent failure (e.g.
a group checksum error) returns 0 even though the mount should fail. This
causes vfs_kern_mount in turn to think that the mount succeeded, leading to an
oops.
Signed-off-by: "Lukas Czerner" <lczerner@redhat.com>
Acked-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
fs/ext4/super.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 61182fe..3d89b72 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3268,13 +3268,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
+ err = generic_check_addressable(sb->s_blocksize_bits,
ext4_blocks_count(es));
- if (ret) {
+ if (err) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
+ ret = err;
goto failed_mount;
}
--
1.7.2.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-11-18 8:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-18 8:45 [PATCH] ext4: ext4_fill_super shouldn't return 0 on corruption Lukas Czerner
-- strict thread matches above, loose matches on Subject: below --
2010-11-15 21:48 Darrick J. Wong
2010-11-15 21:55 ` Eric Sandeen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).