* [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents
@ 2014-04-13 15:35 Dmitry Monakhov
2014-04-13 15:36 ` [PATCH 2/3] ext4: always check ext4_ext_find_extent result Dmitry Monakhov
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Dmitry Monakhov @ 2014-04-13 15:35 UTC (permalink / raw)
To: linux-ext4; +Cc: tytso, Dmitry Monakhov
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
fs/ext4/extents.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 96e0a4b..38be063 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5314,11 +5314,18 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
* enough to accomodate the shift.
*/
path = ext4_ext_find_extent(inode, start - 1, NULL, 0);
+ if (IS_ERR(path))
+ return PTR_ERR(path);
depth = path->p_depth;
extent = path[depth].p_ext;
- ex_start = le32_to_cpu(extent->ee_block);
- ex_end = le32_to_cpu(extent->ee_block) +
+ if (extent) {
+ ex_start = le32_to_cpu(extent->ee_block);
+ ex_end = le32_to_cpu(extent->ee_block) +
ext4_ext_get_actual_len(extent);
+ } else {
+ ex_start = 0;
+ ex_end = 0;
+ }
ext4_ext_drop_refs(path);
kfree(path);
--
1.7.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 2/3] ext4: always check ext4_ext_find_extent result 2014-04-13 15:35 [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Dmitry Monakhov @ 2014-04-13 15:36 ` Dmitry Monakhov 2014-04-13 22:06 ` Theodore Ts'o 2014-04-13 15:36 ` [PATCH 3/3] ext4: remove obsoleted check Dmitry Monakhov 2014-04-13 19:10 ` [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Theodore Ts'o 2 siblings, 1 reply; 6+ messages in thread From: Dmitry Monakhov @ 2014-04-13 15:36 UTC (permalink / raw) To: linux-ext4; +Cc: tytso, Dmitry Monakhov Where are some places where logic guaranties us that extent we are searching exits, but this may not be true due to on-disk data corruption. If such corruption happens we must prevent possible null pointer dereferences. Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> --- fs/ext4/extents.c | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 38be063..f20effb 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3313,6 +3313,10 @@ static int ext4_split_extent(handle_t *handle, return PTR_ERR(path); depth = ext_depth(inode); ex = path[depth].p_ext; + if (!ex) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", map->m_lblk); + return -EIO; + } uninitialized = ext4_ext_is_uninitialized(ex); split_flag1 = 0; @@ -3694,6 +3698,12 @@ static int ext4_convert_initialized_extents(handle_t *handle, } depth = ext_depth(inode); ex = path[depth].p_ext; + if (!ex) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", + map->m_lblk); + err = -EIO; + goto out; + } } err = ext4_ext_get_access(handle, inode, path + depth); @@ -5340,6 +5350,12 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle, return PTR_ERR(path); depth = path->p_depth; extent = path[depth].p_ext; + if (!extent) { + EXT4_ERROR_INODE(inode, "unexpected hole at %lu", + start); + return -EIO; + } + current_block = le32_to_cpu(extent->ee_block); if (start > current_block) { /* Hole, move to the next extent */ -- 1.7.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/3] ext4: always check ext4_ext_find_extent result 2014-04-13 15:36 ` [PATCH 2/3] ext4: always check ext4_ext_find_extent result Dmitry Monakhov @ 2014-04-13 22:06 ` Theodore Ts'o 0 siblings, 0 replies; 6+ messages in thread From: Theodore Ts'o @ 2014-04-13 22:06 UTC (permalink / raw) To: Dmitry Monakhov; +Cc: linux-ext4 On Sun, Apr 13, 2014 at 07:36:00PM +0400, Dmitry Monakhov wrote: > Where are some places where logic guaranties us that extent we are > searching exits, but this may not be true due to on-disk data > corruption. If such corruption happens we must prevent possible > null pointer dereferences. > > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Thanks, applied. - Ted ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 3/3] ext4: remove obsoleted check 2014-04-13 15:35 [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Dmitry Monakhov 2014-04-13 15:36 ` [PATCH 2/3] ext4: always check ext4_ext_find_extent result Dmitry Monakhov @ 2014-04-13 15:36 ` Dmitry Monakhov 2014-04-13 22:13 ` Theodore Ts'o 2014-04-13 19:10 ` [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Theodore Ts'o 2 siblings, 1 reply; 6+ messages in thread From: Dmitry Monakhov @ 2014-04-13 15:36 UTC (permalink / raw) To: linux-ext4; +Cc: tytso, Dmitry Monakhov BH can not be NULL at this point, ext4_read_dirblock() always return non null value, and we already have done all necessery checks. Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> --- fs/ext4/namei.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 1cb84f7..a683f95 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -2510,8 +2510,7 @@ static int empty_dir(struct inode *inode) ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize); de = ext4_next_entry(de1, sb->s_blocksize); while (offset < inode->i_size) { - if (!bh || - (void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { + if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { unsigned int lblock; err = 0; brelse(bh); -- 1.7.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] ext4: remove obsoleted check 2014-04-13 15:36 ` [PATCH 3/3] ext4: remove obsoleted check Dmitry Monakhov @ 2014-04-13 22:13 ` Theodore Ts'o 0 siblings, 0 replies; 6+ messages in thread From: Theodore Ts'o @ 2014-04-13 22:13 UTC (permalink / raw) To: Dmitry Monakhov; +Cc: linux-ext4 On Sun, Apr 13, 2014 at 07:36:01PM +0400, Dmitry Monakhov wrote: > BH can not be NULL at this point, ext4_read_dirblock() always return > non null value, and we already have done all necessery checks. > > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Thanks, queued for the next merge window (since it's not a bug fix, but just a clean up). - Ted ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents 2014-04-13 15:35 [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Dmitry Monakhov 2014-04-13 15:36 ` [PATCH 2/3] ext4: always check ext4_ext_find_extent result Dmitry Monakhov 2014-04-13 15:36 ` [PATCH 3/3] ext4: remove obsoleted check Dmitry Monakhov @ 2014-04-13 19:10 ` Theodore Ts'o 2 siblings, 0 replies; 6+ messages in thread From: Theodore Ts'o @ 2014-04-13 19:10 UTC (permalink / raw) To: Dmitry Monakhov; +Cc: linux-ext4 On Sun, Apr 13, 2014 at 07:35:59PM +0400, Dmitry Monakhov wrote: > > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Thanks, applied (and will be pushed as part of bug fixes for 3.15). - Ted ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-04-13 22:13 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-04-13 15:35 [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Dmitry Monakhov 2014-04-13 15:36 ` [PATCH 2/3] ext4: always check ext4_ext_find_extent result Dmitry Monakhov 2014-04-13 22:06 ` Theodore Ts'o 2014-04-13 15:36 ` [PATCH 3/3] ext4: remove obsoleted check Dmitry Monakhov 2014-04-13 22:13 ` Theodore Ts'o 2014-04-13 19:10 ` [PATCH 1/3] ext4: Fix error handling in ext4_ext_shift_extents Theodore Ts'o
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).