From: Christoph Lameter <clameter@sgi.com>
To: torvalds@linux-foundation.org
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Takashi Sato <sho@tnes.nec.co.jp>, Mingming Cao <cmm@us.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>, Mel Gorman <mel@skynet.ie>
Cc: William Lee Irwin III <wli@holomorphy.com>, David Chinner <dgc@sgi.com>
Cc: Jens Axboe <jens.axboe@oracle.com>, Badari Pulavarty <pbadari@gmail.com>
Cc: Maxim Levitsky <maximlevitsky@gmail.com>,
Fengguang Wu <fengguang.wu@gmail.com>
Cc: swin wang <wangswin@gmail.com>, totty.lu@gmail.com, hugh@veritas.com
Cc: joern@lazybastard.org
Subject: [37/41] ext2: fix rec_len overflow for 64KB block size
Date: Mon, 10 Sep 2007 23:04:27 -0700 [thread overview]
Message-ID: <20070911060434.199209710@sgi.com> (raw)
In-Reply-To: 20070911060349.993975297@sgi.com
[-- Attachment #1: 0039-From-Mingming-Cao-cmm-us.ibm.com.patch --]
[-- Type: text/plain, Size: 6804 bytes --]
[2/4] ext2: fix rec_len overflow
- prevent rec_len from overflow with 64KB blocksize
Signed-off-by: Takashi Sato <sho@tnes.nec.co.jp>
Signed-off-by: Mingming Cao <cmm@us.ibm.com>
Signed-off-by: Christoph Lameter <clameter@sgi.com>
---
fs/ext2/dir.c | 46 ++++++++++++++++++++++++++++++++++++----------
include/linux/ext2_fs.h | 13 +++++++++++++
2 files changed, 49 insertions(+), 10 deletions(-)
diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index d72926f..4934860 100644
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -97,9 +97,9 @@ static void ext2_check_page(struct page *page)
goto out;
}
for (offs = 0; offs <= limit - EXT2_DIR_REC_LEN(1); offs += rec_len) {
+ offs = EXT2_DIR_ADJUST_TAIL_OFFS(offs, chunk_size);
p = (ext2_dirent *)(kaddr + offs);
rec_len = le16_to_cpu(p->rec_len);
-
if (rec_len < EXT2_DIR_REC_LEN(1))
goto Eshort;
if (rec_len & 3)
@@ -111,6 +111,7 @@ static void ext2_check_page(struct page *page)
if (le32_to_cpu(p->inode) > max_inumber)
goto Einumber;
}
+ offs = EXT2_DIR_ADJUST_TAIL_OFFS(offs, chunk_size);
if (offs != limit)
goto Eend;
out:
@@ -287,6 +288,7 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
de = (ext2_dirent *)(kaddr+offset);
limit = kaddr + ext2_last_byte(inode, n) - EXT2_DIR_REC_LEN(1);
for ( ;(char*)de <= limit; de = ext2_next_entry(de)) {
+ de = EXT2_DIR_ADJUST_TAIL_ADDR(kaddr, de, sb->s_blocksize);
if (de->rec_len == 0) {
ext2_error(sb, __FUNCTION__,
"zero-length directory entry");
@@ -309,8 +311,10 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
return 0;
}
}
+ filp->f_pos = EXT2_DIR_ADJUST_TAIL_OFFS(filp->f_pos, sb->s_blocksize);
filp->f_pos += le16_to_cpu(de->rec_len);
}
+ filp->f_pos = EXT2_DIR_ADJUST_TAIL_OFFS(filp->f_pos, sb->s_blocksize);
ext2_put_page(page);
}
return 0;
@@ -348,13 +352,14 @@ struct ext2_dir_entry_2 * ext2_find_entry (struct inode * dir,
start = 0;
n = start;
do {
- char *kaddr;
+ char *kaddr, *page_start;
page = ext2_get_page(dir, n);
if (!IS_ERR(page)) {
- kaddr = page_address(page);
+ kaddr = page_start = page_address(page);
de = (ext2_dirent *) kaddr;
kaddr += ext2_last_byte(dir, n) - reclen;
while ((char *) de <= kaddr) {
+ de = EXT2_DIR_ADJUST_TAIL_ADDR(page_start, de, dir->i_sb->s_blocksize);
if (de->rec_len == 0) {
ext2_error(dir->i_sb, __FUNCTION__,
"zero-length directory entry");
@@ -421,6 +426,7 @@ void ext2_set_link(struct inode *dir, struct ext2_dir_entry_2 *de,
unsigned to = from + le16_to_cpu(de->rec_len);
int err;
+ to = EXT2_DIR_ADJUST_TAIL_OFFS(to, inode->i_sb->s_blocksize);
lock_page(page);
err = page->mapping->a_ops->prepare_write(NULL, page, from, to);
BUG_ON(err);
@@ -452,6 +458,7 @@ int ext2_add_link (struct dentry *dentry, struct inode *inode)
char *kaddr;
unsigned from, to;
int err;
+ char *page_start = NULL;
/*
* We take care of directory expansion in the same loop.
@@ -466,16 +473,28 @@ int ext2_add_link (struct dentry *dentry, struct inode *inode)
if (IS_ERR(page))
goto out;
lock_page(page);
- kaddr = page_address(page);
+ kaddr = page_start = page_address(page);
dir_end = kaddr + ext2_last_byte(dir, n);
de = (ext2_dirent *)kaddr;
- kaddr += page_cache_size(mapping) - reclen;
+ if (chunk_size < EXT2_DIR_MAX_REC_LEN) {
+ kaddr += page_cache_size(mapping) - reclen;
+ } else {
+ kaddr += page_cache_size(mapping) -
+ (chunk_size - EXT2_DIR_MAX_REC_LEN) - reclen;
+ }
while ((char *)de <= kaddr) {
+ de = EXT2_DIR_ADJUST_TAIL_ADDR(page_start, de, chunk_size);
if ((char *)de == dir_end) {
/* We hit i_size */
name_len = 0;
- rec_len = chunk_size;
- de->rec_len = cpu_to_le16(chunk_size);
+ if (chunk_size < EXT2_DIR_MAX_REC_LEN) {
+ rec_len = chunk_size;
+ de->rec_len = cpu_to_le16(chunk_size);
+ } else {
+ rec_len = EXT2_DIR_MAX_REC_LEN;
+ de->rec_len =
+ cpu_to_le16(EXT2_DIR_MAX_REC_LEN);
+ }
de->inode = 0;
goto got_it;
}
@@ -505,6 +524,7 @@ int ext2_add_link (struct dentry *dentry, struct inode *inode)
got_it:
from = (char*)de - (char*)page_address(page);
to = from + rec_len;
+ to = EXT2_DIR_ADJUST_TAIL_OFFS(to, chunk_size);
err = page->mapping->a_ops->prepare_write(NULL, page, from, to);
if (err)
goto out_unlock;
@@ -547,6 +567,7 @@ int ext2_delete_entry (struct ext2_dir_entry_2 * dir, struct page * page )
ext2_dirent * de = (ext2_dirent *) (kaddr + from);
int err;
+ to = EXT2_DIR_ADJUST_TAIL_OFFS(to, inode->i_sb->s_blocksize);
while ((char*)de < (char*)dir) {
if (de->rec_len == 0) {
ext2_error(inode->i_sb, __FUNCTION__,
@@ -604,7 +625,11 @@ int ext2_make_empty(struct inode *inode, struct inode *parent)
de = (struct ext2_dir_entry_2 *)(kaddr + EXT2_DIR_REC_LEN(1));
de->name_len = 2;
- de->rec_len = cpu_to_le16(chunk_size - EXT2_DIR_REC_LEN(1));
+ if (chunk_size < EXT2_DIR_MAX_REC_LEN) {
+ de->rec_len = cpu_to_le16(chunk_size - EXT2_DIR_REC_LEN(1));
+ } else {
+ de->rec_len = cpu_to_le16(EXT2_DIR_MAX_REC_LEN - EXT2_DIR_REC_LEN(1));
+ }
de->inode = cpu_to_le32(parent->i_ino);
memcpy (de->name, "..\0", 4);
ext2_set_de_type (de, inode);
@@ -624,18 +649,19 @@ int ext2_empty_dir (struct inode * inode)
unsigned long i, npages = dir_pages(inode);
for (i = 0; i < npages; i++) {
- char *kaddr;
+ char *kaddr, *page_start;
ext2_dirent * de;
page = ext2_get_page(inode, i);
if (IS_ERR(page))
continue;
- kaddr = page_address(page);
+ kaddr = page_start = page_address(page);
de = (ext2_dirent *)kaddr;
kaddr += ext2_last_byte(inode, i) - EXT2_DIR_REC_LEN(1);
while ((char *)de <= kaddr) {
+ de = EXT2_DIR_ADJUST_TAIL_ADDR(page_start, de, inode->i_sb->s_blocksize);
if (de->rec_len == 0) {
ext2_error(inode->i_sb, __FUNCTION__,
"zero-length directory entry");
diff --git a/include/linux/ext2_fs.h b/include/linux/ext2_fs.h
index 910a705..e8dd546 100644
--- a/include/linux/ext2_fs.h
+++ b/include/linux/ext2_fs.h
@@ -557,5 +557,18 @@ enum {
#define EXT2_DIR_ROUND (EXT2_DIR_PAD - 1)
#define EXT2_DIR_REC_LEN(name_len) (((name_len) + 8 + EXT2_DIR_ROUND) & \
~EXT2_DIR_ROUND)
+#define EXT2_DIR_MAX_REC_LEN 65532
+
+/*
+ * Align a tail offset(address) to the end of a directory block
+ */
+#define EXT2_DIR_ADJUST_TAIL_OFFS(offs, bsize) \
+ ((((offs) & ((bsize) -1)) == EXT2_DIR_MAX_REC_LEN) ? \
+ ((offs) + (bsize) - EXT2_DIR_MAX_REC_LEN):(offs))
+
+#define EXT2_DIR_ADJUST_TAIL_ADDR(page, de, bsize) \
+ (((((char*)(de) - (page)) & ((bsize) - 1)) == EXT2_DIR_MAX_REC_LEN) ? \
+ ((ext2_dirent*)((char*)(de) + (bsize) - EXT2_DIR_MAX_REC_LEN)):(de))
#endif /* _LINUX_EXT2_FS_H */
+
--
1.5.2.5
--
next prev parent reply other threads:[~2007-09-11 6:04 UTC|newest]
Thread overview: 187+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-11 6:03 [00/41] Large Blocksize Support V7 (adds memmap support) Christoph Lameter
2007-09-10 18:52 ` Nick Piggin
2007-09-11 12:05 ` Andrea Arcangeli
2007-09-11 20:03 ` Christoph Lameter
2007-09-11 12:12 ` Jörn Engel
2007-09-10 21:13 ` Nick Piggin
2007-09-11 16:02 ` Goswin von Brederlow
2007-09-11 20:07 ` Christoph Lameter
2007-09-11 20:29 ` Jörn Engel
2007-09-11 20:41 ` Christoph Lameter
2007-09-11 23:26 ` Andrea Arcangeli
2007-09-12 0:04 ` Christoph Lameter
2007-09-12 8:20 ` Andrea Arcangeli
2007-09-15 8:44 ` Andrew Morton
2007-09-15 12:14 ` Goswin von Brederlow
2007-09-15 15:51 ` Andrea Arcangeli
2007-09-15 20:14 ` Goswin von Brederlow
2007-09-15 22:30 ` Andrea Arcangeli
2007-09-16 13:54 ` Goswin von Brederlow
2007-09-16 15:08 ` Andrea Arcangeli
2007-09-16 21:08 ` Mel Gorman
2007-09-16 22:48 ` Goswin von Brederlow
2007-09-17 9:30 ` Mel Gorman
2007-09-16 17:46 ` Jörn Engel
2007-09-16 18:15 ` Linus Torvalds
2007-09-16 18:21 ` Jörn Engel
2007-09-16 18:44 ` Linus Torvalds
2007-09-16 22:51 ` Goswin von Brederlow
2007-09-23 17:44 ` Jörn Engel
2007-09-16 22:06 ` Goswin von Brederlow
2007-09-16 22:40 ` Jörn Engel
2007-09-16 18:15 ` Mel Gorman
2007-09-16 18:50 ` Andrea Arcangeli
2007-09-16 20:54 ` Mel Gorman
2007-09-16 21:31 ` Andrea Arcangeli
2007-09-17 10:13 ` Mel Gorman
2007-09-23 5:50 ` Goswin von Brederlow
2007-09-16 22:56 ` Goswin von Brederlow
2007-09-18 19:31 ` Andrea Arcangeli
2007-09-23 6:56 ` Goswin von Brederlow
2007-09-24 15:39 ` Andrea Arcangeli
2007-09-16 18:13 ` Mel Gorman
2007-09-16 9:03 ` Nick Piggin
2007-09-17 22:00 ` Christoph Lameter
2007-09-18 0:11 ` Nick Piggin
2007-09-18 20:36 ` Christoph Lameter
2007-09-18 10:00 ` Mel Gorman
2007-09-18 10:49 ` Jörn Engel
2007-09-18 12:31 ` David Chinner
2007-09-16 21:58 ` Goswin von Brederlow
2007-09-17 10:03 ` Mel Gorman
2007-09-23 6:22 ` Goswin von Brederlow
2007-09-24 12:32 ` Kyle Moffett
2007-09-16 17:53 ` Jörn Engel
2007-09-16 21:31 ` Mel Gorman
2007-09-17 22:03 ` Christoph Lameter
2007-09-11 15:36 ` Mel Gorman
2007-09-11 1:44 ` Nick Piggin
2007-09-11 20:11 ` Christoph Lameter
2007-09-11 4:53 ` Nick Piggin
2007-09-11 20:42 ` Christoph Lameter
2007-09-11 5:30 ` Nick Piggin
2007-09-11 21:41 ` Christoph Lameter
2007-09-11 6:06 ` Nick Piggin
2007-09-11 21:52 ` Christoph Lameter
2007-09-11 18:07 ` Nick Piggin
2007-09-12 23:06 ` Christoph Lameter
2007-09-13 20:51 ` Nick Piggin
2007-09-14 17:52 ` Christoph Lameter
2007-09-16 8:22 ` Nick Piggin
2007-09-17 22:05 ` Christoph Lameter
2007-09-18 0:10 ` Nick Piggin
2007-09-18 20:42 ` Christoph Lameter
2007-09-17 11:10 ` Bernd Schmidt
2007-09-17 22:10 ` Christoph Lameter
2007-09-14 16:10 ` Goswin von Brederlow
2007-09-14 17:42 ` Mel Gorman
2007-09-15 0:31 ` Goswin von Brederlow
2007-09-16 21:16 ` Mel Gorman
2007-09-16 22:38 ` Goswin von Brederlow
2007-09-17 8:57 ` Mel Gorman
2007-09-23 6:49 ` Goswin von Brederlow
2007-09-11 20:53 ` Mel Gorman
2007-09-11 6:00 ` Nick Piggin
2007-09-11 21:48 ` Christoph Lameter
2007-09-11 6:17 ` Nick Piggin
2007-09-12 0:00 ` Christoph Lameter
2007-09-12 2:46 ` Nick Piggin
2007-09-12 23:17 ` Christoph Lameter
2007-09-13 9:40 ` Mel Gorman
2007-09-14 2:38 ` Christoph Lameter
2007-09-13 21:20 ` Nick Piggin
2007-09-14 18:08 ` Christoph Lameter
2007-09-14 18:15 ` Christoph Lameter
2007-09-15 0:33 ` Goswin von Brederlow
2007-09-16 8:53 ` Nick Piggin
2007-09-17 22:21 ` Christoph Lameter
2007-09-18 1:16 ` Nick Piggin
2007-09-18 18:30 ` Linus Torvalds
2007-09-18 17:53 ` Nick Piggin
2007-09-18 19:18 ` Andrea Arcangeli
2007-09-18 19:44 ` Linus Torvalds
2007-09-19 0:58 ` Nathan Scott
2007-09-19 1:06 ` Linus Torvalds
2007-09-19 2:45 ` Nathan Scott
2007-09-19 5:09 ` David Chinner
2007-09-19 9:41 ` Alex Tomas
2007-09-19 14:04 ` Andrea Arcangeli
2007-09-20 1:38 ` David Chinner
2007-09-20 14:54 ` Andrea Arcangeli
2007-09-20 18:11 ` Christoph Lameter
2007-09-20 18:07 ` Christoph Lameter
2007-09-21 20:41 ` Hugh Dickins
2007-09-24 21:13 ` Christoph Lameter
2007-09-28 2:46 ` Nick Piggin
2007-09-19 3:41 ` Rene Herman
2007-09-19 3:50 ` Linus Torvalds
2007-09-19 4:26 ` Rene Herman
2007-09-19 4:33 ` Linus Torvalds
2007-09-19 4:56 ` Rene Herman
2007-09-11 21:54 ` Mel Gorman
2007-09-12 14:29 ` Martin J. Bligh
2007-09-12 1:49 ` David Chinner
2007-09-11 15:27 ` Nick Piggin
2007-09-13 1:49 ` David Chinner
2007-09-12 17:23 ` Nick Piggin
2007-09-13 13:03 ` David Chinner
2007-09-13 2:01 ` Nick Piggin
2007-09-13 20:48 ` Nick Piggin
2007-09-17 4:07 ` David Chinner
2007-09-16 21:13 ` Nick Piggin
2007-09-12 2:01 ` Nick Piggin
2007-09-11 21:35 ` Christoph Lameter
2007-09-11 16:47 ` Andrea Arcangeli
2007-09-11 18:31 ` Mel Gorman
2007-09-11 2:26 ` Nick Piggin
2007-09-11 18:25 ` Maxim Levitsky
2007-09-11 3:05 ` Nick Piggin
2007-09-11 21:03 ` Mel Gorman
2007-09-11 19:20 ` Andrea Arcangeli
2007-09-11 20:19 ` Jörn Engel
2007-09-11 20:13 ` Christoph Lameter
2007-09-11 20:01 ` Christoph Lameter
2007-09-11 4:43 ` Nick Piggin
2007-09-11 5:17 ` Nick Piggin
2007-09-11 21:27 ` Mel Gorman
2007-09-11 6:03 ` [01/41] Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user Christoph Lameter
2007-09-11 6:03 ` [02/41] Define functions for page cache handling Christoph Lameter
2007-09-11 6:03 ` [03/41] Use page_cache_xxx functions in mm/filemap.c Christoph Lameter
2007-09-11 6:03 ` [04/41] Use page_cache_xxx in mm/page-writeback.c Christoph Lameter
2007-09-11 6:03 ` [05/41] Use page_cache_xxx in mm/truncate.c Christoph Lameter
2007-09-11 6:03 ` [06/41] Use page_cache_xxx in mm/rmap.c Christoph Lameter
2007-09-11 6:03 ` [07/41] Use page_cache_xxx in mm/filemap_xip.c Christoph Lameter
2007-09-11 6:03 ` [08/41] Use page_cache_xxx in mm/migrate.c Christoph Lameter
2007-09-11 6:03 ` [09/41] Use page_cache_xxx in fs/libfs.c Christoph Lameter
2007-09-11 6:04 ` [10/41] Use page_cache_xxx in fs/sync Christoph Lameter
2007-09-11 6:04 ` [11/41] Use page_cache_xxx in fs/buffer.c Christoph Lameter
2007-09-11 6:04 ` [12/41] Use page_cache_xxx in mm/mpage.c Christoph Lameter
2007-09-11 6:04 ` [13/41] Use page_cache_xxx in mm/fadvise.c Christoph Lameter
2007-09-11 6:04 ` [14/41] Use page_cache_xxx in fs/splice.c Christoph Lameter
2007-09-11 6:04 ` [15/41] Use page_cache_xxx in ext2 Christoph Lameter
2007-09-11 6:04 ` [16/41] Use page_cache_xxx in fs/ext3 Christoph Lameter
2007-09-11 6:04 ` [17/41] Use page_cache_xxx in fs/ext4 Christoph Lameter
2007-09-11 6:04 ` [18/41] Use page_cache_xxx in fs/reiserfs Christoph Lameter
2007-09-11 6:04 ` [19/41] Use page_cache_xxx for fs/xfs Christoph Lameter
2007-09-11 6:04 ` [20/41] Use page_cache_xxx in drivers/block/rd.c Christoph Lameter
2007-09-11 6:04 ` [21/41] compound pages: Better PageHead/PageTail handling Christoph Lameter
2007-09-11 6:04 ` [22/41] compound pages: Add new support functions Christoph Lameter
2007-09-11 6:04 ` [23/41] compound pages: vmstat support Christoph Lameter
2007-09-11 6:04 ` [24/41] compound pages: Use new compound vmstat functions in SLUB Christoph Lameter
2007-09-11 6:04 ` [25/41] compound pages: Allow use of get_page_unless_zero with compound pages Christoph Lameter
2007-09-11 6:04 ` [26/41] compound pages: Allow freeing of compound pages via pagevec Christoph Lameter
2007-09-11 6:04 ` [27/41] Large page order operations, zeroing and flushing Christoph Lameter
2007-09-11 6:04 ` [28/41] Futex: Fix PAGE SIZE assumption Christoph Lameter
2007-09-11 6:04 ` [29/41] Fix up reclaim counters Christoph Lameter
2007-09-11 6:04 ` [30/41] Add VM_BUG_ONs to check for correct page order Christoph Lameter
2007-09-11 6:04 ` [31/41] Large Blocksize: Core piece Christoph Lameter
2007-09-11 6:04 ` [32/41] Readahead changes to support large blocksize Christoph Lameter
2007-09-11 6:04 ` [33/41] Large blocksize support in ramfs Christoph Lameter
2007-09-11 6:04 ` [34/41] Large blocksize support for XFS Christoph Lameter
2007-09-11 6:04 ` [35/41] Reiserfs: Fix up mapping_set_gfp_mask() Christoph Lameter
2007-09-11 6:04 ` [36/41] 64k block size support for Ext2/3/4 Christoph Lameter
2007-09-11 6:04 ` Christoph Lameter [this message]
2007-09-11 6:04 ` [38/41] ext3: fix rec_len overflow with 64KB block size Christoph Lameter
2007-09-11 6:04 ` [39/41] ext4: fix rec_len overflow for " Christoph Lameter
2007-09-11 6:04 ` [40/41] Do not use f_mapping in simple_prepare_write() Christoph Lameter
2007-09-11 6:04 ` [41/41] Mmap support using pte PAGE_SIZE mappings Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070911060434.199209710@sgi.com \
--to=clameter@sgi.com \
--cc=cmm@us.ibm.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sho@tnes.nec.co.jp \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).