Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Wed, Oct 03, 2012 at 12:01:54PM -0300, Herton Ronaldo Krzesinski wrote: > This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692 > ("xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()"). > I think it should be also cherry-picked in this release. Thanks Herton for the reporting this, fix queued. Regards, Willy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Tue, Oct 02, 2012 at 12:52:43AM +0200, Willy Tarreau wrote: > 2.6.32-longterm review patch. If anyone has any objections, please let me > know. > > -- > > From: Carlos Maiolino > > commit b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24 upstream > [...] > @@ -564,13 +564,20 @@ xfs_readlink( > > xfs_ilock(ip, XFS_ILOCK_SHARED); > > - ASSERT((ip->i_d.di_mode & S_IFMT) == S_IFLNK); > - ASSERT(ip->i_d.di_size <= MAXPATHLEN); > - > pathlen = ip->i_d.di_size; > if (!pathlen) > goto out; > > + if (pathlen < 0 || pathlen > MAXPATHLEN) { > + xfs_fs_cmn_err(CE_ALERT, mp, > + "%s: inode (%llu) bad symlink length (%lld)", > + __func__, (unsigned long long) ip->i_ino, > + (long long) pathlen); > + ASSERT(0); > + return XFS_ERROR(EFSCORRUPTED); This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692 ("xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()"). I think it should be also cherry-picked in this release. > + } > + > + > if (ip->i_df.if_flags & XFS_IFINLINE) { > memcpy(link, ip->i_df.if_u1.if_data, pathlen); > link[pathlen] = '\0'; -- []'s Herton -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Tue, Oct 02, 2012 at 12:52:43AM +0200, Willy Tarreau wrote: 2.6.32-longterm review patch. If anyone has any objections, please let me know. -- From: Carlos Maiolino cmaiol...@redhat.com commit b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24 upstream [...] @@ -564,13 +564,20 @@ xfs_readlink( xfs_ilock(ip, XFS_ILOCK_SHARED); - ASSERT((ip-i_d.di_mode S_IFMT) == S_IFLNK); - ASSERT(ip-i_d.di_size = MAXPATHLEN); - pathlen = ip-i_d.di_size; if (!pathlen) goto out; + if (pathlen 0 || pathlen MAXPATHLEN) { + xfs_fs_cmn_err(CE_ALERT, mp, + %s: inode (%llu) bad symlink length (%lld), + __func__, (unsigned long long) ip-i_ino, + (long long) pathlen); + ASSERT(0); + return XFS_ERROR(EFSCORRUPTED); This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692 (xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()). I think it should be also cherry-picked in this release. + } + + if (ip-i_df.if_flags XFS_IFINLINE) { memcpy(link, ip-i_df.if_u1.if_data, pathlen); link[pathlen] = '\0'; -- []'s Herton -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Wed, Oct 03, 2012 at 12:01:54PM -0300, Herton Ronaldo Krzesinski wrote: This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692 (xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()). I think it should be also cherry-picked in this release. Thanks Herton for the reporting this, fix queued. Regards, Willy -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/