Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Wed, Oct 03, 2012 at 12:01:54PM -0300, Herton Ronaldo Krzesinski wrote:
> This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692
> ("xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()").
> I think it should be also cherry-picked in this release.
Thanks Herton for the reporting this, fix queued.
Regards,
Willy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Tue, Oct 02, 2012 at 12:52:43AM +0200, Willy Tarreau wrote:
> 2.6.32-longterm review patch. If anyone has any objections, please let me
> know.
>
> --
>
> From: Carlos Maiolino
>
> commit b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24 upstream
>
[...]
> @@ -564,13 +564,20 @@ xfs_readlink(
>
> xfs_ilock(ip, XFS_ILOCK_SHARED);
>
> - ASSERT((ip->i_d.di_mode & S_IFMT) == S_IFLNK);
> - ASSERT(ip->i_d.di_size <= MAXPATHLEN);
> -
> pathlen = ip->i_d.di_size;
> if (!pathlen)
> goto out;
>
> + if (pathlen < 0 || pathlen > MAXPATHLEN) {
> + xfs_fs_cmn_err(CE_ALERT, mp,
> + "%s: inode (%llu) bad symlink length (%lld)",
> + __func__, (unsigned long long) ip->i_ino,
> + (long long) pathlen);
> + ASSERT(0);
> + return XFS_ERROR(EFSCORRUPTED);
This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692
("xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()").
I think it should be also cherry-picked in this release.
> + }
> +
> +
> if (ip->i_df.if_flags & XFS_IFINLINE) {
> memcpy(link, ip->i_df.if_u1.if_data, pathlen);
> link[pathlen] = '\0';
--
[]'s
Herton
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Tue, Oct 02, 2012 at 12:52:43AM +0200, Willy Tarreau wrote:
2.6.32-longterm review patch. If anyone has any objections, please let me
know.
--
From: Carlos Maiolino cmaiol...@redhat.com
commit b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24 upstream
[...]
@@ -564,13 +564,20 @@ xfs_readlink(
xfs_ilock(ip, XFS_ILOCK_SHARED);
- ASSERT((ip-i_d.di_mode S_IFMT) == S_IFLNK);
- ASSERT(ip-i_d.di_size = MAXPATHLEN);
-
pathlen = ip-i_d.di_size;
if (!pathlen)
goto out;
+ if (pathlen 0 || pathlen MAXPATHLEN) {
+ xfs_fs_cmn_err(CE_ALERT, mp,
+ %s: inode (%llu) bad symlink length (%lld),
+ __func__, (unsigned long long) ip-i_ino,
+ (long long) pathlen);
+ ASSERT(0);
+ return XFS_ERROR(EFSCORRUPTED);
This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692
(xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()).
I think it should be also cherry-picked in this release.
+ }
+
+
if (ip-i_df.if_flags XFS_IFINLINE) {
memcpy(link, ip-i_df.if_u1.if_data, pathlen);
link[pathlen] = '\0';
--
[]'s
Herton
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [ 046/180] xfs: Fix possible memory corruption in xfs_readlink
On Wed, Oct 03, 2012 at 12:01:54PM -0300, Herton Ronaldo Krzesinski wrote: This needs a followup fix, commit 9b025eb3a89e041bab6698e3858706be2385d692 (xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()). I think it should be also cherry-picked in this release. Thanks Herton for the reporting this, fix queued. Regards, Willy -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
