Re: gfs2_fh_to_parent() array overflow
Hi, On Wed, 2008-02-13 at 23:31 +0200, Adrian Bunk wrote: > On Mon, Oct 29, 2007 at 09:11:21AM +, Steven Whitehouse wrote: > > Hi, > > > > On Sat, 2007-10-27 at 23:00 +0200, Christoph Hellwig wrote: > > > On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote: > > > > The Coverity checker spotted the following array overflow caused by > > > > commit 34c0d154243dd913c5690ae6ceb9557017429b9c: > > > > > > The line is a left-over from times when gfs stored the mode of the > > > inode in the file handle. It can simply be deleted. Steve, do you > > > want a patch for that or could you commit that one-liner directly? > > > > > > > I'm just back from holiday this morning and this is looking a bit more > > complicated than that... give me a day or two and I'll try and come up > > with a solution, > > This issue is still present in 2.6.25-rc1. > Yes, it seems to have slipped off my list somehow... I've opened a bz (#432775 at bugzilla.redhat.com) to ensure that it doesn't get missed again, Steve. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
Hi, On Wed, 2008-02-13 at 23:31 +0200, Adrian Bunk wrote: On Mon, Oct 29, 2007 at 09:11:21AM +, Steven Whitehouse wrote: Hi, On Sat, 2007-10-27 at 23:00 +0200, Christoph Hellwig wrote: On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote: The Coverity checker spotted the following array overflow caused by commit 34c0d154243dd913c5690ae6ceb9557017429b9c: The line is a left-over from times when gfs stored the mode of the inode in the file handle. It can simply be deleted. Steve, do you want a patch for that or could you commit that one-liner directly? I'm just back from holiday this morning and this is looking a bit more complicated than that... give me a day or two and I'll try and come up with a solution, This issue is still present in 2.6.25-rc1. Yes, it seems to have slipped off my list somehow... I've opened a bz (#432775 at bugzilla.redhat.com) to ensure that it doesn't get missed again, Steve. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
On Mon, Oct 29, 2007 at 09:11:21AM +, Steven Whitehouse wrote:
> Hi,
>
> On Sat, 2007-10-27 at 23:00 +0200, Christoph Hellwig wrote:
> > On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote:
> > > The Coverity checker spotted the following array overflow caused by
> > > commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
> >
> > The line is a left-over from times when gfs stored the mode of the
> > inode in the file handle. It can simply be deleted. Steve, do you
> > want a patch for that or could you commit that one-liner directly?
> >
>
> I'm just back from holiday this morning and this is looking a bit more
> complicated than that... give me a day or two and I'll try and come up
> with a solution,
This issue is still present in 2.6.25-rc1.
> Steve.
>
> > > fs/gfs2/ops_export.c contains:
> > >
> > > <-- snip -->
> > >
> > > ...
> > > static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct
> > > fid *fid,
> > > int fh_len, int fh_type)
> > > {
> > > struct gfs2_inum_host parent;
> > > __be32 *fh = (__force __be32 *)fid->raw; <
> > >
> > > switch (fh_type) {
> > > case GFS2_LARGE_FH_SIZE:
> > > case GFS2_OLD_FH_SIZE:
> > > parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
> > > parent.no_formal_ino |= be32_to_cpu(fh[5]);
> > > parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
> > >^
> > > parent.no_addr |= be32_to_cpu(fh[7]);
> > > ... ^
> > >
> > > <-- snip -->
> > >
> > >
> > > cu
> > > Adrian
> > >
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
Hi,
On Sat, 2007-10-27 at 23:00 +0200, Christoph Hellwig wrote:
> On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote:
> > The Coverity checker spotted the following array overflow caused by
> > commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
>
> The line is a left-over from times when gfs stored the mode of the
> inode in the file handle. It can simply be deleted. Steve, do you
> want a patch for that or could you commit that one-liner directly?
>
I'm just back from holiday this morning and this is looking a bit more
complicated than that... give me a day or two and I'll try and come up
with a solution,
Steve.
> > fs/gfs2/ops_export.c contains:
> >
> > <-- snip -->
> >
> > ...
> > static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid
> > *fid,
> > int fh_len, int fh_type)
> > {
> > struct gfs2_inum_host parent;
> > __be32 *fh = (__force __be32 *)fid->raw; <
> >
> > switch (fh_type) {
> > case GFS2_LARGE_FH_SIZE:
> > case GFS2_OLD_FH_SIZE:
> > parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
> > parent.no_formal_ino |= be32_to_cpu(fh[5]);
> > parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
> >^
> > parent.no_addr |= be32_to_cpu(fh[7]);
> > ... ^
> >
> > <-- snip -->
> >
> >
> > cu
> > Adrian
> >
> > --
> >
> >"Is there not promise of rain?" Ling Tan asked suddenly out
> > of the darkness. There had been need of rain for many days.
> >"Only a promise," Lao Er said.
> >Pearl S. Buck - Dragon Seed
> ---end quoted text---
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
Hi,
On Sat, 2007-10-27 at 23:00 +0200, Christoph Hellwig wrote:
On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote:
The Coverity checker spotted the following array overflow caused by
commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
The line is a left-over from times when gfs stored the mode of the
inode in the file handle. It can simply be deleted. Steve, do you
want a patch for that or could you commit that one-liner directly?
I'm just back from holiday this morning and this is looking a bit more
complicated than that... give me a day or two and I'll try and come up
with a solution,
Steve.
fs/gfs2/ops_export.c contains:
-- snip --
...
static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid
*fid,
int fh_len, int fh_type)
{
struct gfs2_inum_host parent;
__be32 *fh = (__force __be32 *)fid-raw;
switch (fh_type) {
case GFS2_LARGE_FH_SIZE:
case GFS2_OLD_FH_SIZE:
parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) 32;
parent.no_formal_ino |= be32_to_cpu(fh[5]);
parent.no_addr = ((u64)be32_to_cpu(fh[6])) 32;
^
parent.no_addr |= be32_to_cpu(fh[7]);
... ^
-- snip --
cu
Adrian
--
Is there not promise of rain? Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
Only a promise, Lao Er said.
Pearl S. Buck - Dragon Seed
---end quoted text---
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote:
> The Coverity checker spotted the following array overflow caused by
> commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
The line is a left-over from times when gfs stored the mode of the
inode in the file handle. It can simply be deleted. Steve, do you
want a patch for that or could you commit that one-liner directly?
> fs/gfs2/ops_export.c contains:
>
> <-- snip -->
>
> ...
> static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid
> *fid,
> int fh_len, int fh_type)
> {
> struct gfs2_inum_host parent;
> __be32 *fh = (__force __be32 *)fid->raw; <
>
> switch (fh_type) {
> case GFS2_LARGE_FH_SIZE:
> case GFS2_OLD_FH_SIZE:
> parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
> parent.no_formal_ino |= be32_to_cpu(fh[5]);
> parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
>^
> parent.no_addr |= be32_to_cpu(fh[7]);
> ... ^
>
> <-- snip -->
>
>
> cu
> Adrian
>
> --
>
>"Is there not promise of rain?" Ling Tan asked suddenly out
> of the darkness. There had been need of rain for many days.
>"Only a promise," Lao Er said.
>Pearl S. Buck - Dragon Seed
---end quoted text---
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: gfs2_fh_to_parent() array overflow
On Wed, Oct 24, 2007 at 06:26:26PM +0200, Adrian Bunk wrote:
The Coverity checker spotted the following array overflow caused by
commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
The line is a left-over from times when gfs stored the mode of the
inode in the file handle. It can simply be deleted. Steve, do you
want a patch for that or could you commit that one-liner directly?
fs/gfs2/ops_export.c contains:
-- snip --
...
static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid
*fid,
int fh_len, int fh_type)
{
struct gfs2_inum_host parent;
__be32 *fh = (__force __be32 *)fid-raw;
switch (fh_type) {
case GFS2_LARGE_FH_SIZE:
case GFS2_OLD_FH_SIZE:
parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) 32;
parent.no_formal_ino |= be32_to_cpu(fh[5]);
parent.no_addr = ((u64)be32_to_cpu(fh[6])) 32;
^
parent.no_addr |= be32_to_cpu(fh[7]);
... ^
-- snip --
cu
Adrian
--
Is there not promise of rain? Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
Only a promise, Lao Er said.
Pearl S. Buck - Dragon Seed
---end quoted text---
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
gfs2_fh_to_parent() array overflow
The Coverity checker spotted the following array overflow caused by
commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
include/linux/exportfs.h contains:
<-- snip -->
...
struct fid {
...
__u32 raw[6];
};
};
<-- snip -->
fs/gfs2/ops_export.c contains:
<-- snip -->
...
static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,
int fh_len, int fh_type)
{
struct gfs2_inum_host parent;
__be32 *fh = (__force __be32 *)fid->raw; <
switch (fh_type) {
case GFS2_LARGE_FH_SIZE:
case GFS2_OLD_FH_SIZE:
parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
parent.no_formal_ino |= be32_to_cpu(fh[5]);
parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
^
parent.no_addr |= be32_to_cpu(fh[7]);
... ^
<-- snip -->
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
gfs2_fh_to_parent() array overflow
The Coverity checker spotted the following array overflow caused by
commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
include/linux/exportfs.h contains:
-- snip --
...
struct fid {
...
__u32 raw[6];
};
};
-- snip --
fs/gfs2/ops_export.c contains:
-- snip --
...
static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,
int fh_len, int fh_type)
{
struct gfs2_inum_host parent;
__be32 *fh = (__force __be32 *)fid-raw;
switch (fh_type) {
case GFS2_LARGE_FH_SIZE:
case GFS2_OLD_FH_SIZE:
parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) 32;
parent.no_formal_ino |= be32_to_cpu(fh[5]);
parent.no_addr = ((u64)be32_to_cpu(fh[6])) 32;
^
parent.no_addr |= be32_to_cpu(fh[7]);
... ^
-- snip --
cu
Adrian
--
Is there not promise of rain? Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
Only a promise, Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
