From patchwork Mon Jun 27 06:29:40 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Dong X-Patchwork-Id: 102109 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 7E9DDB6F59 for ; Mon, 27 Jun 2011 16:31:24 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756137Ab1F0Gaj (ORCPT ); Mon, 27 Jun 2011 02:30:39 -0400 Received: from mail-iy0-f174.google.com ([209.85.210.174]:43308 "EHLO mail-iy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756535Ab1F0G3t (ORCPT ); Mon, 27 Jun 2011 02:29:49 -0400 Received: by iyb12 with SMTP id 12so3829679iyb.19 for ; Sun, 26 Jun 2011 23:29:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:cc:subject:date:message-id:x-mailer; bh=UuvxRpdKRfgUg9BM+rUvJK0yW3P0k2Y6ffmAGNEiAys=; b=aWxyyVLKFTUdU1uTu7+FEOxOp/gZoFVef8Oiu36dQ3FKNnukr4XsYpEjNz0D33ij6n N6IqcJp6S+eou8OW0aO0mg29/MRe6Qfety/6trel4t+MqaMjYZ+ZxCPB4s6Fn145hTeb qB2Cq2c6Dhl4ILPygg+lny4jSKAD7tJ0pUUf0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=HxgcNxzaUispa2wh0WDH1XSweCVM91Xjw5uP9ozmXrUd8i65WvK264X7zj1yeAfGXZ s1zOtmqukarAXBfe1FpR4V8yzqQOjWCRroma2ra26K4AkpnQ6771sabOc2iyj3/cdO5g EsI8AFyzvw4ljfN7p2XSNd0qjkZ/LTLT9zNHI= Received: by 10.231.144.200 with SMTP id a8mr3755300ibv.85.1309156189059; Sun, 26 Jun 2011 23:29:49 -0700 (PDT) Received: from localhost.localdomain ([114.251.86.0]) by mx.google.com with ESMTPS id j1sm2909108ibg.38.2011.06.26.23.29.46 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 26 Jun 2011 23:29:48 -0700 (PDT) From: Robin Dong To: linux-ext4@vger.kernel.org Cc: Robin Dong Subject: [PATCH v3] ext4: avoid eh_entries overflow before insert extent_idx Date: Mon, 27 Jun 2011 14:29:40 +0800 Message-Id: <1309156180-3899-1-git-send-email-sanbai@taobao.com> X-Mailer: git-send-email 1.7.1 Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org If eh_entries is equal to (or greater than) eh_max, the operation of inserting new extent_idx will make number of entries overflow. So check eh_entries before inserting the new extent_idx. Although there is no bug case according the code (function ext4_ext_insert_index is called by ext4_ext_split and ext4_ext_split is called only if the index block has free space), the right logic should be "lookup the capacity before insertion". Signed-off-by: Robin Dong --- fs/ext4/extents.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index eb63c7b..792e77e 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -776,6 +776,16 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, logical, le32_to_cpu(curp->p_idx->ei_block)); return -EIO; } + + if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries) + >= le16_to_cpu(curp->p_hdr->eh_max))) { + EXT4_ERROR_INODE(inode, + "eh_entries %d >= eh_max %d!", + le16_to_cpu(curp->p_hdr->eh_entries), + le16_to_cpu(curp->p_hdr->eh_max)); + return -EIO; + } + len = EXT_MAX_INDEX(curp->p_hdr) - curp->p_idx; if (logical > le32_to_cpu(curp->p_idx->ei_block)) { /* insert after */ @@ -805,14 +815,6 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, ext4_idx_store_pblock(ix, ptr); le16_add_cpu(&curp->p_hdr->eh_entries, 1); - if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries) - > le16_to_cpu(curp->p_hdr->eh_max))) { - EXT4_ERROR_INODE(inode, - "eh_entries %d > eh_max %d!", - le16_to_cpu(curp->p_hdr->eh_entries), - le16_to_cpu(curp->p_hdr->eh_max)); - return -EIO; - } if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) { EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!"); return -EIO;