From patchwork Mon Oct 17 08:45:28 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tao Ma X-Patchwork-Id: 120114 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id BADACB6F9A for ; Mon, 17 Oct 2011 19:47:04 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751381Ab1JQIq7 (ORCPT ); Mon, 17 Oct 2011 04:46:59 -0400 Received: from oproxy7-pub.bluehost.com ([67.222.55.9]:35647 "HELO oproxy7-pub.bluehost.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751282Ab1JQIq6 (ORCPT ); Mon, 17 Oct 2011 04:46:58 -0400 Received: (qmail 20558 invoked by uid 0); 17 Oct 2011 08:46:58 -0000 Received: from unknown (HELO box585.bluehost.com) (66.147.242.185) by oproxy7.bluehost.com with SMTP; 17 Oct 2011 08:46:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tao.ma; s=default; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=lRyuJJlgJVMDGMgBbUVqLhVpLTavby6G34PwOW3Mgkw=; b=Z+7s4u+kgEJhAEjRsORL4Rt7+PfVLGkx/N63zWPM0H3TO9LP0NBZyhm1t1159myFmig6L3doLhcm8hPjd+2e3ouvRRjDWq34MwZJAg6u3OiYP6A1nBb3ucai89E+KDTq; Received: from [182.92.247.2] (helo=tma-laptop1.taobao.ali.com) by box585.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1RFiqX-0004Nn-Fo; Mon, 17 Oct 2011 02:46:57 -0600 From: Tao Ma To: linux-ext4@vger.kernel.org Cc: dan.carpenter@oracle.com, "Theodore Ts'o" Subject: [PATCH] ext4: Check extent overflow with the right range. Date: Mon, 17 Oct 2011 16:45:28 +0800 Message-Id: <1318841128-4540-1-git-send-email-tm@tao.ma> X-Mailer: git-send-email 1.7.4.1 In-Reply-To: <20111017081036.GN30887@longonot.mountain> References: <20111017081036.GN30887@longonot.mountain> X-Identified-User: {1390:box585.bluehost.com:colyli:tao.ma} {sentby:smtp auth 182.92.247.2 authed with tm@tao.ma} Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Tao Ma In 4fd30c033, we move the range check before we change ix to avoid the memory stamp. But actually we should check against the EXT_MAX_INDEX, not EXT_LAST_INDEX. So this patch revert the old patch and adds a new check before we setting ix. Cc: "Theodore Ts'o" Signed-off-by: Tao Ma --- Ted, since 4fd30c033 is in your dev branch, I am fine to integrate these 2 patches to one. fs/ext4/extents.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 2dff31e..5c48612 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -779,8 +779,8 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, ix = curp->p_idx; } - if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) { - EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!"); + if (unlikely(ix > EXT_MAX_INDEX(curp->p_hdr))) { + EXT4_ERROR_INODE(inode, "ix > EXT_MAX_INDEX!"); return -EIO; } @@ -788,6 +788,11 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, ext4_idx_store_pblock(ix, ptr); le16_add_cpu(&curp->p_hdr->eh_entries, 1); + if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) { + EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!"); + return -EIO; + } + err = ext4_ext_dirty(handle, inode, curp); ext4_std_error(inode->i_sb, err);