diff options
| author | OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> | 2017-03-09 19:17:37 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-03-09 20:01:10 -0500 |
| commit | c0d0e351285161a515396b7b1ee53ec9ffd97e3c (patch) | |
| tree | 10a446f71ea3e4ec0e82abadbda61bbdb79bdac1 /fs/fat | |
| parent | ca5b58ea3db88b5e69ba2a1f6bc3cf239cdcc64f (diff) | |
fat: fix using uninitialized fields of fat_inode/fsinfo_inode
Recently fallocate patch was merged and it uses
MSDOS_I(inode)->mmu_private at fat_evict_inode(). However,
fat_inode/fsinfo_inode that was introduced in past didn't initialize
MSDOS_I(inode) properly.
With those combinations, it became the cause of accessing random entry
in FAT area.
Link: http://lkml.kernel.org/r/87pohrj4i8.fsf@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: Moreno Bartalucci <moreno.bartalucci@tecnorama.it>
Tested-by: Moreno Bartalucci <moreno.bartalucci@tecnorama.it>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/fat')
| -rw-r--r-- | fs/fat/inode.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/fs/fat/inode.c b/fs/fat/inode.c index 338d2f73eb29..a2c05f2ada6d 100644 --- a/fs/fat/inode.c +++ b/fs/fat/inode.c | |||
| @@ -1359,6 +1359,16 @@ out: | |||
| 1359 | return 0; | 1359 | return 0; |
| 1360 | } | 1360 | } |
| 1361 | 1361 | ||
| 1362 | static void fat_dummy_inode_init(struct inode *inode) | ||
| 1363 | { | ||
| 1364 | /* Initialize this dummy inode to work as no-op. */ | ||
| 1365 | MSDOS_I(inode)->mmu_private = 0; | ||
| 1366 | MSDOS_I(inode)->i_start = 0; | ||
| 1367 | MSDOS_I(inode)->i_logstart = 0; | ||
| 1368 | MSDOS_I(inode)->i_attrs = 0; | ||
| 1369 | MSDOS_I(inode)->i_pos = 0; | ||
| 1370 | } | ||
| 1371 | |||
| 1362 | static int fat_read_root(struct inode *inode) | 1372 | static int fat_read_root(struct inode *inode) |
| 1363 | { | 1373 | { |
| 1364 | struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); | 1374 | struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); |
| @@ -1803,12 +1813,13 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat, | |||
| 1803 | fat_inode = new_inode(sb); | 1813 | fat_inode = new_inode(sb); |
| 1804 | if (!fat_inode) | 1814 | if (!fat_inode) |
| 1805 | goto out_fail; | 1815 | goto out_fail; |
| 1806 | MSDOS_I(fat_inode)->i_pos = 0; | 1816 | fat_dummy_inode_init(fat_inode); |
| 1807 | sbi->fat_inode = fat_inode; | 1817 | sbi->fat_inode = fat_inode; |
| 1808 | 1818 | ||
| 1809 | fsinfo_inode = new_inode(sb); | 1819 | fsinfo_inode = new_inode(sb); |
| 1810 | if (!fsinfo_inode) | 1820 | if (!fsinfo_inode) |
| 1811 | goto out_fail; | 1821 | goto out_fail; |
| 1822 | fat_dummy_inode_init(fsinfo_inode); | ||
| 1812 | fsinfo_inode->i_ino = MSDOS_FSINFO_INO; | 1823 | fsinfo_inode->i_ino = MSDOS_FSINFO_INO; |
| 1813 | sbi->fsinfo_inode = fsinfo_inode; | 1824 | sbi->fsinfo_inode = fsinfo_inode; |
| 1814 | insert_inode_hash(fsinfo_inode); | 1825 | insert_inode_hash(fsinfo_inode); |