diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-12-12 13:14:13 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-12-12 13:14:13 -0500 |
| commit | 48a2f0b2728c88b18829e191eafdde60290aa64f (patch) | |
| tree | 7d8095fbb0afde5a695891b7b141533dd111c780 | |
| parent | 5cdec2d833748fbd27d3682f7209225c504c79c5 (diff) | |
| parent | f94c44573e7c22860e2c3dfe349c45f72ba35ad3 (diff) | |
Merge tag 'xfs-for-linus-v3.13-rc4' of git://oss.sgi.com/xfs/xfs
Pull xfs bugfixes from Ben Myers:
- fix for buffer overrun in agfl with growfs on v4 superblock
- return EINVAL if requested discard length is less than a block
- fix possible memory corruption in xfs_attrlist_by_handle()
* tag 'xfs-for-linus-v3.13-rc4' of git://oss.sgi.com/xfs/xfs:
xfs: growfs overruns AGFL buffer on V4 filesystems
xfs: don't perform discard if the given range length is less than block size
xfs: underflow bug in xfs_attrlist_by_handle()
| -rw-r--r-- | fs/xfs/xfs_discard.c | 5 | ||||
| -rw-r--r-- | fs/xfs/xfs_fsops.c | 6 | ||||
| -rw-r--r-- | fs/xfs/xfs_ioctl.c | 3 | ||||
| -rw-r--r-- | fs/xfs/xfs_ioctl32.c | 3 |
4 files changed, 12 insertions, 5 deletions
diff --git a/fs/xfs/xfs_discard.c b/fs/xfs/xfs_discard.c index 8367d6dc18c9..4f11ef011139 100644 --- a/fs/xfs/xfs_discard.c +++ b/fs/xfs/xfs_discard.c | |||
| @@ -157,7 +157,7 @@ xfs_ioc_trim( | |||
| 157 | struct xfs_mount *mp, | 157 | struct xfs_mount *mp, |
| 158 | struct fstrim_range __user *urange) | 158 | struct fstrim_range __user *urange) |
| 159 | { | 159 | { |
| 160 | struct request_queue *q = mp->m_ddev_targp->bt_bdev->bd_disk->queue; | 160 | struct request_queue *q = bdev_get_queue(mp->m_ddev_targp->bt_bdev); |
| 161 | unsigned int granularity = q->limits.discard_granularity; | 161 | unsigned int granularity = q->limits.discard_granularity; |
| 162 | struct fstrim_range range; | 162 | struct fstrim_range range; |
| 163 | xfs_daddr_t start, end, minlen; | 163 | xfs_daddr_t start, end, minlen; |
| @@ -180,7 +180,8 @@ xfs_ioc_trim( | |||
| 180 | * matter as trimming blocks is an advisory interface. | 180 | * matter as trimming blocks is an advisory interface. |
| 181 | */ | 181 | */ |
| 182 | if (range.start >= XFS_FSB_TO_B(mp, mp->m_sb.sb_dblocks) || | 182 | if (range.start >= XFS_FSB_TO_B(mp, mp->m_sb.sb_dblocks) || |
| 183 | range.minlen > XFS_FSB_TO_B(mp, XFS_ALLOC_AG_MAX_USABLE(mp))) | 183 | range.minlen > XFS_FSB_TO_B(mp, XFS_ALLOC_AG_MAX_USABLE(mp)) || |
| 184 | range.len < mp->m_sb.sb_blocksize) | ||
| 184 | return -XFS_ERROR(EINVAL); | 185 | return -XFS_ERROR(EINVAL); |
| 185 | 186 | ||
| 186 | start = BTOBB(range.start); | 187 | start = BTOBB(range.start); |
diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c index a6e54b3319bd..02fb943cbf22 100644 --- a/fs/xfs/xfs_fsops.c +++ b/fs/xfs/xfs_fsops.c | |||
| @@ -220,6 +220,8 @@ xfs_growfs_data_private( | |||
| 220 | */ | 220 | */ |
| 221 | nfree = 0; | 221 | nfree = 0; |
| 222 | for (agno = nagcount - 1; agno >= oagcount; agno--, new -= agsize) { | 222 | for (agno = nagcount - 1; agno >= oagcount; agno--, new -= agsize) { |
| 223 | __be32 *agfl_bno; | ||
| 224 | |||
| 223 | /* | 225 | /* |
| 224 | * AG freespace header block | 226 | * AG freespace header block |
| 225 | */ | 227 | */ |
| @@ -279,8 +281,10 @@ xfs_growfs_data_private( | |||
| 279 | agfl->agfl_seqno = cpu_to_be32(agno); | 281 | agfl->agfl_seqno = cpu_to_be32(agno); |
| 280 | uuid_copy(&agfl->agfl_uuid, &mp->m_sb.sb_uuid); | 282 | uuid_copy(&agfl->agfl_uuid, &mp->m_sb.sb_uuid); |
| 281 | } | 283 | } |
| 284 | |||
| 285 | agfl_bno = XFS_BUF_TO_AGFL_BNO(mp, bp); | ||
| 282 | for (bucket = 0; bucket < XFS_AGFL_SIZE(mp); bucket++) | 286 | for (bucket = 0; bucket < XFS_AGFL_SIZE(mp); bucket++) |
| 283 | agfl->agfl_bno[bucket] = cpu_to_be32(NULLAGBLOCK); | 287 | agfl_bno[bucket] = cpu_to_be32(NULLAGBLOCK); |
| 284 | 288 | ||
| 285 | error = xfs_bwrite(bp); | 289 | error = xfs_bwrite(bp); |
| 286 | xfs_buf_relse(bp); | 290 | xfs_buf_relse(bp); |
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 4d613401a5e0..33ad9a77791f 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c | |||
| @@ -442,7 +442,8 @@ xfs_attrlist_by_handle( | |||
| 442 | return -XFS_ERROR(EPERM); | 442 | return -XFS_ERROR(EPERM); |
| 443 | if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t))) | 443 | if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t))) |
| 444 | return -XFS_ERROR(EFAULT); | 444 | return -XFS_ERROR(EFAULT); |
| 445 | if (al_hreq.buflen > XATTR_LIST_MAX) | 445 | if (al_hreq.buflen < sizeof(struct attrlist) || |
| 446 | al_hreq.buflen > XATTR_LIST_MAX) | ||
| 446 | return -XFS_ERROR(EINVAL); | 447 | return -XFS_ERROR(EINVAL); |
| 447 | 448 | ||
| 448 | /* | 449 | /* |
diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c index e8fb1231db81..a7992f8de9d3 100644 --- a/fs/xfs/xfs_ioctl32.c +++ b/fs/xfs/xfs_ioctl32.c | |||
| @@ -356,7 +356,8 @@ xfs_compat_attrlist_by_handle( | |||
| 356 | if (copy_from_user(&al_hreq, arg, | 356 | if (copy_from_user(&al_hreq, arg, |
| 357 | sizeof(compat_xfs_fsop_attrlist_handlereq_t))) | 357 | sizeof(compat_xfs_fsop_attrlist_handlereq_t))) |
| 358 | return -XFS_ERROR(EFAULT); | 358 | return -XFS_ERROR(EFAULT); |
| 359 | if (al_hreq.buflen > XATTR_LIST_MAX) | 359 | if (al_hreq.buflen < sizeof(struct attrlist) || |
| 360 | al_hreq.buflen > XATTR_LIST_MAX) | ||
| 360 | return -XFS_ERROR(EINVAL); | 361 | return -XFS_ERROR(EINVAL); |
| 361 | 362 | ||
| 362 | /* | 363 | /* |