aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Brown <neilb@suse.de>2006-07-30 06:03:01 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-07-31 16:28:36 -0400
commit2ccb48ebb4de139eef4fcefd5f2bb823cb0d81b9 (patch)
treee06a83c7306e143175a87df2328b45e1ef34da5b
parentf712c0c7e1796f92e45e4de144e247816d974b8f (diff)
[PATCH] ext3: avoid triggering ext3_error on bad NFS file handle
The inode number out of an NFS file handle gets passed eventually to ext3_get_inode_block() without any checking. If ext3_get_inode_block() allows it to trigger an error, then bad filehandles can have unpleasant effect - ext3_error() will usually cause a forced read-only remount, or a panic if `errors=panic' was used. So remove the call to ext3_error there and put a matching check in ext3/namei.c where inode numbers are read off storage. [akpm@osdl.org: fix off-by-one error] Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Jan Kara <jack@suse.cz> Cc: Marcel Holtmann <marcel@holtmann.org> Cc: <stable@kernel.org> Cc: "Stephen C. Tweedie" <sct@redhat.com> Cc: Eric Sandeen <esandeen@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/ext3/inode.c13
-rw-r--r--fs/ext3/namei.c15
-rw-r--r--include/linux/ext3_fs.h9
3 files changed, 29 insertions, 8 deletions
diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
index f804d5e9d60c..ab034d3053ea 100644
--- a/fs/ext3/inode.c
+++ b/fs/ext3/inode.c
@@ -2402,14 +2402,15 @@ static ext3_fsblk_t ext3_get_inode_block(struct super_block *sb,
2402 struct buffer_head *bh; 2402 struct buffer_head *bh;
2403 struct ext3_group_desc * gdp; 2403 struct ext3_group_desc * gdp;
2404 2404
2405 2405 if (!ext3_valid_inum(sb, ino)) {
2406 if ((ino != EXT3_ROOT_INO && ino != EXT3_JOURNAL_INO && 2406 /*
2407 ino != EXT3_RESIZE_INO && ino < EXT3_FIRST_INO(sb)) || 2407 * This error is already checked for in namei.c unless we are
2408 ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count)) { 2408 * looking at an NFS filehandle, in which case no error
2409 ext3_error(sb, "ext3_get_inode_block", 2409 * report is needed
2410 "bad inode number: %lu", ino); 2410 */
2411 return 0; 2411 return 0;
2412 } 2412 }
2413
2413 block_group = (ino - 1) / EXT3_INODES_PER_GROUP(sb); 2414 block_group = (ino - 1) / EXT3_INODES_PER_GROUP(sb);
2414 if (block_group >= EXT3_SB(sb)->s_groups_count) { 2415 if (block_group >= EXT3_SB(sb)->s_groups_count) {
2415 ext3_error(sb,"ext3_get_inode_block","group >= groups count"); 2416 ext3_error(sb,"ext3_get_inode_block","group >= groups count");
diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
index d9176dba3698..2aa7101b27cd 100644
--- a/fs/ext3/namei.c
+++ b/fs/ext3/namei.c
@@ -1000,7 +1000,12 @@ static struct dentry *ext3_lookup(struct inode * dir, struct dentry *dentry, str
1000 if (bh) { 1000 if (bh) {
1001 unsigned long ino = le32_to_cpu(de->inode); 1001 unsigned long ino = le32_to_cpu(de->inode);
1002 brelse (bh); 1002 brelse (bh);
1003 inode = iget(dir->i_sb, ino); 1003 if (!ext3_valid_inum(dir->i_sb, ino)) {
1004 ext3_error(dir->i_sb, "ext3_lookup",
1005 "bad inode number: %lu", ino);
1006 inode = NULL;
1007 } else
1008 inode = iget(dir->i_sb, ino);
1004 1009
1005 if (!inode) 1010 if (!inode)
1006 return ERR_PTR(-EACCES); 1011 return ERR_PTR(-EACCES);
@@ -1028,7 +1033,13 @@ struct dentry *ext3_get_parent(struct dentry *child)
1028 return ERR_PTR(-ENOENT); 1033 return ERR_PTR(-ENOENT);
1029 ino = le32_to_cpu(de->inode); 1034 ino = le32_to_cpu(de->inode);
1030 brelse(bh); 1035 brelse(bh);
1031 inode = iget(child->d_inode->i_sb, ino); 1036
1037 if (!ext3_valid_inum(child->d_inode->i_sb, ino)) {
1038 ext3_error(child->d_inode->i_sb, "ext3_get_parent",
1039 "bad inode number: %lu", ino);
1040 inode = NULL;
1041 } else
1042 inode = iget(child->d_inode->i_sb, ino);
1032 1043
1033 if (!inode) 1044 if (!inode)
1034 return ERR_PTR(-EACCES); 1045 return ERR_PTR(-EACCES);
diff --git a/include/linux/ext3_fs.h b/include/linux/ext3_fs.h
index 5607e6457a65..9f9cce7bd86d 100644
--- a/include/linux/ext3_fs.h
+++ b/include/linux/ext3_fs.h
@@ -492,6 +492,15 @@ static inline struct ext3_inode_info *EXT3_I(struct inode *inode)
492{ 492{
493 return container_of(inode, struct ext3_inode_info, vfs_inode); 493 return container_of(inode, struct ext3_inode_info, vfs_inode);
494} 494}
495
496static inline int ext3_valid_inum(struct super_block *sb, unsigned long ino)
497{
498 return ino == EXT3_ROOT_INO ||
499 ino == EXT3_JOURNAL_INO ||
500 ino == EXT3_RESIZE_INO ||
501 (ino >= EXT3_FIRST_INO(sb) &&
502 ino <= le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count));
503}
495#else 504#else
496/* Assume that user mode programs are passing in an ext3fs superblock, not 505/* Assume that user mode programs are passing in an ext3fs superblock, not
497 * a kernel struct super_block. This will allow us to call the feature-test 506 * a kernel struct super_block. This will allow us to call the feature-test