diff options
author | Eric Sandeen <sandeen@redhat.com> | 2006-12-06 23:33:06 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2006-12-07 11:39:23 -0500 |
commit | 5d1854e15ee979f8e27330f0d3ce5e2703afa1dc (patch) | |
tree | 8aff9641966020284218f2cdd75fd3b7bfc2babc | |
parent | 4af2bfc1202041006a0f01d0591a975f6c573f09 (diff) |
[PATCH] reject corrupt swapfiles earlier
The fsfuzzer found this; with a corrupt small swapfile that claims to have
many pages:
[root]# file swap.741.img
swap.741.img: Linux/i386 swap file (new style) 1 (4K pages) size 1040191487 pages
[root]# ls -l swap.741.img
-rw-r--r-- 1 root root 16777216 Nov 22 05:18 swap.741.img
sys_swapon() will try to vmalloc all those pages, and -then- check to see if
the file is actually that large:
if (!(p->swap_map = vmalloc(maxpages * sizeof(short)))) {
<snip>
if (swapfilesize && maxpages > swapfilesize) {
printk(KERN_WARNING
"Swap area shorter than signature indicates\n");
It seems to me that it would make more sense to move this test up before
the vmalloc, with the other checks, to avoid the OOM-killer in this
situation...
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | mm/swapfile.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/mm/swapfile.c b/mm/swapfile.c index 8e206cea0f5e..f315131db006 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c | |||
@@ -1552,6 +1552,11 @@ asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags) | |||
1552 | error = -EINVAL; | 1552 | error = -EINVAL; |
1553 | if (!maxpages) | 1553 | if (!maxpages) |
1554 | goto bad_swap; | 1554 | goto bad_swap; |
1555 | if (swapfilesize && maxpages > swapfilesize) { | ||
1556 | printk(KERN_WARNING | ||
1557 | "Swap area shorter than signature indicates\n"); | ||
1558 | goto bad_swap; | ||
1559 | } | ||
1555 | if (swap_header->info.nr_badpages && S_ISREG(inode->i_mode)) | 1560 | if (swap_header->info.nr_badpages && S_ISREG(inode->i_mode)) |
1556 | goto bad_swap; | 1561 | goto bad_swap; |
1557 | if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES) | 1562 | if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES) |
@@ -1579,12 +1584,6 @@ asmlinkage long sys_swapon(const char __user * specialfile, int swap_flags) | |||
1579 | goto bad_swap; | 1584 | goto bad_swap; |
1580 | } | 1585 | } |
1581 | 1586 | ||
1582 | if (swapfilesize && maxpages > swapfilesize) { | ||
1583 | printk(KERN_WARNING | ||
1584 | "Swap area shorter than signature indicates\n"); | ||
1585 | error = -EINVAL; | ||
1586 | goto bad_swap; | ||
1587 | } | ||
1588 | if (nr_good_pages) { | 1587 | if (nr_good_pages) { |
1589 | p->swap_map[0] = SWAP_MAP_BAD; | 1588 | p->swap_map[0] = SWAP_MAP_BAD; |
1590 | p->max = maxpages; | 1589 | p->max = maxpages; |