aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabian Frederick <fabf@skynet.be>2014-10-13 18:54:01 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2014-10-13 20:18:22 -0400
commit76e512108935ecdb46792208dae5f59c7ea78e25 (patch)
tree96ea1468ce3e23c2add86f986948a17d0eaad4ee
parent5ef9819234e285abe6b616864e7b1b4607d39b58 (diff)
FS/OMFS: block number sanity check during fill_super operation
This patch defines maximum block number to 2^31. It also converts bitmap_size and array_size to unsigned int in omfs_get_imap Signed-off-by: Fabian Frederick <fabf@skynet.be> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: Bob Copeland <me@bobcopeland.com> Acked-by: Bob Copeland <me@bobcopeland.com> Tested-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat
-rw-r--r--fs/omfs/inode.c10
-rw-r--r--fs/omfs/omfs_fs.h1
2 files changed, 8 insertions, 3 deletions
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index ba8819702c56..138321b0c6c2 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -306,9 +306,7 @@ static const struct super_operations omfs_sops = {
306 */ 306 */
307static int omfs_get_imap(struct super_block *sb) 307static int omfs_get_imap(struct super_block *sb)
308{ 308{
309 int bitmap_size; 309 unsigned int bitmap_size, count, array_size;
310 int array_size;
311 int count;
312 struct omfs_sb_info *sbi = OMFS_SB(sb); 310 struct omfs_sb_info *sbi = OMFS_SB(sb);
313 struct buffer_head *bh; 311 struct buffer_head *bh;
314 unsigned long **ptr; 312 unsigned long **ptr;
@@ -473,6 +471,12 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent)
473 sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize); 471 sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize);
474 mutex_init(&sbi->s_bitmap_lock); 472 mutex_init(&sbi->s_bitmap_lock);
475 473
474 if (sbi->s_num_blocks > OMFS_MAX_BLOCKS) {
475 printk(KERN_ERR "omfs: sysblock number (%llx) is out of range\n",
476 (unsigned long long)sbi->s_num_blocks);
477 goto out_brelse_bh;
478 }
479
476 if (sbi->s_sys_blocksize > PAGE_SIZE) { 480 if (sbi->s_sys_blocksize > PAGE_SIZE) {
477 printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n", 481 printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n",
478 sbi->s_sys_blocksize); 482 sbi->s_sys_blocksize);
diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h
index ee5e4327de92..83a98330ed66 100644
--- a/fs/omfs/omfs_fs.h
+++ b/fs/omfs/omfs_fs.h
@@ -18,6 +18,7 @@
18#define OMFS_XOR_COUNT 19 18#define OMFS_XOR_COUNT 19
19#define OMFS_MAX_BLOCK_SIZE 8192 19#define OMFS_MAX_BLOCK_SIZE 8192
20#define OMFS_MAX_CLUSTER_SIZE 8 20#define OMFS_MAX_CLUSTER_SIZE 8
21#define OMFS_MAX_BLOCKS (1ul << 31)
21 22
22struct omfs_super_block { 23struct omfs_super_block {
23 char s_fill1[256]; 24 char s_fill1[256];
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-10 18:22:54 -0400