diff options
| author | Robin Dong <hao.bigrat@gmail.com> | 2011-07-17 23:43:42 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2011-07-17 23:43:42 -0400 |
| commit | d46203159ed376fdbe2b05aa57e58207bf27a8f9 (patch) | |
| tree | 8bcbe5545066606b12d6cd250747471802520c0b /fs/ext4/extents.c | |
| parent | 015861badd0db43d025bbb538f8fc62dfaf3f18d (diff) | |
ext4: avoid eh_entries overflow before insert extent_idx
If eh_entries is equal to (or greater than) eh_max, the operation of
inserting new extent_idx will make number of entries overflow.
So check eh_entries before inserting the new extent_idx.
Although there is no bug case according the code (function
ext4_ext_insert_index is called by ext4_ext_split and ext4_ext_split
is called only if the index block has free space), the right logic
should be "lookup the capacity before insertion".
Signed-off-by: Robin Dong <sanbai@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/extents.c')
| -rw-r--r-- | fs/ext4/extents.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index b8acfab00224..9bec432e2d26 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c | |||
| @@ -741,6 +741,16 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, | |||
| 741 | logical, le32_to_cpu(curp->p_idx->ei_block)); | 741 | logical, le32_to_cpu(curp->p_idx->ei_block)); |
| 742 | return -EIO; | 742 | return -EIO; |
| 743 | } | 743 | } |
| 744 | |||
| 745 | if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries) | ||
| 746 | >= le16_to_cpu(curp->p_hdr->eh_max))) { | ||
| 747 | EXT4_ERROR_INODE(inode, | ||
| 748 | "eh_entries %d >= eh_max %d!", | ||
| 749 | le16_to_cpu(curp->p_hdr->eh_entries), | ||
| 750 | le16_to_cpu(curp->p_hdr->eh_max)); | ||
| 751 | return -EIO; | ||
| 752 | } | ||
| 753 | |||
| 744 | len = EXT_MAX_INDEX(curp->p_hdr) - curp->p_idx; | 754 | len = EXT_MAX_INDEX(curp->p_hdr) - curp->p_idx; |
| 745 | if (logical > le32_to_cpu(curp->p_idx->ei_block)) { | 755 | if (logical > le32_to_cpu(curp->p_idx->ei_block)) { |
| 746 | /* insert after */ | 756 | /* insert after */ |
| @@ -770,14 +780,6 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode, | |||
| 770 | ext4_idx_store_pblock(ix, ptr); | 780 | ext4_idx_store_pblock(ix, ptr); |
| 771 | le16_add_cpu(&curp->p_hdr->eh_entries, 1); | 781 | le16_add_cpu(&curp->p_hdr->eh_entries, 1); |
| 772 | 782 | ||
| 773 | if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries) | ||
| 774 | > le16_to_cpu(curp->p_hdr->eh_max))) { | ||
| 775 | EXT4_ERROR_INODE(inode, | ||
| 776 | "eh_entries %d > eh_max %d!", | ||
| 777 | le16_to_cpu(curp->p_hdr->eh_entries), | ||
| 778 | le16_to_cpu(curp->p_hdr->eh_max)); | ||
| 779 | return -EIO; | ||
| 780 | } | ||
| 781 | if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) { | 783 | if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) { |
| 782 | EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!"); | 784 | EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!"); |
| 783 | return -EIO; | 785 | return -EIO; |