aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ext4/mballoc.c
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2010-01-22 17:40:42 -0500
committerTheodore Ts'o <tytso@mit.edu>2010-01-22 17:40:42 -0500
commit1f2acb6017d8528135ec3b01ab7cd2be6ea0630b (patch)
tree7263a5c1402237166cf425bc8f5336426159622c /fs/ext4/mballoc.c
parent15121c18a22ae483279f76dc9e554334b800d0f7 (diff)
ext4: Add block validity check when truncating indirect block mapped inodes
Add checks to ext4_free_branches() to make sure a block number found in an indirect block are valid before trying to free it. If a bad block number is found, stop freeing the indirect block immediately, since the file system is corrupt and we will need to run fsck anyway. This also avoids spamming the logs, and specifically avoids driver-level "attempt to access beyond end of device" errors obscure what is really going on. If you get *really*, *really*, *really* unlucky, without this patch, a supposed indirect block containing garbage might contain a reference to a primary block group descriptor, in which case ext4_free_branches() could end up zero'ing out a block group descriptor block, and if then one of the block bitmaps for a block group described by that bg descriptor block is not in memory, and is read in by ext4_read_block_bitmap(). This function calls ext4_valid_block_bitmap(), which assumes that bg_inode_table() was validated at mount time and hasn't been modified since. Since this assumption is no longer valid, it's possible for the value (ext4_inode_table(sb, desc) - group_first_block) to go negative, which will cause ext4_find_next_zero_bit() to trigger a kernel GPF. Addresses-Google-Bug: #2220436 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/mballoc.c')
-rw-r--r--fs/ext4/mballoc.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index d34afad3e137..d129c1039f1d 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -4476,10 +4476,11 @@ void ext4_free_blocks(handle_t *handle, struct inode *inode,
4476 4476
4477 sbi = EXT4_SB(sb); 4477 sbi = EXT4_SB(sb);
4478 es = EXT4_SB(sb)->s_es; 4478 es = EXT4_SB(sb)->s_es;
4479 if (!ext4_data_block_valid(sbi, block, count)) { 4479 if (!(flags & EXT4_FREE_BLOCKS_VALIDATED) &&
4480 !ext4_data_block_valid(sbi, block, count)) {
4480 ext4_error(sb, __func__, 4481 ext4_error(sb, __func__,
4481 "Freeing blocks not in datazone - " 4482 "Freeing blocks not in datazone - "
4482 "block = %llu, count = %lu", block, count); 4483 "block = %llu, count = %lu", block, count);
4483 goto error_return; 4484 goto error_return;
4484 } 4485 }
4485 4486