diff options
author | Christoph Hellwig <hch@lst.de> | 2009-08-10 10:32:18 -0400 |
---|---|---|
committer | Felix Blyakher <felixb@sgi.com> | 2009-08-12 02:08:21 -0400 |
commit | b89d4208de3de442c9025919c4261be0b38e79a4 (patch) | |
tree | 3c47c8d10c3ef50e2423528d0d8db7a738928621 /fs/xfs | |
parent | e0c222c411e22f086e929cd69fdcc89336164ec1 (diff) |
xfs: check for dinode realtime flag corruption
Ramon tested XFS with a modified version of fsfuzzer and hit a NULL
pointer dereference in __xfs_get_blocks due to the RT device target
pointer being NULL.
To fix this reject inode with the realtime bit set on a a filesystem
without an RT subvolume during inode read.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Felix Blyakher <felixb@sgi.com>
Reported-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Tested-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Signed-off-by: Felix Blyakher <felixb@sgi.com>
Diffstat (limited to 'fs/xfs')
-rw-r--r-- | fs/xfs/xfs_inode.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 1f22d65fed0a..da428b3fe0f5 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c | |||
@@ -343,6 +343,16 @@ xfs_iformat( | |||
343 | return XFS_ERROR(EFSCORRUPTED); | 343 | return XFS_ERROR(EFSCORRUPTED); |
344 | } | 344 | } |
345 | 345 | ||
346 | if (unlikely((ip->i_d.di_flags & XFS_DIFLAG_REALTIME) && | ||
347 | !ip->i_mount->m_rtdev_targp)) { | ||
348 | xfs_fs_repair_cmn_err(CE_WARN, ip->i_mount, | ||
349 | "corrupt dinode %Lu, has realtime flag set.", | ||
350 | ip->i_ino); | ||
351 | XFS_CORRUPTION_ERROR("xfs_iformat(realtime)", | ||
352 | XFS_ERRLEVEL_LOW, ip->i_mount, dip); | ||
353 | return XFS_ERROR(EFSCORRUPTED); | ||
354 | } | ||
355 | |||
346 | switch (ip->i_d.di_mode & S_IFMT) { | 356 | switch (ip->i_d.di_mode & S_IFMT) { |
347 | case S_IFIFO: | 357 | case S_IFIFO: |
348 | case S_IFCHR: | 358 | case S_IFCHR: |