5 files changed, 54 insertions, 0 deletions
diff --git a/fs/nilfs2/cpfile.c b/fs/nilfs2/cpfile.c
index deaa3d33a0aa..0d58075f34e2 100644
--- a/fs/nilfs2/cpfile.c
+++ b/fs/nilfs2/cpfile.c
@@ -942,6 +942,18 @@ int nilfs_cpfile_read(struct super_block *sb, size_t cpsize,
        struct inode *cpfile;
        int err;
+        if (cpsize > sb->s_blocksize) {
+                printk(KERN_ERR
+                       "NILFS: too large checkpoint size: %zu bytes.\n",
+                       cpsize);
+                return -EINVAL;
+        } else if (cpsize < NILFS_MIN_CHECKPOINT_SIZE) {
+                printk(KERN_ERR
+                       "NILFS: too small checkpoint size: %zu bytes.\n",
+                       cpsize);
+                return -EINVAL;
+        }
        cpfile = nilfs_iget_locked(sb, NULL, NILFS_CPFILE_INO);
        if (unlikely(!cpfile))
                return -ENOMEM;
diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c
index fa0f80308c2d..0d5fada91191 100644
--- a/fs/nilfs2/dat.c
+++ b/fs/nilfs2/dat.c
@@ -484,6 +484,18 @@ int nilfs_dat_read(struct super_block *sb, size_t entry_size,
        struct nilfs_dat_info *di;
        int err;
+        if (entry_size > sb->s_blocksize) {
+                printk(KERN_ERR
+                       "NILFS: too large DAT entry size: %zu bytes.\n",
+                       entry_size);
+                return -EINVAL;
+        } else if (entry_size < NILFS_MIN_DAT_ENTRY_SIZE) {
+                printk(KERN_ERR
+                       "NILFS: too small DAT entry size: %zu bytes.\n",
+                       entry_size);
+                return -EINVAL;
+        }
        dat = nilfs_iget_locked(sb, NULL, NILFS_DAT_INO);
        if (unlikely(!dat))
                return -ENOMEM;
diff --git a/fs/nilfs2/sufile.c b/fs/nilfs2/sufile.c
index 84e384dae663..2a869c35c362 100644
--- a/fs/nilfs2/sufile.c
+++ b/fs/nilfs2/sufile.c
@@ -1169,6 +1169,18 @@ int nilfs_sufile_read(struct super_block *sb, size_t susize,
        void *kaddr;
        int err;
+        if (susize > sb->s_blocksize) {
+                printk(KERN_ERR
+                       "NILFS: too large segment usage size: %zu bytes.\n",
+                       susize);
+                return -EINVAL;
+        } else if (susize < NILFS_MIN_SEGMENT_USAGE_SIZE) {
+                printk(KERN_ERR
+                       "NILFS: too small segment usage size: %zu bytes.\n",
+                       susize);
+                return -EINVAL;
+        }
        sufile = nilfs_iget_locked(sb, NULL, NILFS_SUFILE_INO);
        if (unlikely(!sufile))
                return -ENOMEM;
diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
index 94c451ce6d24..8ba8229ba076 100644
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -399,6 +399,16 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
                return -EINVAL;
        nilfs->ns_inode_size = le16_to_cpu(sbp->s_inode_size);
+        if (nilfs->ns_inode_size > nilfs->ns_blocksize) {
+                printk(KERN_ERR "NILFS: too large inode size: %d bytes.\n",
+                       nilfs->ns_inode_size);
+                return -EINVAL;
+        } else if (nilfs->ns_inode_size < NILFS_MIN_INODE_SIZE) {
+                printk(KERN_ERR "NILFS: too small inode size: %d bytes.\n",
+                       nilfs->ns_inode_size);
+                return -EINVAL;
+        }
        nilfs->ns_first_ino = le32_to_cpu(sbp->s_first_ino);
        nilfs->ns_blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);
diff --git a/include/linux/nilfs2_fs.h b/include/linux/nilfs2_fs.h
index 1fb465f9baf2..ff3fea3194c6 100644
--- a/include/linux/nilfs2_fs.h
+++ b/include/linux/nilfs2_fs.h
@@ -82,6 +82,8 @@ struct nilfs_inode {
        __le32  i_pad;
 };
+#define NILFS_MIN_INODE_SIZE            128
 /**
 * struct nilfs_super_root - structure of super root
 * @sr_sum: check sum
@@ -482,6 +484,8 @@ struct nilfs_dat_entry {
        __le64 de_rsv;
 };
+#define NILFS_MIN_DAT_ENTRY_SIZE        32
 /**
 * struct nilfs_snapshot_list - snapshot list
 * @ssl_next: next checkpoint number on snapshot list
@@ -520,6 +524,8 @@ struct nilfs_checkpoint {
        struct nilfs_inode cp_ifile_inode;
 };
+#define NILFS_MIN_CHECKPOINT_SIZE       (64 + NILFS_MIN_INODE_SIZE)
 /* checkpoint flags */
 enum {
        NILFS_CHECKPOINT_SNAPSHOT,
@@ -615,6 +621,8 @@ struct nilfs_segment_usage {
        __le32 su_flags;
 };
+#define NILFS_MIN_SEGMENT_USAGE_SIZE    16
 /* segment usage flag */
 enum {
        NILFS_SEGMENT_USAGE_ACTIVE,

diff --git a/fs/nilfs2/cpfile.c b/fs/nilfs2/cpfile.c index deaa3d33a0aa..0d58075f34e2 100644 --- a/fs/nilfs2/cpfile.c +++ b/fs/nilfs2/cpfile.c
@@ -942,6 +942,18 @@ int nilfs_cpfile_read(struct super_block *sb, size_t cpsize,
942	struct inode *cpfile;	942	struct inode *cpfile;
943	int err;	943	int err;
944		944
		945	if (cpsize > sb->s_blocksize) {
		946	printk(KERN_ERR
		947	"NILFS: too large checkpoint size: %zu bytes.\n",
		948	cpsize);
		949	return -EINVAL;
		950	} else if (cpsize < NILFS_MIN_CHECKPOINT_SIZE) {
		951	printk(KERN_ERR
		952	"NILFS: too small checkpoint size: %zu bytes.\n",
		953	cpsize);
		954	return -EINVAL;
		955	}
		956
945	cpfile = nilfs_iget_locked(sb, NULL, NILFS_CPFILE_INO);	957	cpfile = nilfs_iget_locked(sb, NULL, NILFS_CPFILE_INO);
946	if (unlikely(!cpfile))	958	if (unlikely(!cpfile))
947	return -ENOMEM;	959	return -ENOMEM;


diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index fa0f80308c2d..0d5fada91191 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c
@@ -484,6 +484,18 @@ int nilfs_dat_read(struct super_block *sb, size_t entry_size,
484	struct nilfs_dat_info *di;	484	struct nilfs_dat_info *di;
485	int err;	485	int err;
486		486
		487	if (entry_size > sb->s_blocksize) {
		488	printk(KERN_ERR
		489	"NILFS: too large DAT entry size: %zu bytes.\n",
		490	entry_size);
		491	return -EINVAL;
		492	} else if (entry_size < NILFS_MIN_DAT_ENTRY_SIZE) {
		493	printk(KERN_ERR
		494	"NILFS: too small DAT entry size: %zu bytes.\n",
		495	entry_size);
		496	return -EINVAL;
		497	}
		498
487	dat = nilfs_iget_locked(sb, NULL, NILFS_DAT_INO);	499	dat = nilfs_iget_locked(sb, NULL, NILFS_DAT_INO);
488	if (unlikely(!dat))	500	if (unlikely(!dat))
489	return -ENOMEM;	501	return -ENOMEM;


diff --git a/fs/nilfs2/sufile.c b/fs/nilfs2/sufile.c index 84e384dae663..2a869c35c362 100644 --- a/fs/nilfs2/sufile.c +++ b/fs/nilfs2/sufile.c
@@ -1169,6 +1169,18 @@ int nilfs_sufile_read(struct super_block *sb, size_t susize,
1169	void *kaddr;	1169	void *kaddr;
1170	int err;	1170	int err;
1171		1171
		1172	if (susize > sb->s_blocksize) {
		1173	printk(KERN_ERR
		1174	"NILFS: too large segment usage size: %zu bytes.\n",
		1175	susize);
		1176	return -EINVAL;
		1177	} else if (susize < NILFS_MIN_SEGMENT_USAGE_SIZE) {
		1178	printk(KERN_ERR
		1179	"NILFS: too small segment usage size: %zu bytes.\n",
		1180	susize);
		1181	return -EINVAL;
		1182	}
		1183
1172	sufile = nilfs_iget_locked(sb, NULL, NILFS_SUFILE_INO);	1184	sufile = nilfs_iget_locked(sb, NULL, NILFS_SUFILE_INO);
1173	if (unlikely(!sufile))	1185	if (unlikely(!sufile))
1174	return -ENOMEM;	1186	return -ENOMEM;


diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c index 94c451ce6d24..8ba8229ba076 100644 --- a/fs/nilfs2/the_nilfs.c +++ b/fs/nilfs2/the_nilfs.c
@@ -399,6 +399,16 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
399	return -EINVAL;	399	return -EINVAL;
400		400
401	nilfs->ns_inode_size = le16_to_cpu(sbp->s_inode_size);	401	nilfs->ns_inode_size = le16_to_cpu(sbp->s_inode_size);
		402	if (nilfs->ns_inode_size > nilfs->ns_blocksize) {
		403	printk(KERN_ERR "NILFS: too large inode size: %d bytes.\n",
		404	nilfs->ns_inode_size);
		405	return -EINVAL;
		406	} else if (nilfs->ns_inode_size < NILFS_MIN_INODE_SIZE) {
		407	printk(KERN_ERR "NILFS: too small inode size: %d bytes.\n",
		408	nilfs->ns_inode_size);
		409	return -EINVAL;
		410	}
		411
402	nilfs->ns_first_ino = le32_to_cpu(sbp->s_first_ino);	412	nilfs->ns_first_ino = le32_to_cpu(sbp->s_first_ino);
403		413
404	nilfs->ns_blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);	414	nilfs->ns_blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);


diff --git a/include/linux/nilfs2_fs.h b/include/linux/nilfs2_fs.h index 1fb465f9baf2..ff3fea3194c6 100644 --- a/include/linux/nilfs2_fs.h +++ b/include/linux/nilfs2_fs.h
@@ -82,6 +82,8 @@ struct nilfs_inode {
82	__le32 i_pad;	82	__le32 i_pad;
83	};	83	};
84		84
		85	#define NILFS_MIN_INODE_SIZE 128
		86
85	/**	87	/**
86	* struct nilfs_super_root - structure of super root	88	* struct nilfs_super_root - structure of super root
87	* @sr_sum: check sum	89	* @sr_sum: check sum
@@ -482,6 +484,8 @@ struct nilfs_dat_entry {
482	__le64 de_rsv;	484	__le64 de_rsv;
483	};	485	};
484		486
		487	#define NILFS_MIN_DAT_ENTRY_SIZE 32
		488
485	/**	489	/**
486	* struct nilfs_snapshot_list - snapshot list	490	* struct nilfs_snapshot_list - snapshot list
487	* @ssl_next: next checkpoint number on snapshot list	491	* @ssl_next: next checkpoint number on snapshot list
@@ -520,6 +524,8 @@ struct nilfs_checkpoint {
520	struct nilfs_inode cp_ifile_inode;	524	struct nilfs_inode cp_ifile_inode;
521	};	525	};
522		526
		527	#define NILFS_MIN_CHECKPOINT_SIZE (64 + NILFS_MIN_INODE_SIZE)
		528
523	/* checkpoint flags */	529	/* checkpoint flags */
524	enum {	530	enum {
525	NILFS_CHECKPOINT_SNAPSHOT,	531	NILFS_CHECKPOINT_SNAPSHOT,
@@ -615,6 +621,8 @@ struct nilfs_segment_usage {
615	__le32 su_flags;	621	__le32 su_flags;
616	};	622	};
617		623
		624	#define NILFS_MIN_SEGMENT_USAGE_SIZE 16
		625
618	/* segment usage flag */	626	/* segment usage flag */
619	enum {	627	enum {
620	NILFS_SEGMENT_USAGE_ACTIVE,	628	NILFS_SEGMENT_USAGE_ACTIVE,