diff options
| author | Christoph Hellwig <hch@lst.de> | 2009-08-10 11:32:18 -0300 |
|---|---|---|
| committer | Felix Blyakher <felixb@sgi.com> | 2009-08-11 16:03:19 -0500 |
| commit | 16715dbe64ccac265010ab8b60848d212d002521 (patch) | |
| tree | 9e165ca646eef8835a940c66d0f8e7ac40cd4354 | |
| parent | 583e0e41ee29478e2147aeffeb772657f8db767a (diff) | |
| download | blackbird-op-linux-16715dbe64ccac265010ab8b60848d212d002521.tar.gz blackbird-op-linux-16715dbe64ccac265010ab8b60848d212d002521.zip | |
xfs: check for dinode realtime flag corruption
Ramon tested XFS with a modified version of fsfuzzer and hit a NULL
pointer dereference in __xfs_get_blocks due to the RT device target
pointer being NULL.
To fix this reject inode with the realtime bit set on a a filesystem
without an RT subvolume during inode read.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Felix Blyakher <felixb@sgi.com>
Reported-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Tested-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Signed-off-by: Felix Blyakher <felixb@sgi.com>
| -rw-r--r-- | fs/xfs/xfs_inode.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 2dcb3d781ae5..c1dc7ef5a1d8 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -343,6 +343,16 @@ xfs_iformat( return XFS_ERROR(EFSCORRUPTED); } + if (unlikely((ip->i_d.di_flags & XFS_DIFLAG_REALTIME) && + !ip->i_mount->m_rtdev_targp)) { + xfs_fs_repair_cmn_err(CE_WARN, ip->i_mount, + "corrupt dinode %Lu, has realtime flag set.", + ip->i_ino); + XFS_CORRUPTION_ERROR("xfs_iformat(realtime)", + XFS_ERRLEVEL_LOW, ip->i_mount, dip); + return XFS_ERROR(EFSCORRUPTED); + } + switch (ip->i_d.di_mode & S_IFMT) { case S_IFIFO: case S_IFCHR: |
