* Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-9
- Fix block overflows in xfs_repair and xfs_metadump
This commit is contained in:
Eric Sandeen
parent
bea2a0f462
commit
e9b290532b
84
xfsprogs-3.0.1-overflows.patch
Normal file
84
xfsprogs-3.0.1-overflows.patch
Normal file
@ -0,0 +1,84 @@
|
||||
From: Eric Sandeen <sandeen@sandeen.net>
|
||||
Date: Thu, 2 Jul 2009 05:29:36 +0000 (-0500)
|
||||
Subject: xfs_repair: fix agcount*agblocks overflows
|
||||
X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=003e8e41124707f55b20b376a6359dc7f6292991
|
||||
|
||||
xfs_repair: fix agcount*agblocks overflows
|
||||
|
||||
The last test in verify_ag_bno() may overflow:
|
||||
|
||||
return (agbno >= (sbp->sb_dblocks -
|
||||
((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
|
||||
|
||||
because sb_agcount & sb_agblocks are 32-bit integers; this
|
||||
may then miss corrupt agbnos for the last ag, which can in
|
||||
turn lead to out of bounds memory accesses later, for example
|
||||
when the block nr is used to offset in set_agbno_state():
|
||||
|
||||
addr = ba_bmap[(agno)] + (ag_blockno)/XR_BB_NUM;
|
||||
|
||||
Similar problems in mk_incore_fstree
|
||||
|
||||
Reported-by: Jesse Stroik <jstroik@ssec.wisc.edu>
|
||||
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
|
||||
Reviewed-by: Felix Blyakher <felixb@sgi.com>
|
||||
---
|
||||
|
||||
|
||||
From: Eric Sandeen <sandeen@sandeen.net>
|
||||
Date: Mon, 6 Jul 2009 19:53:35 +0000 (-0500)
|
||||
Subject: xfs_metadump: agcount*agblocks overflow
|
||||
X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=66be354ed0dfb73566f504ac7301fab7915e9475
|
||||
|
||||
xfs_metadump: agcount*agblocks overflow
|
||||
|
||||
Found another potential overflow in xfs_metadump,
|
||||
similar to those just fixed in repair.
|
||||
|
||||
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
|
||||
Reviewed-by: Christoph Hellwig <hch@infradead.org>
|
||||
---
|
||||
|
||||
diff --git a/repair/dinode.c b/repair/dinode.c
|
||||
index fdf52db..84e1d05 100644
|
||||
--- a/repair/dinode.c
|
||||
+++ b/repair/dinode.c
|
||||
@@ -319,7 +319,8 @@ verify_ag_bno(xfs_sb_t *sbp,
|
||||
return (agbno >= sbp->sb_agblocks);
|
||||
if (agno == (sbp->sb_agcount - 1))
|
||||
return (agbno >= (sbp->sb_dblocks -
|
||||
- ((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
|
||||
+ ((xfs_drfsbno_t)(sbp->sb_agcount - 1) *
|
||||
+ sbp->sb_agblocks)));
|
||||
return 1;
|
||||
}
|
||||
|
||||
diff --git a/repair/phase5.c b/repair/phase5.c
|
||||
index 2c243b6..26f5aa2 100644
|
||||
--- a/repair/phase5.c
|
||||
+++ b/repair/phase5.c
|
||||
@@ -113,7 +113,8 @@ mk_incore_fstree(xfs_mount_t *mp, xfs_agnumber_t agno)
|
||||
ag_end = mp->m_sb.sb_agblocks;
|
||||
else
|
||||
ag_end = mp->m_sb.sb_dblocks -
|
||||
- mp->m_sb.sb_agblocks * (mp->m_sb.sb_agcount - 1);
|
||||
+ (xfs_drfsbno_t)mp->m_sb.sb_agblocks *
|
||||
+ (mp->m_sb.sb_agcount - 1);
|
||||
|
||||
/*
|
||||
* ok, now find the number of extents, keep track of the
|
||||
diff --git a/db/metadump.c b/db/metadump.c
|
||||
index 19aed4f..ef6e571 100644
|
||||
--- a/db/metadump.c
|
||||
+++ b/db/metadump.c
|
||||
@@ -222,7 +222,8 @@ valid_bno(
|
||||
return 1;
|
||||
if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
|
||||
agbno <= (mp->m_sb.sb_dblocks -
|
||||
- (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
|
||||
+ (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
|
||||
+ mp->m_sb.sb_agblocks))
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Utilities for managing the XFS filesystem
|
||||
Name: xfsprogs
|
||||
Version: 3.0.1
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
# Licensing based on generic "GNU GENERAL PUBLIC LICENSE"
|
||||
# in source, with no mention of version.
|
||||
# doc/COPYING file specifies what is GPL and what is LGPL
|
||||
@ -20,8 +20,9 @@ Conflicts: xfsdump < 3.0.1
|
||||
# These are upstream
|
||||
Patch0: xfsprogs-3.0.1-readline.patch
|
||||
Patch1: xfsprogs-3.0.1-fallocate.patch
|
||||
Patch2: xfsprogs-3.0.1-overflows.patch
|
||||
# This one, not yet
|
||||
Patch2: xfsprogs-3.0.1-mkfs-lazy-count-default.patch
|
||||
Patch3: xfsprogs-3.0.1-mkfs-lazy-count-default.patch
|
||||
|
||||
%description
|
||||
A set of commands to use the XFS filesystem, including mkfs.xfs.
|
||||
@ -69,6 +70,7 @@ in building or running the xfstests QA suite.
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
export tagname=CC DEBUG=-DNDEBUG
|
||||
@ -195,6 +197,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_includedir}/xfs/xfs_types.h
|
||||
|
||||
%changelog
|
||||
* Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-9
|
||||
- Fix block overflows in xfs_repair and xfs_metadump
|
||||
|
||||
* Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-8
|
||||
- Fix up build-requires after e2fsprogs splitup
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user