diff options
| author |  Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
| 2018-12-05 13:16:24 -0500 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
| 2018-12-05 13:23:38 -0500 |
| commit | 14a4467a0a5eacb2ebbe3aab1b4e25af3519c76a (patch) | |
| tree | 541647056606d3e0aa1e06e62d2b40417623f8cb /fs/xfs/libxfs/xfs_attr_leaf.c | |
| parent | media: pixfmt-meta-d4xx.rst: Add a license to it (diff) | |
| parent | Merge tag 'media/v4.20-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mc... (diff) | |
| download | linux-14a4467a0a5eacb2ebbe3aab1b4e25af3519c76a.tar.gz linux-14a4467a0a5eacb2ebbe3aab1b4e25af3519c76a.tar.bz2 linux-14a4467a0a5eacb2ebbe3aab1b4e25af3519c76a.zip | |
Merge commit '0072a0c14d5b7cb72c611d396f143f5dcd73ebe2' into patchwork
Merge from Upstream after the latest media fixes branch, because we
need one patch that it is there.
* commit '0072a0c14d5b7cb72c611d396f143f5dcd73ebe2': (1108 commits)
ide: Change to use DEFINE_SHOW_ATTRIBUTE macro
ide: pmac: add of_node_put()
drivers/tty: add missing of_node_put()
drivers/sbus/char: add of_node_put()
sbus: char: add of_node_put()
Linux 4.20-rc5
PCI: Fix incorrect value returned from pcie_get_speed_cap()
MAINTAINERS: Update linux-mips mailing list address
ocfs2: fix potential use after free
mm/khugepaged: fix the xas_create_range() error path
mm/khugepaged: collapse_shmem() do not crash on Compound
mm/khugepaged: collapse_shmem() without freezing new_page
mm/khugepaged: minor reorderings in collapse_shmem()
mm/khugepaged: collapse_shmem() remember to clear holes
mm/khugepaged: fix crashes due to misaccounted holes
mm/khugepaged: collapse_shmem() stop if punched or truncated
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
mm/huge_memory: splitting set mapping+index before unfreeze
mm/huge_memory: rename freeze_page() to unmap_page()
initramfs: clean old path before creating a hardlink
...
Diffstat (limited to 'fs/xfs/libxfs/xfs_attr_leaf.c')
| -rw-r--r-- | fs/xfs/libxfs/xfs_attr_leaf.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 6fc5425b1474..2652d00842d6 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -243,7 +243,7 @@ xfs_attr3_leaf_verify( struct xfs_mount *mp = bp->b_target->bt_mount; struct xfs_attr_leafblock *leaf = bp->b_addr; struct xfs_attr_leaf_entry *entries; - uint16_t end; + uint32_t end; /* must be 32bit - see below */ int i; xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &ichdr, leaf); @@ -293,6 +293,11 @@ xfs_attr3_leaf_verify( /* * Quickly check the freemap information. Attribute data has to be * aligned to 4-byte boundaries, and likewise for the free space. + * + * Note that for 64k block size filesystems, the freemap entries cannot + * overflow as they are only be16 fields. However, when checking end + * pointer of the freemap, we have to be careful to detect overflows and + * so use uint32_t for those checks. */ for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { if (ichdr.freemap[i].base > mp->m_attr_geo->blksize) @@ -303,7 +308,9 @@ xfs_attr3_leaf_verify( return __this_address; if (ichdr.freemap[i].size & 0x3) return __this_address; - end = ichdr.freemap[i].base + ichdr.freemap[i].size; + + /* be care of 16 bit overflows here */ + end = (uint32_t)ichdr.freemap[i].base + ichdr.freemap[i].size; if (end < ichdr.freemap[i].base) return __this_address; if (end > mp->m_attr_geo->blksize) |