1. 22 Jan, 2010 1 commit
    • Theodore Ts'o's avatar
      ext4: Add block validity check when truncating indirect block mapped inodes · 1f2acb60
      Theodore Ts'o authored
      Add checks to ext4_free_branches() to make sure a block number found
      in an indirect block are valid before trying to free it.  If a bad
      block number is found, stop freeing the indirect block immediately,
      since the file system is corrupt and we will need to run fsck anyway.
      This also avoids spamming the logs, and specifically avoids
      driver-level "attempt to access beyond end of device" errors obscure
      what is really going on.
      
      If you get *really*, *really*, *really* unlucky, without this patch, a
      supposed indirect block containing garbage might contain a reference
      to a primary block group descriptor, in which case
      ext4_free_branches() could end up zero'ing out a block group
      descriptor block, and if then one of the block bitmaps for a block
      group described by that bg descriptor block is not in memory, and is
      read in by ext4_read_block_bitmap().  This function calls
      ext4_valid_block_bitmap(), which assumes that bg_inode_table() was
      validated at mount time and hasn't been modified since.  Since this
      assumption is no longer valid, it's possible for the value
      (ext4_inode_table(sb, desc) - group_first_block) to go negative, which
      will cause ext4_find_next_zero_bit() to trigger a kernel GPF.
      
      Addresses-Google-Bug: #2220436
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      1f2acb60
  2. 16 Feb, 2010 1 commit
    • Eric Sandeen's avatar
      ext4: Fix optional-arg mount options · 15121c18
      Eric Sandeen authored
      We have 2 mount options, "barrier" and "auto_da_alloc" which may or
      may not take a 1/0 argument.  This causes the ext4 superblock mount
      code to subtract uninitialized pointers and pass the result to
      kmalloc, which results in very noisy failures.
      
      Per Ted's suggestion, initialize the args struct so that
      we know whether match_token() found an argument for the
      option, and skip match_int() if not.
      
      Also, return error (0) from parse_options if we thought
      we found an argument, but match_int() Fails.
      Reported-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      15121c18
  3. 05 Feb, 2010 1 commit
  4. 12 Feb, 2010 12 commits
  5. 11 Feb, 2010 25 commits