1. 21 2月, 2012 3 次提交
    • T
      ext4: fix INCOMPAT feature codepoint reservation for INLINEDATA · 856cbcf9
      Theodore Ts'o 提交于
      In commit 9b90e5e0 I incorrectly reserved the wrong bit for
      EXT4_FEATURE_INCOMPAT_INLINEDATA per the discussion on the linux-ext4
      list on December 7, 2011.  The codepoint 0x2000 should be used for
      EXT4_FEATURE_INCOMPAT_USE_META_CSUM, so INLINEDATA will be assigned
      the value 0x8000.
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      856cbcf9
    • L
      ext4: ignore EXT4_INODE_JOURNAL_DATA flag with delalloc · 3d2b1582
      Lukas Czerner 提交于
      Ext4 does not support data journalling with delayed allocation enabled.
      We even do not allow to mount the file system with delayed allocation
      and data journalling enabled, however it can be set via FS_IOC_SETFLAGS
      so we can hit the inode with EXT4_INODE_JOURNAL_DATA set even on file
      system mounted with delayed allocation (default) and that's where
      problem arises. The easies way to reproduce this problem is with the
      following set of commands:
      
       mkfs.ext4 /dev/sdd
       mount /dev/sdd /mnt/test1
       dd if=/dev/zero of=/mnt/test1/file bs=1M count=4
       chattr +j /mnt/test1/file
       dd if=/dev/zero of=/mnt/test1/file bs=1M count=4 conv=notrunc
       chattr -j /mnt/test1/file
      
      Additionally it can be reproduced quite reliably with xfstests 272 and
      269. In fact the above reproducer is a part of test 272.
      
      To fix this we should ignore the EXT4_INODE_JOURNAL_DATA inode flag if
      the file system is mounted with delayed allocation. This can be easily
      done by fixing ext4_should_*_data() functions do ignore data journal
      flag when delalloc is set (suggested by Ted). We also have to set the
      appropriate address space operations for the inode (again, ignoring data
      journal flag if delalloc enabled).
      
      Additionally this commit introduces ext4_inode_journal_mode() function
      because ext4_should_*_data() has already had a lot of common code and
      this change is putting it all into one function so it is easier to
      read.
      
      Successfully tested with xfstests in following configurations:
      
      delalloc + data=ordered
      delalloc + data=writeback
      data=journal
      nodelalloc + data=ordered
      nodelalloc + data=writeback
      nodelalloc + data=journal
      Signed-off-by: NLukas Czerner <lczerner@redhat.com>
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      3d2b1582
    • T
      ext4: fix race when setting bitmap_uptodate flag · 813e5727
      Theodore Ts'o 提交于
      In ext4_read_{inode,block}_bitmap() we were setting bitmap_uptodate()
      before submitting the buffer for read.  The is bad, since we check
      bitmap_uptodate() without locking the buffer, and so if another
      process is racing with us, it's possible that they will think the
      bitmap is uptodate even though the read has not completed yet,
      resulting in inodes and blocks potentially getting allocated more than
      once if we get really unlucky.
      
      Addresses-Google-Bug: 2828254
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      813e5727
  2. 07 2月, 2012 1 次提交
  3. 11 1月, 2012 1 次提交
    • X
      ext4: fix undefined behavior in ext4_fill_flex_info() · d50f2ab6
      Xi Wang 提交于
      Commit 503358ae ("ext4: avoid divide by
      zero when trying to mount a corrupted file system") fixes CVE-2009-4307
      by performing a sanity check on s_log_groups_per_flex, since it can be
      set to a bogus value by an attacker.
      
      	sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
      	groups_per_flex = 1 << sbi->s_log_groups_per_flex;
      
      	if (groups_per_flex < 2) { ... }
      
      This patch fixes two potential issues in the previous commit.
      
      1) The sanity check might only work on architectures like PowerPC.
      On x86, 5 bits are used for the shifting amount.  That means, given a
      large s_log_groups_per_flex value like 36, groups_per_flex = 1 << 36
      is essentially 1 << 4 = 16, rather than 0.  This will bypass the check,
      leaving s_log_groups_per_flex and groups_per_flex inconsistent.
      
      2) The sanity check relies on undefined behavior, i.e., oversized shift.
      A standard-confirming C compiler could rewrite the check in unexpected
      ways.  Consider the following equivalent form, assuming groups_per_flex
      is unsigned for simplicity.
      
      	groups_per_flex = 1 << sbi->s_log_groups_per_flex;
      	if (groups_per_flex == 0 || groups_per_flex == 1) {
      
      We compile the code snippet using Clang 3.0 and GCC 4.6.  Clang will
      completely optimize away the check groups_per_flex == 0, leaving the
      patched code as vulnerable as the original.  GCC keeps the check, but
      there is no guarantee that future versions will do the same.
      Signed-off-by: NXi Wang <xi.wang@gmail.com>
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      d50f2ab6
  4. 10 1月, 2012 1 次提交
  5. 09 1月, 2012 3 次提交
  6. 07 1月, 2012 2 次提交
  7. 05 1月, 2012 8 次提交
  8. 04 1月, 2012 16 次提交
  9. 29 12月, 2011 5 次提交