提交 06a279d6 编写于 作者: T Theodore Ts'o

ext4: only use i_size_high for regular files

Directories are not allowed to be bigger than 2GB, so don't use
i_size_high for anything other than regular files.  E2fsck should
complain about these inodes, but the simplest thing to do for the
kernel is to only use i_size_high for regular files.

This prevents an intentially corrupted filesystem from causing the
kernel to burn a huge amount of CPU and issuing error messages such
as:

EXT4-fs warning (device loop0): ext4_block_to_path: block 135090028 > max

Thanks to David Maciejak from Fortinet's FortiGuard Global Security
Research Team for reporting this issue.

http://bugzilla.kernel.org/show_bug.cgi?id=12375Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@kernel.org
上级 c225aa57
...@@ -1206,8 +1206,11 @@ static inline void ext4_r_blocks_count_set(struct ext4_super_block *es, ...@@ -1206,8 +1206,11 @@ static inline void ext4_r_blocks_count_set(struct ext4_super_block *es,
static inline loff_t ext4_isize(struct ext4_inode *raw_inode) static inline loff_t ext4_isize(struct ext4_inode *raw_inode)
{ {
return ((loff_t)le32_to_cpu(raw_inode->i_size_high) << 32) | if (S_ISREG(le16_to_cpu(raw_inode->i_mode)))
le32_to_cpu(raw_inode->i_size_lo); return ((loff_t)le32_to_cpu(raw_inode->i_size_high) << 32) |
le32_to_cpu(raw_inode->i_size_lo);
else
return (loff_t) le32_to_cpu(raw_inode->i_size_lo);
} }
static inline void ext4_isize_set(struct ext4_inode *raw_inode, loff_t i_size) static inline void ext4_isize_set(struct ext4_inode *raw_inode, loff_t i_size)
......
...@@ -360,9 +360,9 @@ static int ext4_block_to_path(struct inode *inode, ...@@ -360,9 +360,9 @@ static int ext4_block_to_path(struct inode *inode,
final = ptrs; final = ptrs;
} else { } else {
ext4_warning(inode->i_sb, "ext4_block_to_path", ext4_warning(inode->i_sb, "ext4_block_to_path",
"block %lu > max", "block %lu > max in inode %lu",
i_block + direct_blocks + i_block + direct_blocks +
indirect_blocks + double_blocks); indirect_blocks + double_blocks, inode->i_ino);
} }
if (boundary) if (boundary)
*boundary = final - 1 - (i_block & (ptrs - 1)); *boundary = final - 1 - (i_block & (ptrs - 1));
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册