提交 f171d4d7 编写于 作者: A Artem Bityutskiy

UBIFS: fix division by zero

If fanout is 3, we have division by zero in
'ubifs_read_superblock()':

divide error: 0000 [#1] PREEMPT SMP

Pid: 28744, comm: mount Not tainted (2.6.27-rc4-ubifs-2.6 #23)
EIP: 0060:[<f8f9e3ef>] EFLAGS: 00010202 CPU: 0
EIP is at ubifs_reported_space+0x2d/0x69 [ubifs]
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: f0ae64b0 EBP: f1f9fcf4 ESP: f1f9fce0
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Signed-off-by: NArtem Bityutskiy <Artem.Bityutskiy@nokia.com>
上级 7c7cbadf
...@@ -723,24 +723,25 @@ void ubifs_release_dirty_inode_budget(struct ubifs_info *c, ...@@ -723,24 +723,25 @@ void ubifs_release_dirty_inode_budget(struct ubifs_info *c,
*/ */
long long ubifs_reported_space(const struct ubifs_info *c, uint64_t free) long long ubifs_reported_space(const struct ubifs_info *c, uint64_t free)
{ {
int divisor, factor; int divisor, factor, f;
/* /*
* Reported space size is @free * X, where X is UBIFS block size * Reported space size is @free * X, where X is UBIFS block size
* divided by UBIFS block size + all overhead one data block * divided by UBIFS block size + all overhead one data block
* introduces. The overhead is the node header + indexing overhead. * introduces. The overhead is the node header + indexing overhead.
* *
* Indexing overhead is calculations are based on the following * Indexing overhead calculations are based on the following formula:
* formula: I = N/(f - 1) + 1, where I - number of indexing nodes, N - * I = N/(f - 1) + 1, where I - number of indexing nodes, N - number
* number of data nodes, f - fanout. Because effective UBIFS fanout is * of data nodes, f - fanout. Because effective UBIFS fanout is twice
* twice as less than maximum fanout, we assume that each data node * as less than maximum fanout, we assume that each data node
* introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes. * introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes.
* Note, the multiplier 3 is because UBIFS reseves thrice as more space * Note, the multiplier 3 is because UBIFS reseves thrice as more space
* for the index. * for the index.
*/ */
f = c->fanout > 3 ? c->fanout >> 1 : 2;
factor = UBIFS_BLOCK_SIZE; factor = UBIFS_BLOCK_SIZE;
divisor = UBIFS_MAX_DATA_NODE_SZ; divisor = UBIFS_MAX_DATA_NODE_SZ;
divisor += (c->max_idx_node_sz * 3) / ((c->fanout >> 1) - 1); divisor += (c->max_idx_node_sz * 3) / (f - 1);
free *= factor; free *= factor;
do_div(free, divisor); do_div(free, divisor);
return free; return free;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册