Hello, Thank you! I have tried this patch against v4.17 kernel. Considering the original bug report (https://www.spinics.net/lists/kernel/msg2820542.html), now it returns Input/output errors: /init: line 8: can't create /mnt/1111111111111111111111111111111111111111111111111111111111111111111111111: Input/output error ln: /mnt/foo: Input/output error ... and does not page faults, as expected. чт, 14 июн. 2018 г. в 18:28, Jan Kara <jack@xxxxxxx>: > > Detect when a directory entry is (possibly partially) beyond directory > size and return EIO in that case since it means the filesystem is > corrupted. Otherwise directory operations can further corrupt the > directory and possibly also oops the kernel. > > CC: Anatoly Trosinenko <anatoly.trosinenko@xxxxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > Reported-by: Anatoly Trosinenko <anatoly.trosinenko@xxxxxxxxx> > Signed-off-by: Jan Kara <jack@xxxxxxx> > --- > fs/udf/directory.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/udf/directory.c b/fs/udf/directory.c > index 0a98a2369738..3835f983cc99 100644 > --- a/fs/udf/directory.c > +++ b/fs/udf/directory.c > @@ -152,6 +152,9 @@ struct fileIdentDesc *udf_fileident_read(struct inode *dir, loff_t *nf_pos, > sizeof(struct fileIdentDesc)); > } > } > + /* Got last entry outside of dir size - fs is corrupted! */ > + if (*nf_pos > dir->i_size) > + return NULL; > return fi; > } > > -- > 2.16.4 >
