Hi, 2013-12-23 (월), 11:12 +0800, Chao Yu: > In current flow, we will get Null return value of f2fs_find_entry in > recover_dentry when name.len is bigger than F2FS_NAME_LEN, and then we > still add this inode into its dir entry. > To avoid this situation, we must check filename length before we use it. > > Another point is that we could remove the code of checking filename length > In f2fs_find_entry, because f2fs_lookup will be called previously to ensure of > validity of filename length. The f2fs_find_entry is called by f2fs_unlink and f2fs_rename too. So, you can't remove this, instead it'd be better remove it from f2fs_lookup. Thanks, > > V2: > o add WARN_ON() as Jaegeuk Kim suggested. > > Signed-off-by: Chao Yu <chao2.yu@xxxxxxxxxxx> > --- > fs/f2fs/dir.c | 3 --- > fs/f2fs/recovery.c | 6 ++++++ > 2 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c > index 07ad850..f0b4630 100644 > --- a/fs/f2fs/dir.c > +++ b/fs/f2fs/dir.c > @@ -190,9 +190,6 @@ struct f2fs_dir_entry *f2fs_find_entry(struct inode *dir, > unsigned int max_depth; > unsigned int level; > > - if (unlikely(namelen > F2FS_NAME_LEN)) > - return NULL; > - > if (npages == 0) > return NULL; > > diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c > index a3f4542..4d411a2 100644 > --- a/fs/f2fs/recovery.c > +++ b/fs/f2fs/recovery.c > @@ -62,6 +62,12 @@ static int recover_dentry(struct page *ipage, struct inode *inode) > > name.len = le32_to_cpu(raw_inode->i_namelen); > name.name = raw_inode->i_name; > + > + if (unlikely(name.len > F2FS_NAME_LEN)) { > + WARN_ON(1); > + err = -ENAMETOOLONG; > + goto out; > + } > retry: > de = f2fs_find_entry(dir, &name, &page); > if (de && inode->i_ino == le32_to_cpu(de->ino)) -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html