Hi,
2013-12-23 (월), 11:12 +0800, Chao Yu:
> In current flow, we will get Null return value of f2fs_find_entry in
> recover_dentry when name.len is bigger than F2FS_NAME_LEN, and then we
> still add this inode into its dir entry.
> To avoid this situation, we must check filename length before we use it.
>
> Another point is that we could remove the code of checking filename length
> In f2fs_find_entry, because f2fs_lookup will be called previously to ensure of
> validity of filename length.
The f2fs_find_entry is called by f2fs_unlink and f2fs_rename too.
So, you can't remove this, instead it'd be better remove it from
f2fs_lookup.
Thanks,
>
> V2:
> o add WARN_ON() as Jaegeuk Kim suggested.
>
> Signed-off-by: Chao Yu <chao2.yu@xxxxxxxxxxx>
> ---
> fs/f2fs/dir.c | 3 ---
> fs/f2fs/recovery.c | 6 ++++++
> 2 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
> index 07ad850..f0b4630 100644
> --- a/fs/f2fs/dir.c
> +++ b/fs/f2fs/dir.c
> @@ -190,9 +190,6 @@ struct f2fs_dir_entry *f2fs_find_entry(struct inode *dir,
> unsigned int max_depth;
> unsigned int level;
>
> - if (unlikely(namelen > F2FS_NAME_LEN))
> - return NULL;
> -
> if (npages == 0)
> return NULL;
>
> diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
> index a3f4542..4d411a2 100644
> --- a/fs/f2fs/recovery.c
> +++ b/fs/f2fs/recovery.c
> @@ -62,6 +62,12 @@ static int recover_dentry(struct page *ipage, struct inode *inode)
>
> name.len = le32_to_cpu(raw_inode->i_namelen);
> name.name = raw_inode->i_name;
> +
> + if (unlikely(name.len > F2FS_NAME_LEN)) {
> + WARN_ON(1);
> + err = -ENAMETOOLONG;
> + goto out;
> + }
> retry:
> de = f2fs_find_entry(dir, &name, &page);
> if (de && inode->i_ino == le32_to_cpu(de->ino))
--
Jaegeuk Kim
Samsung
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
