From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> Strengthen the rtalloc range query checks to make sure that the keys do not run off the end of the realtime device inappropriately. Note that the query range functions require units of rt extents, not blocks, despite the type name. Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> --- fs/xfs/libxfs/xfs_rtbitmap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/xfs/libxfs/xfs_rtbitmap.c b/fs/xfs/libxfs/xfs_rtbitmap.c index 7712f282d172..1855182c11ec 100644 --- a/fs/xfs/libxfs/xfs_rtbitmap.c +++ b/fs/xfs/libxfs/xfs_rtbitmap.c @@ -1038,8 +1038,11 @@ xfs_rtalloc_query_range( if (low_rec->ar_startblock > high_rec->ar_startblock) return -EINVAL; - else if (low_rec->ar_startblock == high_rec->ar_startblock) + if (low_rec->ar_startblock >= mp->m_sb.sb_rextents || + low_rec->ar_startblock == high_rec->ar_startblock) return 0; + if (high_rec->ar_startblock >= mp->m_sb.sb_rextents) + high_rec->ar_startblock = mp->m_sb.sb_rextents - 1; /* Iterate the bitmap, looking for discrepancies. */ rtstart = low_rec->ar_startblock; @@ -1083,7 +1086,7 @@ xfs_rtalloc_query_all( struct xfs_rtalloc_rec keys[2]; keys[0].ar_startblock = 0; - keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rblocks; + keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rextents - 1; keys[0].ar_blockcount = keys[1].ar_blockcount = 0; return xfs_rtalloc_query_range(tp, &keys[0], &keys[1], fn, priv); -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
