- ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled

     ext3: avoid triggering ext3_error on bad NFS file handle

has been removed from the -mm tree.  Its filename is

     ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle.patch

This patch was dropped because it was merged into mainline or a subsystem tree

------------------------------------------------------
Subject: ext3: avoid triggering ext3_error on bad NFS file handle
From: Neil Brown <neilb@xxxxxxx>

The inode number out of an NFS file handle gets passed eventually to
ext3_get_inode_block() without any checking.  If ext3_get_inode_block()
allows it to trigger an error, then bad filehandles can have unpleasant
effect - ext3_error() will usually cause a forced read-only remount, or a
panic if `errors=panic' was used.

So remove the call to ext3_error there and put a matching check in
ext3/namei.c where inode numbers are read off storage.

[akpm@xxxxxxxx: fix off-by-one error]
Signed-off-by: Neil Brown <neilb@xxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxx>
Cc: "Stephen C. Tweedie" <sct@xxxxxxxxxx>
Cc: Eric Sandeen <esandeen@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/ext3/inode.c         |   13 +++++++------
 fs/ext3/namei.c         |   15 +++++++++++++--
 include/linux/ext3_fs.h |    9 +++++++++
 3 files changed, 29 insertions(+), 8 deletions(-)

diff -puN fs/ext3/inode.c~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle fs/ext3/inode.c
--- a/fs/ext3/inode.c~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle
+++ a/fs/ext3/inode.c
@@ -2402,14 +2402,15 @@ static ext3_fsblk_t ext3_get_inode_block
 	struct buffer_head *bh;
 	struct ext3_group_desc * gdp;
 
-
-	if ((ino != EXT3_ROOT_INO && ino != EXT3_JOURNAL_INO &&
-		ino != EXT3_RESIZE_INO && ino < EXT3_FIRST_INO(sb)) ||
-		ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count)) {
-		ext3_error(sb, "ext3_get_inode_block",
-			    "bad inode number: %lu", ino);
+	if (!ext3_valid_inum(sb, ino)) {
+		/*
+		 * This error is already checked for in namei.c unless we are
+		 * looking at an NFS filehandle, in which case no error
+		 * report is needed
+		 */
 		return 0;
 	}
+
 	block_group = (ino - 1) / EXT3_INODES_PER_GROUP(sb);
 	if (block_group >= EXT3_SB(sb)->s_groups_count) {
 		ext3_error(sb,"ext3_get_inode_block","group >= groups count");
diff -puN fs/ext3/namei.c~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle fs/ext3/namei.c
--- a/fs/ext3/namei.c~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle
+++ a/fs/ext3/namei.c
@@ -1000,7 +1000,12 @@ static struct dentry *ext3_lookup(struct
 	if (bh) {
 		unsigned long ino = le32_to_cpu(de->inode);
 		brelse (bh);
-		inode = iget(dir->i_sb, ino);
+		if (!ext3_valid_inum(dir->i_sb, ino)) {
+			ext3_error(dir->i_sb, "ext3_lookup",
+				   "bad inode number: %lu", ino);
+			inode = NULL;
+		} else
+			inode = iget(dir->i_sb, ino);
 
 		if (!inode)
 			return ERR_PTR(-EACCES);
@@ -1028,7 +1033,13 @@ struct dentry *ext3_get_parent(struct de
 		return ERR_PTR(-ENOENT);
 	ino = le32_to_cpu(de->inode);
 	brelse(bh);
-	inode = iget(child->d_inode->i_sb, ino);
+
+	if (!ext3_valid_inum(child->d_inode->i_sb, ino)) {
+		ext3_error(child->d_inode->i_sb, "ext3_get_parent",
+			   "bad inode number: %lu", ino);
+		inode = NULL;
+	} else
+		inode = iget(child->d_inode->i_sb, ino);
 
 	if (!inode)
 		return ERR_PTR(-EACCES);
diff -puN include/linux/ext3_fs.h~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle include/linux/ext3_fs.h
--- a/include/linux/ext3_fs.h~ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle
+++ a/include/linux/ext3_fs.h
@@ -492,6 +492,15 @@ static inline struct ext3_inode_info *EX
 {
 	return container_of(inode, struct ext3_inode_info, vfs_inode);
 }
+
+static inline int ext3_valid_inum(struct super_block *sb, unsigned long ino)
+{
+	return ino == EXT3_ROOT_INO ||
+		ino == EXT3_JOURNAL_INO ||
+		ino == EXT3_RESIZE_INO ||
+		(ino >= EXT3_FIRST_INO(sb) &&
+		 ino <= le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count));
+}
 #else
 /* Assume that user mode programs are passing in an ext3fs superblock, not
  * a kernel struct super_block.  This will allow us to call the feature-test
_

Patches currently in -mm which might be from neilb@xxxxxxx are

origin.patch
md-fix-a-bug-that-recently-crept-into-md-linear.patch
knfsd-knfsd-add-some-missing-newlines-in-printks.patch
knfsd-knfsd-remove-an-unused-variable-from-e_show.patch
knfsd-knfsd-remove-an-unused-variable-from-auth_unix_lookup.patch
knfsd-add-a-callback-for-when-last-rpc-thread-finishes.patch
knfsd-add-a-callback-for-when-last-rpc-thread-finishes-tidy.patch
knfsd-be-more-selective-in-which-sockets-lockd-listens-on.patch
knfsd-remove-nfsd_versbits-as-intermediate-storage-for-desired-versions.patch
knfsd-separate-out-some-parts-of-nfsd_svc-which-start-nfs-servers.patch
knfsd-separate-out-some-parts-of-nfsd_svc-which-start-nfs-servers-tweaks.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports-tidy.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports-fix.patch
knfsd-allow-sockets-to-be-passed-to-nfsd-via-portlist.patch
knfsd-use-seq_start_token-instead-of-hardcoded-magic-void1.patch
knfsd-have-ext2-reject-file-handles-with-bad-inode-numbers-early.patch
knfsd-have-ext2-reject-file-handles-with-bad-inode-numbers-early-tidy.patch
knfsd-make-ext3-reject-filehandles-referring-to-invalid-inode-numbers.patch
knfsd-make-ext3-reject-filehandles-referring-to-invalid-inode-numbers-tidy.patch
knfsd-drop-serv-option-to-svc_recv-and-svc_process.patch
knfsd-drop-serv-option-to-svc_recv-and-svc_process-nfs-callback-fix-nfs-callback-fix.patch
knfsd-check-return-value-of-lockd_up-in-write_ports.patch
knfsd-move-makesock-failed-warning-into-make_socks.patch
knfsd-correctly-handle-error-condition-from-lockd_up.patch
knfsd-move-tempsock-aging-to-a-timer.patch
knfsd-move-tempsock-aging-to-a-timer-tidy.patch
knfsd-convert-sk_inuse-to-atomic_t.patch
knfsd-use-new-lock-for-svc_sock-deferred-list.patch
knfsd-convert-sk_reserved-to-atomic_t.patch
knfsd-test-and-set-sk_busy-atomically.patch
knfsd-split-svc_serv-into-pools.patch
knfsd-add-svc_get.patch
knfsd-add-svc_set_num_threads.patch
knfsd-use-svc_set_num_threads-to-manage-threads-in-knfsd.patch
knfsd-make-rpc-threads-pools-numa-aware.patch
knfsd-allow-admin-to-set-nthreads-per-node.patch
md-the-scheduled-removal-of-the-start_array-ioctl-for-md.patch
md-fix-a-comment-that-is-wrong-in-raid5h.patch
md-factor-out-part-of-raid1d-into-a-separate-function.patch
md-factor-out-part-of-raid10d-into-a-separate-function.patch
md-replace-magic-numbers-in-sb_dirty-with-well-defined-bit-flags.patch
md-remove-the-working_disks-and-failed_disks-from-raid5-state-data.patch
md-remove-working_disks-from-raid10-state.patch
md-remove-working_disks-from-raid1-state-data.patch
md-improve-locking-around-error-handling.patch
md-dm-reduce-stack-usage-with-stacked-block-devices.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux