The patch titled
knfsd: Make ext3 reject filehandles referring to invalid inode number
has been removed from the -mm tree. Its filename is
knfsd-make-ext3-reject-filehandles-referring-to-invalid-inode-numbers.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: knfsd: Make ext3 reject filehandles referring to invalid inode number
From: NeilBrown <neilb@xxxxxxx>
Inodes earlier than the 'first' inode (e.g. journal, resize) should be
rejected early - except the root inode. Also inode numbers that are too
big should be rejected early.
[akpm@xxxxxxxx: cleanup]
Signed-off-by: Neil Brown <neilb@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/ext3/super.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff -puN fs/ext3/super.c~knfsd-make-ext3-reject-filehandles-referring-to-invalid-inode-numbers fs/ext3/super.c
--- a/fs/ext3/super.c~knfsd-make-ext3-reject-filehandles-referring-to-invalid-inode-numbers
+++ a/fs/ext3/super.c
@@ -554,6 +554,47 @@ static int ext3_show_options(struct seq_
return 0;
}
+
+static struct dentry *ext3_get_dentry(struct super_block *sb, void *vobjp)
+{
+ __u32 *objp = vobjp;
+ unsigned long ino = objp[0];
+ __u32 generation = objp[1];
+ struct inode *inode;
+ struct dentry *result;
+
+ if (ino < EXT3_FIRST_INO(sb) && ino != EXT3_ROOT_INO)
+ return ERR_PTR(-ESTALE);
+ if (ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count))
+ return ERR_PTR(-ESTALE);
+
+ /* iget isn't really right if the inode is currently unallocated!!
+ *
+ * ext3_read_inode will return a bad_inode if the inode had been
+ * deleted, so we should be safe.
+ *
+ * Currently we don't know the generation for parent directory, so
+ * a generation of 0 means "accept any"
+ */
+ inode = iget(sb, ino);
+ if (inode == NULL)
+ return ERR_PTR(-ENOMEM);
+ if (is_bad_inode(inode) ||
+ (generation && inode->i_generation != generation)) {
+ iput(inode);
+ return ERR_PTR(-ESTALE);
+ }
+ /* now to find a dentry.
+ * If possible, get a well-connected one
+ */
+ result = d_alloc_anon(inode);
+ if (!result) {
+ iput(inode);
+ return ERR_PTR(-ENOMEM);
+ }
+ return result;
+}
+
#ifdef CONFIG_QUOTA
#define QTYPE2NAME(t) ((t)==USRQUOTA?"user":"group")
#define QTYPE2MOPT(on, t) ((t)==USRQUOTA?((on)##USRJQUOTA):((on)##GRPJQUOTA))
@@ -622,6 +663,7 @@ static struct super_operations ext3_sops
static struct export_operations ext3_export_ops = {
.get_parent = ext3_get_parent,
+ .get_dentry = ext3_get_dentry,
};
enum {
_
Patches currently in -mm which might be from neilb@xxxxxxx are
origin.patch
vfs-destroy-the-dentries-contributed-by-a-superblock-on-unmounting.patch
knfsd-knfsd-add-some-missing-newlines-in-printks.patch
knfsd-knfsd-remove-an-unused-variable-from-e_show.patch
knfsd-knfsd-remove-an-unused-variable-from-auth_unix_lookup.patch
knfsd-add-a-callback-for-when-last-rpc-thread-finishes.patch
knfsd-add-a-callback-for-when-last-rpc-thread-finishes-tidy.patch
knfsd-be-more-selective-in-which-sockets-lockd-listens-on.patch
knfsd-remove-nfsd_versbits-as-intermediate-storage-for-desired-versions.patch
knfsd-separate-out-some-parts-of-nfsd_svc-which-start-nfs-servers.patch
knfsd-separate-out-some-parts-of-nfsd_svc-which-start-nfs-servers-tweaks.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports-tidy.patch
knfsd-define-new-nfsdfs-file-portlist-contains-list-of-ports-fix.patch
knfsd-allow-sockets-to-be-passed-to-nfsd-via-portlist.patch
knfsd-use-seq_start_token-instead-of-hardcoded-magic-void1.patch
knfsd-drop-serv-option-to-svc_recv-and-svc_process.patch
knfsd-drop-serv-option-to-svc_recv-and-svc_process-nfs-callback-fix-nfs-callback-fix.patch
knfsd-check-return-value-of-lockd_up-in-write_ports.patch
knfsd-move-makesock-failed-warning-into-make_socks.patch
knfsd-correctly-handle-error-condition-from-lockd_up.patch
knfsd-move-tempsock-aging-to-a-timer.patch
knfsd-move-tempsock-aging-to-a-timer-tidy.patch
knfsd-convert-sk_inuse-to-atomic_t.patch
knfsd-use-new-lock-for-svc_sock-deferred-list.patch
knfsd-convert-sk_reserved-to-atomic_t.patch
knfsd-test-and-set-sk_busy-atomically.patch
knfsd-split-svc_serv-into-pools.patch
knfsd-split-svc_serv-into-pools-fix.patch
knfsd-add-svc_get.patch
knfsd-add-svc_set_num_threads.patch
knfsd-use-svc_set_num_threads-to-manage-threads-in-knfsd.patch
knfsd-make-rpc-threads-pools-numa-aware.patch
knfsd-make-rpc-threads-pools-numa-aware-fix.patch
knfsd-allow-admin-to-set-nthreads-per-node.patch
nfsd-lockdep-annotation.patch
knfsd-nfsd-lockdep-annotation-fix.patch
knfsd-call-lockd_down-when-closing-a-socket-via-a-write-to-nfsd-portlist.patch
knfsd-protect-update-to-sn_nrthreads-with-lock_kernel.patch
knfsd-fixed-handling-of-lockd-fail-when-adding-nfsd-socket.patch
knfsd-replace-two-page-lists-in-struct-svc_rqst-with-one.patch
knfsd-replace-two-page-lists-in-struct-svc_rqst-with-one-fix.patch
knfsd-avoid-excess-stack-usage-in-svc_tcp_recvfrom.patch
knfsd-prepare-knfsd-for-support-of-rsize-wsize-of-up-to-1mb-over-tcp.patch
knfsd-allow-max-size-of-nfsd-payload-to-be-configured.patch
knfsd-make-nfsd-readahead-params-cache-smp-friendly.patch
knfsd-knfsd-cache-ipmap-per-tcp-socket.patch
knfsd-hide-use-of-lockds-h_monitored-flag.patch
knfsd-consolidate-common-code-for-statd-lockd-notification.patch
knfsd-when-looking-up-a-lockd-host-pass-hostname-length.patch
knfsd-lockd-introduce-nsm_handle.patch
knfsd-lockd-introduce-nsm_handle-fix.patch
knfsd-misc-minor-fixes-indentation-changes.patch
knfsd-lockd-make-nlm_host_rebooted-use-the-nsm_handle.patch
knfsd-lockd-make-the-nsm-upcalls-use-the-nsm_handle.patch
knfsd-lockd-make-the-hash-chains-use-a-hlist_node.patch
knfsd-lockd-change-list-of-blocked-list-to-list_node.patch
knfsd-change-nlm_file-to-use-a-hlist.patch
knfsd-lockd-make-nlm_traverse_-more-flexible.patch
knfsd-lockd-add-nlm_destroy_host.patch
knfsd-simplify-nlmsvc_invalidate_all.patch
knfsd-lockd-optionally-use-hostnames-for-identifying-peers.patch
knfsd-make-nlmclnt_next_cookie-smp-safe.patch
knfsd-match-granted_res-replies-using-cookies.patch
knfsd-export-nsm_local_state-to-user-space-via-sysctl.patch
knfsd-lockd-fix-use-of-h_nextrebind.patch
knfsd-register-all-rpc-programs-with-portmapper-by-default.patch
knfsd-lockd-introduce-nsm_handle-sem2mutex.patch
knfsd-svcrpc-gss-factor-out-some-common-wrapping-code.patch
knfsd-svcrpc-gss-fix-failure-on-svc_denied-in-integrity-case.patch
knfsd-svcrpc-use-consistent-variable-name-for-the-reply-state.patch
knfsd-nfsd4-refactor-exp_pseudoroot.patch
knfsd-nfsd4-clean-up-exp_pseudoroot.patch
knfsd-nfsd4-acls-relax-the-nfsv4-posix-mapping.patch
knfsd-nfsd4-acls-fix-inheritance.patch
knfsd-nfsd4-acls-simplify-nfs4_acl_nfsv4_to_posix-interface.patch
knfsd-nfsd4-acls-fix-handling-of-zero-length-acls.patch
md-the-scheduled-removal-of-the-start_array-ioctl-for-md.patch
md-fix-a-comment-that-is-wrong-in-raid5h.patch
md-factor-out-part-of-raid10d-into-a-separate-function.patch
md-replace-magic-numbers-in-sb_dirty-with-well-defined-bit-flags.patch
md-remove-the-working_disks-and-failed_disks-from-raid5-state-data.patch
md-remove-working_disks-from-raid10-state.patch
md-new-sysfs-interface-for-setting-bits-in-the-write-intent-bitmap.patch
md-remove-unnecessary-variable-x-in-stripe_to_pdidx.patch
md-factor-out-part-of-raid1d-into-a-separate-function.patch
md-remove-working_disks-from-raid1-state-data.patch
md-improve-locking-around-error-handling.patch
md-define-backing_dev_infocongested_fn-for-raid0-and-linear.patch
md-define-congested_fn-for-raid1-raid10-and-multipath.patch
md-add-a-congested_fn-function-for-raid5-6.patch
md-make-messages-about-resync-recovery-etc-more-specific.patch
md-dm-reduce-stack-usage-with-stacked-block-devices.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
