Re: [PATCH?] reiserfs: prevent panic: don't allow %-char in journal dev. name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed 04-04-18 21:48:53, Jeff Mahoney wrote:
> On 4/4/18 9:45 PM, Andrew Morton wrote:
> > On Wed, 4 Apr 2018 18:25:16 -0700 Randy Dunlap <rdunlap@xxxxxxxxxxxxx> wrote:
> > 
> >> From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
> >>
> >> If the reiserfs mount option's journal name contains a '%' character,
> >> it can lead to a WARN_ONCE() in lib/vsprintf.c::format_decode(),
> >> saying: "Please remove unsupported %/ in format string."
> >> That's OK until panic_on_warn is set, at which point it's dead, Jim.
> >>
> >> To placate this situation, check the journal name string for a '%'
> >> character and return an error if one is found. Also print a warning
> >> (one that won't panic the kernel) about the invalid journal name (e.g.):
> >>
> >>   reiserfs: journal device name is invalid: %/file0
> >>
> >> (In this example, the caller app specified the journal device name as
> >> "%/file0".)
> >>
> > 
> > Well, that is a valid filename and we should support it...
> > 
> > Isn't the bug in journal_init_dev()?
> 
> Yep.  That's exactly it.
> 
> Acked-by: Jeff Mahoney <jeffm@xxxxxxxx>

Thanks. I've picked up the patch from Andrew, added his Signed-off-by (OK,
Andrew?), wrote a proper changelog and pushed it to my tree. The result is
attached.

								Honza
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
>From 121724c8bb9d5c07ee12718520f6f99b0da0a275 Mon Sep 17 00:00:00 2001
From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 9 Apr 2018 16:17:44 +0200
Subject: [PATCH] reiserfs: Fix warning for non-existing journal devices

When a journal device specified as part of mount options does not exist,
reiserfs issues a warking like:

	reiserfs_warning(super,
			 "journal_init_dev: Cannot open '%s': %i",
			 jdev_name, result);

Now this misses a parameter 'id' of reiserfs_warning() which comes
second. As such, the format string is interpreted as an ID and jdev_name as
a format string resulting in funny issues.

Fix the problem by adding missing 'id' argument.

Reported-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Acked-by: Jeff Mahoney <jeffm@xxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
---
 fs/reiserfs/journal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 70057359fbaf..23148c3ed675 100644
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2643,7 +2643,7 @@ static int journal_init_dev(struct super_block *super,
 	if (IS_ERR(journal->j_dev_bd)) {
 		result = PTR_ERR(journal->j_dev_bd);
 		journal->j_dev_bd = NULL;
-		reiserfs_warning(super,
+		reiserfs_warning(super, "sh-457",
 				 "journal_init_dev: Cannot open '%s': %i",
 				 jdev_name, result);
 		return result;
-- 
2.13.6


[Index of Archives]     [Linux File System Development]     [Linux BTRFS]     [Linux NFS]     [Linux Filesystems]     [Ext4 Filesystem]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Resources]

  Powered by Linux