xfs: check for dinode realtime flag corruption
Ramon tested XFS with a modified version of fsfuzzer and hit a NULL pointer dereference in __xfs_get_blocks due to the RT device target pointer being NULL. To fix this reject inode with the realtime bit set on a a filesystem without an RT subvolume during inode read. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Eric Sandeen <sandeen@sandeen.net> Reviewed-by: Felix Blyakher <felixb@sgi.com> Reported-by: Ramon de Carvalho Valle <ramon@risesecurity.org> Tested-by: Ramon de Carvalho Valle <ramon@risesecurity.org> Signed-off-by: Felix Blyakher <felixb@sgi.com>
This commit is contained in:
Родитель
e0c222c411
Коммит
b89d4208de
|
@ -343,6 +343,16 @@ xfs_iformat(
|
||||||
return XFS_ERROR(EFSCORRUPTED);
|
return XFS_ERROR(EFSCORRUPTED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (unlikely((ip->i_d.di_flags & XFS_DIFLAG_REALTIME) &&
|
||||||
|
!ip->i_mount->m_rtdev_targp)) {
|
||||||
|
xfs_fs_repair_cmn_err(CE_WARN, ip->i_mount,
|
||||||
|
"corrupt dinode %Lu, has realtime flag set.",
|
||||||
|
ip->i_ino);
|
||||||
|
XFS_CORRUPTION_ERROR("xfs_iformat(realtime)",
|
||||||
|
XFS_ERRLEVEL_LOW, ip->i_mount, dip);
|
||||||
|
return XFS_ERROR(EFSCORRUPTED);
|
||||||
|
}
|
||||||
|
|
||||||
switch (ip->i_d.di_mode & S_IFMT) {
|
switch (ip->i_d.di_mode & S_IFMT) {
|
||||||
case S_IFIFO:
|
case S_IFIFO:
|
||||||
case S_IFCHR:
|
case S_IFCHR:
|
||||||
|
|
Загрузка…
Ссылка в новой задаче