[thirdparty/kernel/stable-queue.git] / releases / 2.6.32.17 / 0047-ext4-Avoid-crashing-on-NULL-ptr-dereference-on-a-fil.patch

From 570f16c4bfa97a7b2d3b3e6c0b8936ee91f32481 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Sun, 30 May 2010 22:50:01 -0400
Subject: ext4: Avoid crashing on NULL ptr dereference on a filesystem error

commit f70f362b4a6fe47c239dbfb3efc0cc2c10e4f09c upstream (as of v2.6.34-git13)

If the EOFBLOCK_FL flag is set when it should not be and the inode is
zero length, then eh_entries is zero, and ex is NULL, so dereferencing
ex to print ex->ee_block causes a kernel OOPS in
ext4_ext_map_blocks().

On top of that, the error message which is printed isn't very helpful.
So we fix this by printing something more explanatory which doesn't
involve trying to print ex->ee_block.

Addresses-Google-Bug: #2655740

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 fs/ext4/extents.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -3281,8 +3281,8 @@ int ext4_ext_get_blocks(handle_t *handle
 	 */
 	if (path[depth].p_ext == NULL && depth != 0) {
 		ext4_error(inode->i_sb, __func__, "bad extent address "
-			   "inode: %lu, iblock: %d, depth: %d",
-			   inode->i_ino, iblock, depth);
+			   "inode: %lu, iblock: %lu, depth: %d",
+			   inode->i_ino, (unsigned long) iblock, depth);
 		err = -EIO;
 		goto out2;
 	}
@@ -3418,8 +3418,11 @@ int ext4_ext_get_blocks(handle_t *handle
 		} else {
 			WARN_ON(eh->eh_entries == 0);
 			ext4_error(inode->i_sb, __func__,
-				"inode#%lu, eh->eh_entries = 0!", inode->i_ino);
-			}
+				   "inode#%lu, eh->eh_entries = 0 and "
+				   "EOFBLOCKS_FL set", inode->i_ino);
+			err = -EIO;
+			goto out2;
+		}
 	}
 	err = ext4_ext_insert_extent(handle, inode, path, &newex, flags);
 	if (err) {
Commit	Line	Data
7d777456 GKH	1	From 570f16c4bfa97a7b2d3b3e6c0b8936ee91f32481 Mon Sep 17 00:00:00 2001
	2	From: Theodore Ts'o <tytso@mit.edu>
	3	Date: Sun, 30 May 2010 22:50:01 -0400
	4	Subject: ext4: Avoid crashing on NULL ptr dereference on a filesystem error
	5
	6	commit f70f362b4a6fe47c239dbfb3efc0cc2c10e4f09c upstream (as of v2.6.34-git13)
	7
	8	If the EOFBLOCK_FL flag is set when it should not be and the inode is
	9	zero length, then eh_entries is zero, and ex is NULL, so dereferencing
	10	ex to print ex->ee_block causes a kernel OOPS in
	11	ext4_ext_map_blocks().
	12
	13	On top of that, the error message which is printed isn't very helpful.
	14	So we fix this by printing something more explanatory which doesn't
	15	involve trying to print ex->ee_block.
	16
	17	Addresses-Google-Bug: #2655740
	18
	19	Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
	20	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	21	---
	22	fs/ext4/extents.c \| 11 +++++++----
	23	1 file changed, 7 insertions(+), 4 deletions(-)
	24
	25	--- a/fs/ext4/extents.c
	26	+++ b/fs/ext4/extents.c
	27	@@ -3281,8 +3281,8 @@ int ext4_ext_get_blocks(handle_t *handle
	28	*/
	29	if (path[depth].p_ext == NULL && depth != 0) {
	30	ext4_error(inode->i_sb, __func__, "bad extent address "
	31	- "inode: %lu, iblock: %d, depth: %d",
	32	- inode->i_ino, iblock, depth);
	33	+ "inode: %lu, iblock: %lu, depth: %d",
	34	+ inode->i_ino, (unsigned long) iblock, depth);
	35	err = -EIO;
	36	goto out2;
	37	}
	38	@@ -3418,8 +3418,11 @@ int ext4_ext_get_blocks(handle_t *handle
	39	} else {
	40	WARN_ON(eh->eh_entries == 0);
	41	ext4_error(inode->i_sb, __func__,
	42	- "inode#%lu, eh->eh_entries = 0!", inode->i_ino);
	43	- }
	44	+ "inode#%lu, eh->eh_entries = 0 and "
	45	+ "EOFBLOCKS_FL set", inode->i_ino);
	46	+ err = -EIO;
	47	+ goto out2;
	48	+ }
	49	}
	50	err = ext4_ext_insert_extent(handle, inode, path, &newex, flags);
	51	if (err) {