From: Mikulas Patocka <mpatocka@redhat.com>
Date: Fri, 21 Jul 2017 15:58:38 +0000 (-0400)
Subject: dm integrity: test for corrupted disk format during table load
X-Git-Tag: v4.12.5~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bce721912a18fcffda3a19947f5ec4d99996667e;p=thirdparty%2Fkernel%2Fstable.git

dm integrity: test for corrupted disk format during table load

commit bc86a41e96c5b6f07453c405e036d95acc673389 upstream.

If the dm-integrity superblock was corrupted in such a way that the
journal_sections field was zero, the integrity target would deadlock
because it would wait forever for free space in the journal.

Detect this situation and refuse to activate the device.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: 7eada909bfd7 ("dm: add integrity target")
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index edb34a2335a24..b68e21c25a172 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -3021,6 +3021,11 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 		ti->error = "Block size doesn't match the information in superblock";
 		goto bad;
 	}
+	if (!le32_to_cpu(ic->sb->journal_sections)) {
+		r = -EINVAL;
+		ti->error = "Corrupted superblock, journal_sections is 0";
+		goto bad;
+	}
 	/* make sure that ti->max_io_len doesn't overflow */
 	if (ic->sb->log2_interleave_sectors < MIN_LOG2_INTERLEAVE_SECTORS ||
 	    ic->sb->log2_interleave_sectors > MAX_LOG2_INTERLEAVE_SECTORS) {