summaryrefslogtreecommitdiffstats
path: root/fs/befs
diff options
context:
space:
mode:
authorDavid Sterba <dsterba@suse.com>2015-11-30 17:27:06 +0100
committerDavid Sterba <dsterba@suse.com>2016-01-07 14:26:58 +0100
commitf5cdedd73fa71b74dcc42f2a11a5735d89ce7c4f (patch)
tree3a9bf57fdfb0025794081c805e3668c0a3b988bc /fs/befs
parent35b3ad50baa4a5fc2ae616c0513d2987bfb52a85 (diff)
downloadop-kernel-dev-f5cdedd73fa71b74dcc42f2a11a5735d89ce7c4f.zip
op-kernel-dev-f5cdedd73fa71b74dcc42f2a11a5735d89ce7c4f.tar.gz
btrfs: handle invalid num_stripes in sys_array
We can handle the special case of num_stripes == 0 directly inside btrfs_read_sys_array. The BUG_ON in btrfs_chunk_item_size is there to catch other unhandled cases where we fail to validate external data. A crafted or corrupted image crashes at mount time: BTRFS: device fsid 9006933e-2a9a-44f0-917f-514252aeec2c devid 1 transid 7 /dev/loop0 BTRFS info (device loop0): disk space caching is enabled BUG: failure at fs/btrfs/ctree.h:337/btrfs_chunk_item_size()! Kernel panic - not syncing: BUG! CPU: 0 PID: 313 Comm: mount Not tainted 4.2.5-00657-ge047887-dirty #25 Stack: 637af890 60062489 602aeb2e 604192ba 60387961 00000011 637af8a0 6038a835 637af9c0 6038776b 634ef32b 00000000 Call Trace: [<6001c86d>] show_stack+0xfe/0x15b [<6038a835>] dump_stack+0x2a/0x2c [<6038776b>] panic+0x13e/0x2b3 [<6020f099>] btrfs_read_sys_array+0x25d/0x2ff [<601cfbbe>] open_ctree+0x192d/0x27af [<6019c2c1>] btrfs_mount+0x8f5/0xb9a [<600bc9a7>] mount_fs+0x11/0xf3 [<600d5167>] vfs_kern_mount+0x75/0x11a [<6019bcb0>] btrfs_mount+0x2e4/0xb9a [<600bc9a7>] mount_fs+0x11/0xf3 [<600d5167>] vfs_kern_mount+0x75/0x11a [<600d710b>] do_mount+0xa35/0xbc9 [<600d7557>] SyS_mount+0x95/0xc8 [<6001e884>] handle_syscall+0x6b/0x8e Reported-by: Jiri Slaby <jslaby@suse.com> Reported-by: Vegard Nossum <vegard.nossum@oracle.com> CC: stable@vger.kernel.org # 3.19+ Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs/befs')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud