From 2f09719af705db56032ae480a2d9c32c2a3fcbd3 Mon Sep 17 00:00:00 2001 From: Stuart Swales Date: Tue, 22 Mar 2011 16:35:04 -0700 Subject: adfs: fix E+/F+ dir size > 2048 crashing kernel Kernel crashes in fs/adfs module when accessing directories with a large number of objects on mounted Acorn ADFS E+/F+ format discs (or images) as the existing code writes off the end of the fixed array of struct buffer_head pointers. Additionally, each directory access that didn't crash would leak a buffer as nr_buffers was not adjusted correctly for E+/F+ discs (was always left as one less than required). The patch fixes this by allocating a dynamically-sized set of struct buffer_head pointers if necessary for the E+/F+ case (many directories still do in fact fit in 2048 bytes) and sets the correct nr_buffers so that all buffers are released. Addresses https://bugzilla.kernel.org/show_bug.cgi?id=26072 Tested by tar'ing the contents of my RISC PC's E+ format 20Gb HDD which contains a number of large directories that previously crashed the kernel. Signed-off-by: Stuart Swales Cc: Russell King Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/adfs/adfs.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'fs/adfs/adfs.h') diff --git a/fs/adfs/adfs.h b/fs/adfs/adfs.h index 2ff622f..58588dd 100644 --- a/fs/adfs/adfs.h +++ b/fs/adfs/adfs.h @@ -79,6 +79,10 @@ struct adfs_dir { int nr_buffers; struct buffer_head *bh[4]; + + /* big directories need allocated buffers */ + struct buffer_head **bh_fplus; + unsigned int pos; unsigned int parent_id; -- cgit v1.1