Unverified Commit 254b0364 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!8357 nilfs2: fix underflow in second superblock position calculations 

Merge Pull Request from: @ci-robot 
 
PR sync from: Zizhi Wo <wozizhi@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/YA53CSX35ID7FNKP73GTT6OUDOC4IS37/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9R4KZ 
 
Link:https://gitee.com/openeuler/kernel/pulls/8357

 

Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents f6c39683 7a1753f2

fs/nilfs2/ioctl.c

+7 −0
Original line number Diff line number Diff line
@@ -1135,7 +1135,14 @@ static int nilfs_ioctl_set_alloc_range(struct inode *inode, void __user *argp) 


	minseg = range[0] + segbytes - 1;

	do_div(minseg, segbytes);



	if (range[1] < 4096)

		goto out;



	maxseg = NILFS_SB2_OFFSET_BYTES(range[1]);

	if (maxseg < segbytes)

		goto out;



	do_div(maxseg, segbytes);

	maxseg--;

fs/nilfs2/super.c

+9 −0
Original line number Diff line number Diff line
@@ -430,6 +430,15 @@ int nilfs_resize_fs(struct super_block *sb, __u64 newsize) 
	if (newsize > devsize)

		goto out;



	/*

	 * Prevent underflow in second superblock position calculation.

	 * The exact minimum size check is done in nilfs_sufile_resize().

	 */

	if (newsize < 4096) {

		ret = -ENOSPC;

		goto out;

	}



	/*

	 * Write lock is required to protect some functions depending

	 * on the number of segments, the number of reserved segments,

fs/nilfs2/the_nilfs.c

+7 −1
Original line number Diff line number Diff line
@@ -494,9 +494,15 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, 
{

	struct nilfs_super_block **sbp = nilfs->ns_sbp;

	struct buffer_head **sbh = nilfs->ns_sbh;

	u64 sb2off = NILFS_SB2_OFFSET_BYTES(nilfs->ns_bdev->bd_inode->i_size);

	u64 sb2off, devsize = nilfs->ns_bdev->bd_inode->i_size;

	int valid[2], swp = 0;



	if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) {

		nilfs_msg(sb, KERN_ERR, "device size too small");

		return -EINVAL;

	}

	sb2off = NILFS_SB2_OFFSET_BYTES(devsize);



	sbp[0] = nilfs_read_super_block(sb, NILFS_SB_OFFSET_BYTES, blocksize,

					&sbh[0]);

	sbp[1] = nilfs_read_super_block(sb, sb2off, blocksize, &sbh[1]);