linux/fs/nilfs2
Ryusuke Konishi d8fd150fe3 nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()
The range check for b-tree level parameter in nilfs_btree_root_broken()
is wrong; it accepts the case of "level == NILFS_BTREE_LEVEL_MAX" even
though the level is limited to values in the range of 0 to
(NILFS_BTREE_LEVEL_MAX - 1).

Since the level parameter is read from storage device and used to index
nilfs_btree_path array whose element count is NILFS_BTREE_LEVEL_MAX, it
can cause memory overrun during btree operations if the boundary value
is set to the level parameter on device.

This fixes the broken sanity check and adds a comment to clarify that
the upper bound NILFS_BTREE_LEVEL_MAX is exclusive.

Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-05-05 17:10:11 -07:00
..
alloc.c nilfs2: unify type of key arguments in bmap interface 2015-04-17 09:04:03 -04:00
alloc.h nilfs2: implement calculation of free inodes count 2013-07-03 16:08:01 -07:00
bmap.c nilfs2: add bmap function to seek a valid key 2015-04-17 09:04:03 -04:00
bmap.h nilfs2: add bmap function to seek a valid key 2015-04-17 09:04:03 -04:00
btnode.c
btnode.h nilfs2: add omitted comments for different structures in driver implementation 2012-07-30 17:25:19 -07:00
btree.c nilfs2: fix sanity check of btree level in nilfs_btree_root_broken() 2015-05-05 17:10:11 -07:00
btree.h
cpfile.c nilfs2: improve execution time of NILFS_IOCTL_GET_CPINFO ioctl 2015-04-17 09:04:04 -04:00
cpfile.h
dat.c nilfs2: verify metadata sizes read from disk 2014-04-03 16:21:26 -07:00
dat.h
dir.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
direct.c nilfs2: add bmap function to seek a valid key 2015-04-17 09:04:03 -04:00
direct.h
export.h nilfs2: add omitted comments for different structures in driver implementation 2012-07-30 17:25:19 -07:00
file.c make new_sync_{read,write}() static 2015-04-11 22:29:40 -04:00
gcinode.c fs: remove mapping->backing_dev_info 2015-01-20 14:03:05 -07:00
ifile.c ] nilfs2: use atomic64_t type for inodes_count and blocks_count fields in nilfs_root struct 2013-07-03 16:08:01 -07:00
ifile.h nilfs2: implement calculation of free inodes count 2013-07-03 16:08:01 -07:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
ioctl.c nilfs2: add missing blkdev_issue_flush() to nilfs_sync_fs() 2014-10-14 02:18:20 +02:00
Kconfig fs/nilfs2: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:39:04 -08:00
Makefile nilfs2: integrate sysfs support into driver 2014-08-08 15:57:21 -07:00
mdt.c nilfs2: add helper to find existent block on metadata file 2015-04-17 09:04:04 -04:00
mdt.h nilfs2: add helper to find existent block on metadata file 2015-04-17 09:04:04 -04:00
namei.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nilfs.h nilfs2: fix deadlock of segment constructor over I_SYNC flag 2015-02-05 13:35:29 -08:00
page.c nilfs2: use set_mask_bits() for operations on buffer state bitmap 2015-04-17 09:04:03 -04:00
page.h fs: remove mapping->backing_dev_info 2015-01-20 14:03:05 -07:00
recovery.c nilfs2: drop vmtruncate 2012-12-20 18:40:54 -05:00
segbuf.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
segbuf.h
segment.c nilfs2: use set_mask_bits() for operations on buffer state bitmap 2015-04-17 09:04:03 -04:00
segment.h nilfs2: fix deadlock of segment constructor over I_SYNC flag 2015-02-05 13:35:29 -08:00
sufile.c nilfs2: verify metadata sizes read from disk 2014-04-03 16:21:26 -07:00
sufile.h nilfs2: add nilfs_sufile_trim_fs to trim clean segs 2014-04-03 16:21:25 -07:00
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
sysfs.c nilfs2: integrate sysfs support into driver 2014-08-08 15:57:21 -07:00
sysfs.h nilfs2: add /sys/fs/nilfs2/<device>/mounted_snapshots/<snapshot> group 2014-08-08 15:57:21 -07:00
the_nilfs.c nilfs2: deletion of an unnecessary check before the function call "iput" 2014-12-10 17:41:16 -08:00
the_nilfs.h nilfs2: add missing blkdev_issue_flush() to nilfs_sync_fs() 2014-10-14 02:18:20 +02:00