[PATCH] Fix for minix crash

Mounting a (corrupt) minix filesystem with zero s_zmap_blocks gives a spectacular crash on my 2.6.17.8 system, no doubt because minix/inode.c does an unconditional minix_set_bit(0,sbi->s_zmap[0]->b_data); [akpm@osdl.org: make labels conistent while we're there] Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] Fix for minix crash
Mounting a (corrupt) minix filesystem with zero s_zmap_blocks gives a spectacular crash on my 2.6.17.8 system, no doubt because minix/inode.c does an unconditional minix_set_bit(0,sbi->s_zmap[0]->b_data); [akpm@osdl.org: make labels conistent while we're there] Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andries Brouwer · Linus Torvalds
1 parent fb8d81e477
Showing 1 changed file with 10 additions and 3 deletions Side-by-side Diff
fs/minix/inode.c
@@ -204,6 +204,8 @@
 	/*
 	 * Allocate the buffer map to keep the superblock small.
 	 */
+	if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
+		goto out_illegal_sb;
 	i = (sbi->s_imap_blocks + sbi->s_zmap_blocks) * sizeof(bh);
 	map = kmalloc(i, GFP_KERNEL);
 	if (!map)
@@ -263,7 +265,7 @@
  
 out_no_bitmap:
 	printk("MINIX-fs: bad superblock or unable to read bitmaps\n");
-    out_freemap:
+out_freemap:
 	for (i = 0; i < sbi->s_imap_blocks; i++)
 		brelse(sbi->s_imap[i]);
 	for (i = 0; i < sbi->s_zmap_blocks; i++)
  
@@ -276,11 +278,16 @@
 		printk("MINIX-fs: can't allocate map\n");
 	goto out_release;
  
+out_illegal_sb:
+	if (!silent)
+		printk("MINIX-fs: bad superblock\n");
+	goto out_release;
+
 out_no_fs:
 	if (!silent)
 		printk("VFS: Can't find a Minix or Minix V2 filesystem "
 			"on device %s\n", s->s_id);
-    out_release:
+out_release:
 	brelse(bh);
 	goto out;
  
@@ -290,7 +297,7 @@
  
 out_bad_sb:
 	printk("MINIX-fs: unable to read superblock\n");
- out:
+out:
 	s->s_fs_info = NULL;
 	kfree(sbi);
 	return -EINVAL;
...	...	@@ -204,6 +204,8 @@
204	204	/*
205	205	* Allocate the buffer map to keep the superblock small.
206	206	*/
	207	+ if (sbi->s_imap_blocks == 0 \|\| sbi->s_zmap_blocks == 0)
	208	+ goto out_illegal_sb;
207	209	i = (sbi->s_imap_blocks + sbi->s_zmap_blocks) * sizeof(bh);
208	210	map = kmalloc(i, GFP_KERNEL);
209	211	if (!map)
...	...	@@ -263,7 +265,7 @@
263	265
264	266	out_no_bitmap:
265	267	printk("MINIX-fs: bad superblock or unable to read bitmaps\n");
266		- out_freemap:
	268	+out_freemap:
267	269	for (i = 0; i < sbi->s_imap_blocks; i++)
268	270	brelse(sbi->s_imap[i]);
269	271	for (i = 0; i < sbi->s_zmap_blocks; i++)
270	272
...	...	@@ -276,11 +278,16 @@
276	278	printk("MINIX-fs: can't allocate map\n");
277	279	goto out_release;
278	280
	281	+out_illegal_sb:
	282	+ if (!silent)
	283	+ printk("MINIX-fs: bad superblock\n");
	284	+ goto out_release;
	285	+
279	286	out_no_fs:
280	287	if (!silent)
281	288	printk("VFS: Can't find a Minix or Minix V2 filesystem "
282	289	"on device %s\n", s->s_id);
283		- out_release:
	290	+out_release:
284	291	brelse(bh);
285	292	goto out;
286	293
...	...	@@ -290,7 +297,7 @@
290	297
291	298	out_bad_sb:
292	299	printk("MINIX-fs: unable to read superblock\n");
293		- out:
	300	+out:
294	301	s->s_fs_info = NULL;
295	302	kfree(sbi);
296	303	return -EINVAL;