15 Aug, 2008
2 commits
-
A fuzzed fileystem image failed with OMFS when the extent count was
used in a loop without being checked against the max number of extents.
It also provoked a signed division for an array index that was checked
as if unsigned, leading to index by -1.omfsck will be updated to fix these cases, in the meantime bail out
gracefully.Reported-by: Eric Sesterhenn
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Testing with a modified fsfuzzer reveals a couple of locations in omfs
where filesystem variables are ultimately used as loop counters with
insufficient sanity checking. In this case, dir->i_size is used to
compute the number of buckets in the directory hash. If too large,
readdir will overrun a buffer.Since it's an invariant that dir->i_size is equal to the sysblock
size, and we already sanity check that, just use that value instead.
This fixes the following oops:BUG: unable to handle kernel paging request at c978e004
IP: [] omfs_readdir+0x18e/0x32f
Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
Modules linked in:Pid: 4796, comm: ls Not tainted (2.6.27-rc2 #12)
EIP: 0060:[] EFLAGS: 00010287 CPU: 0
EIP is at omfs_readdir+0x18e/0x32f
EAX: c978d000 EBX: 00000000 ECX: cbfcfaf8 EDX: cb2cf100
ESI: 00001000 EDI: 00000800 EBP: cb2d3f68 ESP: cb2d3f0c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ls (pid: 4796, ti=cb2d3000 task=cb175f40 task.ti=cb2d3000)
Stack: 00000002 00000000 00000000 c018a820 cb2d3f94 cb2cf100 cbfb0000 ffffff10
cbfb3b80 cbfcfaf8 000001c9 00000a09 00000000 00000000 00000000 cbfcfbc8
c9697000 cbfb3b80 22222222 00001000 c08e6cd0 cb2cf100 cbfb3b80 cb2d3f88
Call Trace:
[] ? filldir64+0x0/0xcd
[] ? vfs_readdir+0x56/0x82
[] ? filldir64+0x0/0xcd
[] ? sys_getdents64+0x5e/0xa0
[] ? sysenter_do_call+0x12/0x31
=======================
Code: 00 89 f0 89 f3 0f ac f8 14 81 e3 ff ff 0f 00 48 8d
14 c5 b8 01 00 00 89 45 cc 89 55 f0 e9 8c 01 00 00 8b 4d c8 8b 75 f0 8b
41 18 54 30 04 8b 04 30 31 f6 89 5d dc 89 d1 8b 55 b8 0f c8 0f c9Reported-by: Eric Sesterhenn
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
06 Aug, 2008
1 commit
-
fs/omfs/inode.c:495: warning: format '%llx' expects type 'long long
unsigned int', but argument 2 has type 'u64'
fs/omfs/inode.c:495: warning: format '%llx' expects type 'long
long unsigned int', but argument 3 has type '__be64'Signed-off-by: Alexander Beregalov
Acked-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
31 Jul, 2008
1 commit
-
Missing cpu_to_be64 on some constant assignments.
fs/omfs/dir.c:107:16: warning: incorrect type in assignment (different base types)
fs/omfs/dir.c:107:16: expected restricted __be64 [usertype] i_sibling
fs/omfs/dir.c:107:16: got unsigned long long
fs/omfs/file.c:33:13: warning: incorrect type in assignment (different base types)
fs/omfs/file.c:33:13: expected restricted __be64 [usertype] e_next
fs/omfs/file.c:33:13: got unsigned long long
fs/omfs/file.c:36:24: warning: incorrect type in assignment (different base types)
fs/omfs/file.c:36:24: expected restricted __be64 [usertype] e_cluster
fs/omfs/file.c:36:24: got unsigned long long
fs/omfs/file.c:37:23: warning: incorrect type in assignment (different base types)
fs/omfs/file.c:37:23: expected restricted __be64 [usertype] e_blocks
fs/omfs/file.c:37:23: got unsigned long longfs/omfs/bitmap.c:74:18: warning: incorrect type in argument 2 (different signedness)
fs/omfs/bitmap.c:74:18: expected unsigned long volatile *addr
fs/omfs/bitmap.c:74:18: got long *
fs/omfs/bitmap.c:77:20: warning: incorrect type in argument 2 (different signedness)
fs/omfs/bitmap.c:77:20: expected unsigned long volatile *addr
fs/omfs/bitmap.c:77:20: got long *
fs/omfs/bitmap.c:112:17: warning: incorrect type in argument 2 (different signedness)
fs/omfs/bitmap.c:112:17: expected unsigned long volatile *addr
fs/omfs/bitmap.c:112:17: got long *Signed-off-by: Harvey Harrison
Acked-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Jul, 2008
6 commits
-
Adds OMFS to the fs Kconfig and Makefile
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add block allocation and block bitmap management routines for OMFS.
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add functions for reading and manipulating the storage of file data in
the extent-based OMFS.Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add lookup and directory management routines for OMFS. The filesystem uses
hashing based on the filename and stores collisions, unordered, in siblings
of files' inode structures. To support telldir, the current position in
the hash table is encoded in fpos.Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add basic superblock and inode handling routines for OMFS
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add header files containing OMFS on-disk and memory structures.
Signed-off-by: Bob Copeland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds