f2fs: sanity check size of nat and sit cache

commit 21d3f8e1c3b7996ce239ab6fa82e9f7a8c47d84d upstream. Make sure number of entires doesn't exceed max journal size. Signed-off-by: Jin Qian <jinqian@android.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

f2fs: sanity check size of nat and sit cache
commit 21d3f8e1c3b7996ce239ab6fa82e9f7a8c47d84d upstream. Make sure number of entires doesn't exceed max journal size. Signed-off-by: Jin Qian <jinqian@android.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jin Qian · Greg Kroah-Hartman
1 parent 58d2eacd3b
Showing 1 changed file with 7 additions and 0 deletions Side-by-side Diff
fs/f2fs/segment.c
@@ -1805,6 +1805,8 @@
  
 static int restore_curseg_summaries(struct f2fs_sb_info *sbi)
 {
+	struct f2fs_journal *sit_j = CURSEG_I(sbi, CURSEG_COLD_DATA)->journal;
+	struct f2fs_journal *nat_j = CURSEG_I(sbi, CURSEG_HOT_DATA)->journal;
 	int type = CURSEG_HOT_DATA;
 	int err;
  
@@ -1830,6 +1832,11 @@
 		if (err)
 			return err;
 	}
+
+	/* sanity check for summary blocks */
+	if (nats_in_cursum(nat_j) > NAT_JOURNAL_ENTRIES ||
+			sits_in_cursum(sit_j) > SIT_JOURNAL_ENTRIES)
+		return -EINVAL;
  
 	return 0;
 }
...	...	@@ -1805,6 +1805,8 @@
1805	1805
1806	1806	static int restore_curseg_summaries(struct f2fs_sb_info *sbi)
1807	1807	{
	1808	+ struct f2fs_journal *sit_j = CURSEG_I(sbi, CURSEG_COLD_DATA)->journal;
	1809	+ struct f2fs_journal *nat_j = CURSEG_I(sbi, CURSEG_HOT_DATA)->journal;
1808	1810	int type = CURSEG_HOT_DATA;
1809	1811	int err;
1810	1812
...	...	@@ -1830,6 +1832,11 @@
1830	1832	if (err)
1831	1833	return err;
1832	1834	}
	1835	+
	1836	+ /* sanity check for summary blocks */
	1837	+ if (nats_in_cursum(nat_j) > NAT_JOURNAL_ENTRIES \|\|
	1838	+ sits_in_cursum(sit_j) > SIT_JOURNAL_ENTRIES)
	1839	+ return -EINVAL;
1833	1840
1834	1841	return 0;
1835	1842	}