summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorHaogang Chen <haogangchen@gmail.com>2012-03-16 17:08:38 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-16 17:14:44 -0700
commit3d777a64066f3b9db8a94834aaed6a9cf09808fd (patch)
tree6cf49f30feef97f0cd0397e21769930c6d5ea52c /fs
parentcf2b94daab9f3d21b0a393bef91292622f6a8ca4 (diff)
downloadlinux-stable-3d777a64066f3b9db8a94834aaed6a9cf09808fd.tar.gz
linux-stable-3d777a64066f3b9db8a94834aaed6a9cf09808fd.tar.bz2
linux-stable-3d777a64066f3b9db8a94834aaed6a9cf09808fd.zip
nilfs2: clamp ns_r_segments_percentage to [1, 99]
ns_r_segments_percentage is read from the disk. Bogus or malicious value could cause integer overflow and malfunction due to meaningless disk usage calculation. This patch reports error when mounting such bogus volumes. Signed-off-by: Haogang Chen <haogangchen@gmail.com> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/nilfs2/the_nilfs.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
index d32714094375..8a759016c2e3 100644
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
nilfs->ns_first_data_block = le64_to_cpu(sbp->s_first_data_block);
nilfs->ns_r_segments_percentage =
le32_to_cpu(sbp->s_r_segments_percentage);
+ if (nilfs->ns_r_segments_percentage < 1 ||
+ nilfs->ns_r_segments_percentage > 99) {
+ printk(KERN_ERR "NILFS: invalid reserved segments percentage.\n");
+ return -EINVAL;
+ }
+
nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments));
nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
return 0;