Commit b89d4208 authored Aug 10, 2009 by Christoph Hellwig Committed by Felix Blyakher Aug 12, 2009

xfs: check for dinode realtime flag corruption



Ramon tested XFS with a modified version of fsfuzzer and hit a NULL
pointer dereference in __xfs_get_blocks due to the RT device target
pointer being NULL.

To fix this reject inode with the realtime bit set on a a filesystem
without an RT subvolume during inode read.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Felix Blyakher <felixb@sgi.com>
Reported-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Tested-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
Signed-off-by: Felix Blyakher <felixb@sgi.com>

parent e0c222c4

fs/xfs/xfs_inode.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -343,6 +343,16 @@ xfs_iformat(
		return XFS_ERROR(EFSCORRUPTED);
		}

		if (unlikely((ip->i_d.di_flags & XFS_DIFLAG_REALTIME) &&
		!ip->i_mount->m_rtdev_targp)) {
		xfs_fs_repair_cmn_err(CE_WARN, ip->i_mount,
		"corrupt dinode %Lu, has realtime flag set.",
		ip->i_ino);
		XFS_CORRUPTION_ERROR("xfs_iformat(realtime)",
		XFS_ERRLEVEL_LOW, ip->i_mount, dip);
		return XFS_ERROR(EFSCORRUPTED);
		}

		switch (ip->i_d.di_mode & S_IFMT) {
		case S_IFIFO:
		case S_IFCHR: