At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
out of that function returns this ret. However, the generic_check_addressable
clause sets ret = 0 if it passes, which means that a subsequent failure (e.g.
a group checksum error) returns 0 even though the mount should fail. This
causes vfs_kern_mount in turn to think that the mount succeeded (because
PTR_ERR(0) is false), leading to an oops.
A simple fix is to avoid using ret for the generic_check_addressable check,
which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
Signed-off-by: Darrick J. Wong <[email protected]>
---
fs/ext4/super.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 40131b7..a44bc59 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3257,9 +3257,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
- ext4_blocks_count(es));
- if (ret) {
+ if (generic_check_addressable(sb->s_blocksize_bits,
+ ext4_blocks_count(es))) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
On 11/15/10 3:48 PM, Darrick J. Wong wrote:
> At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
> out of that function returns this ret. However, the generic_check_addressable
> clause sets ret = 0 if it passes, which means that a subsequent failure (e.g.
> a group checksum error) returns 0 even though the mount should fail. This
> causes vfs_kern_mount in turn to think that the mount succeeded (because
> PTR_ERR(0) is false), leading to an oops.
>
> A simple fix is to avoid using ret for the generic_check_addressable check,
> which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
>
> Signed-off-by: Darrick J. Wong <[email protected]>
looks right, but one comment below:
> ---
>
> fs/ext4/super.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 40131b7..a44bc59 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3257,9 +3257,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> * Test whether we have more sectors than will fit in sector_t,
> * and whether the max offset is addressable by the page cache.
> */
> - ret = generic_check_addressable(sb->s_blocksize_bits,
> - ext4_blocks_count(es));
> - if (ret) {
> + if (generic_check_addressable(sb->s_blocksize_bits,
> + ext4_blocks_count(es))) {
> ext4_msg(sb, KERN_ERR, "filesystem"
> " too large to mount safely on this system");
> if (sizeof(sector_t) < 8)
you probably want to set a "ret = -EFBIG" in here.
-Eric
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
out of that function returns ret. However, the generic_check_addressable
clause sets ret = 0 (if it passes), which means that a subsequent failure (e.g.
a group checksum error) returns 0 even though the mount should fail. This
causes vfs_kern_mount in turn to think that the mount succeeded, leading to an
oops.
A simple fix is to avoid using ret for the generic_check_addressable check,
which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
v2: Return -EFBIG in the error case, per Eric Sandeen's suggestion.
Signed-off-by: Darrick J. Wong <[email protected]>
---
fs/ext4/super.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 40131b7..120c034 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3257,13 +3257,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
- ext4_blocks_count(es));
- if (ret) {
+ if (generic_check_addressable(sb->s_blocksize_bits,
+ ext4_blocks_count(es))) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
+ ret = -EFBIG;
goto failed_mount;
}
On Mon, 15 Nov 2010, Darrick J. Wong wrote:
> At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
> out of that function returns ret. However, the generic_check_addressable
> clause sets ret = 0 (if it passes), which means that a subsequent failure (e.g.
> a group checksum error) returns 0 even though the mount should fail. This
> causes vfs_kern_mount in turn to think that the mount succeeded, leading to an
> oops.
>
> A simple fix is to avoid using ret for the generic_check_addressable check,
> which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
>
> v2: Return -EFBIG in the error case, per Eric Sandeen's suggestion.
>
> Signed-off-by: Darrick J. Wong <[email protected]>
> ---
>
> fs/ext4/super.c | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 40131b7..120c034 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3257,13 +3257,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> * Test whether we have more sectors than will fit in sector_t,
> * and whether the max offset is addressable by the page cache.
> */
> - ret = generic_check_addressable(sb->s_blocksize_bits,
> - ext4_blocks_count(es));
> - if (ret) {
> + if (generic_check_addressable(sb->s_blocksize_bits,
> + ext4_blocks_count(es))) {
> ext4_msg(sb, KERN_ERR, "filesystem"
> " too large to mount safely on this system");
> if (sizeof(sector_t) < 8)
> ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
> + ret = -EFBIG;
> goto failed_mount;
> }
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Hi,
the untested diff below seems like a more general solution to me,
since it allows to return the actual error from
generic_check_addressable().
Thanks.
-Lukas
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 61182fe..3d89b72 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3268,13 +3268,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
+ err = generic_check_addressable(sb->s_blocksize_bits,
ext4_blocks_count(es));
- if (ret) {
+ if (err) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
+ ret = err;
goto failed_mount;
}
On 11/16/10 6:56 AM, Lukas Czerner wrote:
> On Mon, 15 Nov 2010, Darrick J. Wong wrote:
>
>> At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
>> out of that function returns ret. However, the generic_check_addressable
>> clause sets ret = 0 (if it passes), which means that a subsequent failure (e.g.
>> a group checksum error) returns 0 even though the mount should fail. This
>> causes vfs_kern_mount in turn to think that the mount succeeded, leading to an
>> oops.
>>
>> A simple fix is to avoid using ret for the generic_check_addressable check,
>> which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
>>
>> v2: Return -EFBIG in the error case, per Eric Sandeen's suggestion.
>>
>> Signed-off-by: Darrick J. Wong <[email protected]>
>> ---
>>
>> fs/ext4/super.c | 6 +++---
>> 1 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 40131b7..120c034 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -3257,13 +3257,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
>> * Test whether we have more sectors than will fit in sector_t,
>> * and whether the max offset is addressable by the page cache.
>> */
>> - ret = generic_check_addressable(sb->s_blocksize_bits,
>> - ext4_blocks_count(es));
>> - if (ret) {
>> + if (generic_check_addressable(sb->s_blocksize_bits,
>> + ext4_blocks_count(es))) {
>> ext4_msg(sb, KERN_ERR, "filesystem"
>> " too large to mount safely on this system");
>> if (sizeof(sector_t) < 8)
>> ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
>> + ret = -EFBIG;
>> goto failed_mount;
>> }
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
> Hi,
>
> the untested diff below seems like a more general solution to me,
> since it allows to return the actual error from
> generic_check_addressable().
>
> Thanks.
good point, we can get -EINVAL or -EFBIG back, can't we.
Thanks,
-Eric
> -Lukas
>
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 61182fe..3d89b72 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3268,13 +3268,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> * Test whether we have more sectors than will fit in sector_t,
> * and whether the max offset is addressable by the page cache.
> */
> - ret = generic_check_addressable(sb->s_blocksize_bits,
> + err = generic_check_addressable(sb->s_blocksize_bits,
> ext4_blocks_count(es));
> - if (ret) {
> + if (err) {
> ext4_msg(sb, KERN_ERR, "filesystem"
> " too large to mount safely on this system");
> if (sizeof(sector_t) < 8)
> ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
> + ret = err;
> goto failed_mount;
> }
>
On Tue, Nov 16, 2010 at 01:56:31PM +0100, Lukas Czerner wrote:
> On Mon, 15 Nov 2010, Darrick J. Wong wrote:
>
> > At the start of ext4_fill_super, ret is set to -EINVAL, and any failure path
> > out of that function returns ret. However, the generic_check_addressable
> > clause sets ret = 0 (if it passes), which means that a subsequent failure (e.g.
> > a group checksum error) returns 0 even though the mount should fail. This
> > causes vfs_kern_mount in turn to think that the mount succeeded, leading to an
> > oops.
> >
> > A simple fix is to avoid using ret for the generic_check_addressable check,
> > which was last changed in commit 30ca22c70e3ef0a96ff84de69cd7e8561b416cb2.
> >
> > v2: Return -EFBIG in the error case, per Eric Sandeen's suggestion.
> >
> > Signed-off-by: Darrick J. Wong <[email protected]>
> > ---
> >
> > fs/ext4/super.c | 6 +++---
> > 1 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> > index 40131b7..120c034 100644
> > --- a/fs/ext4/super.c
> > +++ b/fs/ext4/super.c
> > @@ -3257,13 +3257,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> > * Test whether we have more sectors than will fit in sector_t,
> > * and whether the max offset is addressable by the page cache.
> > */
> > - ret = generic_check_addressable(sb->s_blocksize_bits,
> > - ext4_blocks_count(es));
> > - if (ret) {
> > + if (generic_check_addressable(sb->s_blocksize_bits,
> > + ext4_blocks_count(es))) {
> > ext4_msg(sb, KERN_ERR, "filesystem"
> > " too large to mount safely on this system");
> > if (sizeof(sector_t) < 8)
> > ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
> > + ret = -EFBIG;
> > goto failed_mount;
> > }
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
> Hi,
>
> the untested diff below seems like a more general solution to me,
> since it allows to return the actual error from
> generic_check_addressable().
It seems to work ok for me, so:
Acked-by: Darrick J. Wong <[email protected]>
I will make the same change to ext3.
--D
>
> Thanks.
>
> -Lukas
>
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 61182fe..3d89b72 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3268,13 +3268,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> * Test whether we have more sectors than will fit in sector_t,
> * and whether the max offset is addressable by the page cache.
> */
> - ret = generic_check_addressable(sb->s_blocksize_bits,
> + err = generic_check_addressable(sb->s_blocksize_bits,
> ext4_blocks_count(es));
> - if (ret) {
> + if (err) {
> ext4_msg(sb, KERN_ERR, "filesystem"
> " too large to mount safely on this system");
> if (sizeof(sector_t) < 8)
> ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
> + ret = err;
> goto failed_mount;
> }
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
ext3: Return error code from generic_check_accessible
ext3_fill_super should return the error code that generic_check_accessible
returns when an error condition occurs.
Signed-off-by: Darrick J. Wong <[email protected]>
---
fs/ext3/super.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index 2fedaf8..960629b 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -1842,13 +1842,15 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
goto failed_mount;
}
- if (generic_check_addressable(sb->s_blocksize_bits,
- le32_to_cpu(es->s_blocks_count))) {
+ err = generic_check_addressable(sb->s_blocksize_bits,
+ le32_to_cpu(es->s_blocks_count));
+ if (err) {
ext3_msg(sb, KERN_ERR,
"error: filesystem is too large to mount safely");
if (sizeof(sector_t) < 8)
ext3_msg(sb, KERN_ERR,
"error: CONFIG_LBDAF not enabled");
+ ret = err;
goto failed_mount;
}
On Tue, 16 Nov 2010, Darrick J. Wong wrote:
> ext3: Return error code from generic_check_accessible
>
> ext3_fill_super should return the error code that generic_check_accessible
> returns when an error condition occurs.
>
> Signed-off-by: Darrick J. Wong <[email protected]>
> ---
>
> fs/ext3/super.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ext3/super.c b/fs/ext3/super.c
> index 2fedaf8..960629b 100644
> --- a/fs/ext3/super.c
> +++ b/fs/ext3/super.c
> @@ -1842,13 +1842,15 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
> goto failed_mount;
> }
>
> - if (generic_check_addressable(sb->s_blocksize_bits,
> - le32_to_cpu(es->s_blocks_count))) {
> + err = generic_check_addressable(sb->s_blocksize_bits,
> + le32_to_cpu(es->s_blocks_count));
> + if (err) {
> ext3_msg(sb, KERN_ERR,
> "error: filesystem is too large to mount safely");
> if (sizeof(sector_t) < 8)
> ext3_msg(sb, KERN_ERR,
> "error: CONFIG_LBDAF not enabled");
> + ret = err;
> goto failed_mount;
> }
>
>
Add Jan Kara to cc list.
-Lukas
On Tue, Nov 16, 2010 at 02:55:38PM -0800, Darrick J. Wong wrote:
> > the untested diff below seems like a more general solution to me,
> > since it allows to return the actual error from
> > generic_check_addressable().
>
> It seems to work ok for me, so:
>
> Acked-by: Darrick J. Wong <[email protected]>
>
> I will make the same change to ext3.
OK, this is what I've added to the ext4 patch queue
---
ext4: ext4_fill_super shouldn't return 0 on corruption
From: "Darrick J. Wong" <[email protected]>
At the start of ext4_fill_super, ret is set to -EINVAL, and any
failure path out of that function returns ret. However, the
generic_check_addressable clause sets ret = 0 (if it passes), which
means that a subsequent failure (e.g. a group checksum error) returns
0 even though the mount should fail. This causes vfs_kern_mount in
turn to think that the mount succeeded, leading to an oops.
A simple fix is to avoid using ret for the generic_check_addressable
check, which was last changed in commit 30ca22c70e3.
Signed-off-by: Darrick J. Wong <[email protected]>
Signed-off-by: "Theodore Ts'o" <[email protected]>
---
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 61182fe..3d89b72 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3268,13 +3268,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
* Test whether we have more sectors than will fit in sector_t,
* and whether the max offset is addressable by the page cache.
*/
- ret = generic_check_addressable(sb->s_blocksize_bits,
+ err = generic_check_addressable(sb->s_blocksize_bits,
ext4_blocks_count(es));
- if (ret) {
+ if (err) {
ext4_msg(sb, KERN_ERR, "filesystem"
" too large to mount safely on this system");
if (sizeof(sector_t) < 8)
ext4_msg(sb, KERN_WARNING, "CONFIG_LBDAF not enabled");
+ ret = err;
goto failed_mount;
}
On Thu 18-11-10 09:52:51, Lukas Czerner wrote:
> On Tue, 16 Nov 2010, Darrick J. Wong wrote:
>
> > ext3: Return error code from generic_check_accessible
> >
> > ext3_fill_super should return the error code that generic_check_accessible
> > returns when an error condition occurs.
> >
> > Signed-off-by: Darrick J. Wong <[email protected]>
> > ---
> >
> > fs/ext3/super.c | 6 ++++--
> > 1 files changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/ext3/super.c b/fs/ext3/super.c
> > index 2fedaf8..960629b 100644
> > --- a/fs/ext3/super.c
> > +++ b/fs/ext3/super.c
> > @@ -1842,13 +1842,15 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
> > goto failed_mount;
> > }
> >
> > - if (generic_check_addressable(sb->s_blocksize_bits,
> > - le32_to_cpu(es->s_blocks_count))) {
> > + err = generic_check_addressable(sb->s_blocksize_bits,
> > + le32_to_cpu(es->s_blocks_count));
> > + if (err) {
> > ext3_msg(sb, KERN_ERR,
> > "error: filesystem is too large to mount safely");
> > if (sizeof(sector_t) < 8)
> > ext3_msg(sb, KERN_ERR,
> > "error: CONFIG_LBDAF not enabled");
> > + ret = err;
> > goto failed_mount;
> > }
> >
> >
>
> Add Jan Kara to cc list.
Thanks for forwarding. Merged.
Honza
--
Jan Kara <[email protected]>
SUSE Labs, CR