2005-04-26 08:06:51

by Colin Leroy

[permalink] [raw]
Subject: [PATCH] hfsplus: don't leak sb->s_fs_info and don't oops on bad filesystem

Hi,

This is the second attempt at fixing two bugs in hfsplus; this patch
fixes the leak of sb->s_fs_info, and also fixes an oops [1] when trying
to mount something that isn't hfsplus with hfsplus.

The first hunk is just a protection, the second one fixes the oops, and
the third one fixes the leak.

[1] http://colino.net/tmp/hfsplus_oops.txt

Signed-off-by: Colin Leroy <[email protected]>
--- a/fs/hfsplus/super.c 2005-04-25 21:56:56.000000000 +0200
+++ b/fs/hfsplus/super.c 2005-04-26 09:56:49.000000000 +0200
@@ -207,9 +207,14 @@

static void hfsplus_put_super(struct super_block *sb)
{
+ if (!sb->s_fs_info)
+ return;
+
dprint(DBG_SUPER, "hfsplus_put_super\n");
if (!(sb->s_flags & MS_RDONLY)) {
struct hfsplus_vh *vhdr = HFSPLUS_SB(sb).s_vhdr;
+ if (!vhdr)
+ goto cleanup;

vhdr->modify_date = hfsp_now2mt();
vhdr->attributes |= cpu_to_be32(HFSPLUS_VOL_UNMNT);
@@ -226,6 +231,10 @@
brelse(HFSPLUS_SB(sb).s_vhbh);
if (HFSPLUS_SB(sb).nls)
unload_nls(HFSPLUS_SB(sb).nls);
+
+cleanup:
+ kfree(sb->s_fs_info);
+ sb->s_fs_info = NULL;
}

static int hfsplus_statfs(struct super_block *sb, struct kstatfs *buf)


2005-04-26 12:27:15

by Roman Zippel

[permalink] [raw]
Subject: Re: [PATCH] hfsplus: don't leak sb->s_fs_info and don't oops on bad filesystem

Hi,

On Tue, 26 Apr 2005, Colin Leroy wrote:

> This is the second attempt at fixing two bugs in hfsplus; this patch
> fixes the leak of sb->s_fs_info, and also fixes an oops [1] when trying
> to mount something that isn't hfsplus with hfsplus.
>
> The first hunk is just a protection, the second one fixes the oops, and
> the third one fixes the leak.

Close. :) What I had in mind is something like below.

bye, Roman

hfs/mdb.c | 5 +++++
hfs/super.c | 8 +++-----
hfsplus/super.c | 6 +++++-
3 files changed, 13 insertions(+), 6 deletions(-)

Index: linux-2.6-mm/fs/hfs/mdb.c
===================================================================
--- linux-2.6-mm.orig/fs/hfs/mdb.c 2005-02-02 11:32:45.000000000 +0100
+++ linux-2.6-mm/fs/hfs/mdb.c 2005-04-26 11:41:12.000000000 +0200
@@ -333,6 +333,8 @@ void hfs_mdb_close(struct super_block *s
* Release the resources associated with the in-core MDB. */
void hfs_mdb_put(struct super_block *sb)
{
+ if (!HFS_SB(sb))
+ return;
/* free the B-trees */
hfs_btree_close(HFS_SB(sb)->ext_tree);
hfs_btree_close(HFS_SB(sb)->cat_tree);
@@ -340,4 +342,7 @@ void hfs_mdb_put(struct super_block *sb)
/* free the buffers holding the primary and alternate MDBs */
brelse(HFS_SB(sb)->mdb_bh);
brelse(HFS_SB(sb)->alt_mdb_bh);
+
+ kfree(HFS_SB(sb));
+ sb->s_fs_info = NULL;
}
Index: linux-2.6-mm/fs/hfs/super.c
===================================================================
--- linux-2.6-mm.orig/fs/hfs/super.c 2005-04-26 11:24:08.000000000 +0200
+++ linux-2.6-mm/fs/hfs/super.c 2005-04-26 11:35:36.000000000 +0200
@@ -297,7 +297,7 @@ static int hfs_fill_super(struct super_b
res = -EINVAL;
if (!parse_options((char *)data, sbi)) {
hfs_warn("hfs_fs: unable to parse mount options.\n");
- goto bail3;
+ goto bail;
}

sb->s_op = &hfs_super_operations;
@@ -310,7 +310,7 @@ static int hfs_fill_super(struct super_b
hfs_warn("VFS: Can't find a HFS filesystem on dev %s.\n",
hfs_mdb_name(sb));
res = -EINVAL;
- goto bail2;
+ goto bail;
}

/* try to get the root inode */
@@ -340,10 +340,8 @@ bail_iput:
iput(root_inode);
bail_no_root:
hfs_warn("hfs_fs: get root inode failed.\n");
+bail:
hfs_mdb_put(sb);
-bail2:
-bail3:
- kfree(sbi);
return res;
}

Index: linux-2.6-mm/fs/hfsplus/super.c
===================================================================
--- linux-2.6-mm.orig/fs/hfsplus/super.c 2005-04-26 11:24:09.000000000 +0200
+++ linux-2.6-mm/fs/hfsplus/super.c 2005-04-26 14:24:39.000000000 +0200
@@ -208,7 +208,9 @@ static void hfsplus_write_super(struct s
static void hfsplus_put_super(struct super_block *sb)
{
dprint(DBG_SUPER, "hfsplus_put_super\n");
- if (!(sb->s_flags & MS_RDONLY)) {
+ if (!sb->s_fs_info)
+ return;
+ if (!(sb->s_flags & MS_RDONLY) && HFSPLUS_SB(sb).s_vhdr) {
struct hfsplus_vh *vhdr = HFSPLUS_SB(sb).s_vhdr;

vhdr->modify_date = hfsp_now2mt();
@@ -226,6 +228,8 @@ static void hfsplus_put_super(struct sup
brelse(HFSPLUS_SB(sb).s_vhbh);
if (HFSPLUS_SB(sb).nls)
unload_nls(HFSPLUS_SB(sb).nls);
+ kfree(sb->s_fs_info);
+ sb->s_fs_info = NULL;
}

static int hfsplus_statfs(struct super_block *sb, struct kstatfs *buf)