hello, This patch fixes an accessing freed memory bug in merge_inode_recs. Thank you, Signed-off-by: Yan Zheng <zheng.yan@oracle.com> --- diff -urp btrfs-progs-unstable/btrfsck.c btrfs-progs/btrfsck.c --- btrfs-progs-unstable/btrfsck.c 2009-01-23 06:01:44.064370471 +0800 +++ btrfs-progs/btrfsck.c 2009-01-23 11:56:36.000000000 +0800 @@ -84,6 +84,7 @@ struct inode_backref { struct inode_record { struct list_head backrefs; unsigned int checked:1; + unsigned int merging:1; unsigned int found_inode_item:1; unsigned int found_dir_item:1; unsigned int found_file_extent:1; @@ -120,6 +121,7 @@ struct inode_record { #define I_ERR_FILE_NBYTES_WRONG (1 << 10) #define I_ERR_ODD_CSUM_ITEM (1 << 11) #define I_ERR_SOME_CSUM_MISSING (1 << 12) +#define I_ERR_LINK_COUNT_WRONG (1 << 13) struct ptr_node { struct cache_extent cache; @@ -258,7 +260,7 @@ static void maybe_free_inode_rec(struct } } - if (!rec->checked) + if (!rec->checked || rec->merging) return; if (S_ISDIR(rec->imode)) { @@ -425,6 +427,7 @@ static int merge_inode_recs(struct inode struct inode_backref *backref; struct cache_tree *dst_cache = &dst_node->inode_cache; + dst->merging = 1; list_for_each_entry(backref, &src->backrefs, list) { if (backref->found_dir_index) { add_inode_backref(dst_cache, dst->ino, backref->dir, @@ -492,6 +495,7 @@ static int merge_inode_recs(struct inode if (dst_node->current == dst) dst_node->current = NULL; } + dst->merging = 0; maybe_free_inode_rec(dst_cache, dst); return 0; } @@ -1159,6 +1163,8 @@ static int check_inode_recs(struct btrfs error++; if (!rec->found_inode_item) rec->errors |= I_ERR_NO_INODE_ITEM; + if (rec->found_link != rec->nlink) + rec->errors |= I_ERR_LINK_COUNT_WRONG; fprintf(stderr, "root %llu inode %llu errors %x\n", root->root_key.objectid, rec->ino, rec->errors); list_for_each_entry(backref, &rec->backrefs, list) { -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
ashford@whisperpc.com
2009-Jan-23 18:09 UTC
[PATCH] btrfs-progs/mkfs.c - fix sectorsize validation
It was possible to enter sector sizes larger than a memory page. This would result in some "unpleasantness", including hangs and crashes. This patch also adds a minimum sector size of 512 bytes. # diff -u mkfs.c- mkfs.c --- mkfs.c- 2009-01-22 13:39:21.000000000 -0800 +++ mkfs.c 2009-01-23 10:01:06.000000000 -0800 @@ -390,8 +390,16 @@ print_usage(); } } - sectorsize = max(sectorsize, (u32)getpagesize()); + + if (sectorsize < 512) { + printf("Sectorsize %u smaller than 512 - corrected\n", + sectorsize); + sectorsize = 512; + } else if (sectorsize > (u32)getpagesize()) { + printf("Sectorsize %u larger than pagesize %u - corrected\n", + sectorsize, (u32)getpagesize()); + sectorsize = (u32)getpagesize(); + } if ((sectorsize & (sectorsize - 1))) { fprintf(stderr, "Sector size %u must be a power of 2\n", sectorsize); -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html