hello,
This patch fixes an accessing freed memory bug
in merge_inode_recs. Thank you,
Signed-off-by: Yan Zheng <zheng.yan@oracle.com>
---
diff -urp btrfs-progs-unstable/btrfsck.c btrfs-progs/btrfsck.c
--- btrfs-progs-unstable/btrfsck.c 2009-01-23 06:01:44.064370471 +0800
+++ btrfs-progs/btrfsck.c 2009-01-23 11:56:36.000000000 +0800
@@ -84,6 +84,7 @@ struct inode_backref {
struct inode_record {
struct list_head backrefs;
unsigned int checked:1;
+ unsigned int merging:1;
unsigned int found_inode_item:1;
unsigned int found_dir_item:1;
unsigned int found_file_extent:1;
@@ -120,6 +121,7 @@ struct inode_record {
#define I_ERR_FILE_NBYTES_WRONG (1 << 10)
#define I_ERR_ODD_CSUM_ITEM (1 << 11)
#define I_ERR_SOME_CSUM_MISSING (1 << 12)
+#define I_ERR_LINK_COUNT_WRONG (1 << 13)
struct ptr_node {
struct cache_extent cache;
@@ -258,7 +260,7 @@ static void maybe_free_inode_rec(struct
}
}
- if (!rec->checked)
+ if (!rec->checked || rec->merging)
return;
if (S_ISDIR(rec->imode)) {
@@ -425,6 +427,7 @@ static int merge_inode_recs(struct inode
struct inode_backref *backref;
struct cache_tree *dst_cache = &dst_node->inode_cache;
+ dst->merging = 1;
list_for_each_entry(backref, &src->backrefs, list) {
if (backref->found_dir_index) {
add_inode_backref(dst_cache, dst->ino, backref->dir,
@@ -492,6 +495,7 @@ static int merge_inode_recs(struct inode
if (dst_node->current == dst)
dst_node->current = NULL;
}
+ dst->merging = 0;
maybe_free_inode_rec(dst_cache, dst);
return 0;
}
@@ -1159,6 +1163,8 @@ static int check_inode_recs(struct btrfs
error++;
if (!rec->found_inode_item)
rec->errors |= I_ERR_NO_INODE_ITEM;
+ if (rec->found_link != rec->nlink)
+ rec->errors |= I_ERR_LINK_COUNT_WRONG;
fprintf(stderr, "root %llu inode %llu errors %x\n",
root->root_key.objectid, rec->ino, rec->errors);
list_for_each_entry(backref, &rec->backrefs, list) {
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ashford@whisperpc.com
2009-Jan-23 18:09 UTC
[PATCH] btrfs-progs/mkfs.c - fix sectorsize validation
It was possible to enter sector sizes larger than a memory page. This would
result in some "unpleasantness", including hangs and crashes. This
patch also
adds a minimum sector size of 512 bytes.
# diff -u mkfs.c- mkfs.c
--- mkfs.c- 2009-01-22 13:39:21.000000000 -0800
+++ mkfs.c 2009-01-23 10:01:06.000000000 -0800
@@ -390,8 +390,16 @@
print_usage();
}
}
- sectorsize = max(sectorsize, (u32)getpagesize());
+
+ if (sectorsize < 512) {
+ printf("Sectorsize %u smaller than 512 - corrected\n",
+ sectorsize);
+ sectorsize = 512;
+ } else if (sectorsize > (u32)getpagesize()) {
+ printf("Sectorsize %u larger than pagesize %u -
corrected\n",
+ sectorsize, (u32)getpagesize());
+ sectorsize = (u32)getpagesize();
+ }
if ((sectorsize & (sectorsize - 1))) {
fprintf(stderr, "Sector size %u must be a power of
2\n",
sectorsize);
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html