limit minixfs printks on corrupted dir i_size
This attempts to address CVE-2006-6058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058 first reported at http://projects.info-pull.com/mokb/MOKB-17-11-2006.html Essentially a corrupted minix dir inode reporting a very large i_size will loop for a very long time in minix_readdir, minix_find_entry, etc, because on EIO they just move on to try the next page. This is under the BKL, printk-storming as well. This can lock up the machine for a very long time. Simply ratelimiting the printks gets things back under control. Make the message a bit more informative while we're here. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: Bodo Eggert <7eggert@gmx.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
d8ea6cf899
commit
f44ec6f3f8
|
@ -23,11 +23,16 @@ static inline block_t *i_data(struct inode *inode)
|
|||
static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
|
||||
{
|
||||
int n = 0;
|
||||
char b[BDEVNAME_SIZE];
|
||||
|
||||
if (block < 0) {
|
||||
printk("minix_bmap: block<0\n");
|
||||
printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
|
||||
block, bdevname(inode->i_sb->s_bdev, b));
|
||||
} else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) {
|
||||
printk("minix_bmap: block>big\n");
|
||||
if (printk_ratelimit())
|
||||
printk("MINIX-fs: block_to_path: "
|
||||
"block %ld too big on dev %s\n",
|
||||
block, bdevname(inode->i_sb->s_bdev, b));
|
||||
} else if (block < 7) {
|
||||
offsets[n++] = block;
|
||||
} else if ((block -= 7) < 512) {
|
||||
|
|
|
@ -23,12 +23,17 @@ static inline block_t *i_data(struct inode *inode)
|
|||
static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
|
||||
{
|
||||
int n = 0;
|
||||
char b[BDEVNAME_SIZE];
|
||||
struct super_block *sb = inode->i_sb;
|
||||
|
||||
if (block < 0) {
|
||||
printk("minix_bmap: block<0\n");
|
||||
printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
|
||||
block, bdevname(sb->s_bdev, b));
|
||||
} else if (block >= (minix_sb(inode->i_sb)->s_max_size/sb->s_blocksize)) {
|
||||
printk("minix_bmap: block>big\n");
|
||||
if (printk_ratelimit())
|
||||
printk("MINIX-fs: block_to_path: "
|
||||
"block %ld too big on dev %s\n",
|
||||
block, bdevname(sb->s_bdev, b));
|
||||
} else if (block < 7) {
|
||||
offsets[n++] = block;
|
||||
} else if ((block -= 7) < 256) {
|
||||
|
|
Loading…
Reference in New Issue