From: Eric Sandeen <sandeen@redhat.com>
Date: Mon, 16 Aug 2010 18:40:25 -0400
Subject: [fs] ext4: consolidate in_range definitions
Message-id: <4C698619.8090704@redhat.com>
Patchwork-id: 27645
O-Subject: [PATCH RHEL5.6] ext4: consolidate in_range() definitions
Bugzilla: 624332
CVE: CVE-2010-3015
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>
This is for bug #624332 -
kernel: integer overflow in ext4_ext_get_blocks() [rhel-5.6]
Straightforward backport of the below commit, tested
on rhel6 with the testcase attached to bug #621829
An overflow when writing the last block in a 16T
file can cause range tests to fail, leading to
a condition triggering a BUG_ON().
The in_range() usage fixes the overflow, and (inadvertently)
fixes the BUG() that was seen.
Thanks,
-Eric
From: Akinobu Mita <akinobu.mita@gmail.com>
Date: Thu, 4 Mar 2010 04:55:01 +0000 (-0500)
Subject: ext4: consolidate in_range() definitions
X-Git-Tag: v2.6.34-rc1~199^2~4
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=731eb1a03a8445cde2cb23ecfb3580c6fa7bb690
ext4: consolidate in_range() definitions
There are duplicate macro definitions of in_range() in mballoc.h and
balloc.c. This consolidates these two definitions into ext4.h, and
changes extents.c to use in_range() as well.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Andreas Dilger <adilger@sun.com>
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index 1146a5e..553a370 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -189,9 +189,6 @@ unsigned ext4_init_block_bitmap(struct super_block *sb, struct buffer_head *bh,
* when a file system is mounted (see ext4_fill_super).
*/
-
-#define in_range(b, first, len) ((b) >= (first) && (b) <= (first) + (len) - 1)
-
/**
* ext4_get_group_desc() -- load group descriptor from disk
* @sb: super block
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 55f07bb..b5bc347 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1760,6 +1760,8 @@ static inline void set_bitmap_uptodate(struct buffer_head *bh)
set_bit(BH_BITMAP_UPTODATE, &(bh)->b_state);
}
+#define in_range(b, first, len) ((b) >= (first) && (b) <= (first) + (len) - 1)
+
#endif /* __KERNEL__ */
#endif /* _EXT4_H */
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index a1728b4..13622da 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -1934,7 +1934,7 @@ ext4_ext_in_cache(struct inode *inode, ext4_lblk_t block,
BUG_ON(cex->ec_type != EXT4_EXT_CACHE_GAP &&
cex->ec_type != EXT4_EXT_CACHE_EXTENT);
- if (block >= cex->ec_block && block < cex->ec_block + cex->ec_len) {
+ if (in_range(block, cex->ec_block, cex->ec_len)) {
ex->ee_block = cpu_to_le32(cex->ec_block);
ext4_ext_store_pblock(ex, cex->ec_start);
ex->ee_len = cpu_to_le16(cex->ec_len);
@@ -3207,7 +3207,7 @@ int ext4_ext_get_blocks(handle_t *handle, struct inode *inode,
*/
ee_len = ext4_ext_get_actual_len(ex);
/* if found extent covers block, simply return it */
- if (iblock >= ee_block && iblock < ee_block + ee_len) {
+ if (in_range(iblock, ee_block, ee_len)) {
newblock = iblock - ee_block + ee_start;
/* number of remaining blocks in the extent */
allocated = ee_len - (iblock - ee_block);
diff --git a/fs/ext4/mballoc.h b/fs/ext4/mballoc.h
index 156564a..8d6833e 100644
--- a/fs/ext4/mballoc.h
+++ b/fs/ext4/mballoc.h
@@ -255,8 +255,6 @@ static inline void ext4_mb_store_history(struct ext4_allocation_context *ac)
}
#endif
-#define in_range(b, first, len) ((b) >= (first) && (b) <= (first) + (len) - 1)
-
static inline ext4_fsblk_t ext4_grp_offs_to_block(struct super_block *sb,
struct ext4_free_extent *fex)
{
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
1013
