[Quantal][SRU][PATCH 1/1] Revert "xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end"
Luis Henriques
luis.henriques at canonical.com
Wed Oct 9 12:34:58 UTC 2013
Oops, looks like I forgot to add the buglink to the Quantal patch:
BugLink: http://bugs.launchpad.net/bugs/1236041
Cheers,
--
Luis
Luis Henriques <luis.henriques at canonical.com> writes:
> This reverts commit fde35888f97d4ba46010eed7b9c321cd73f7bd99 which is
> commit eb178619f930fa2ba2348de332a1ff1c66a31424 upstream.
>
> Several people have reported issues using xfs_growfs after applying the
> CVE-2013-1819 fix backport:
>
> [ 133.574503] XFS (loop0): _xfs_buf_find: Block out of range: block 0x500001, EOFS 0x400000
> [ 133.575554] XFS (loop0): _xfs_buf_find: Block out of range: block 0x500001, EOFS 0x400000
>
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
> fs/xfs/xfs_buf.c | 18 ------------------
> 1 file changed, 18 deletions(-)
>
> diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
> index 3b8a9cd..9fade8c 100644
> --- a/fs/xfs/xfs_buf.c
> +++ b/fs/xfs/xfs_buf.c
> @@ -435,7 +435,6 @@ _xfs_buf_find(
> struct rb_node **rbp;
> struct rb_node *parent;
> xfs_buf_t *bp;
> - xfs_daddr_t eofs;
>
> numbytes = BBTOB(numblks);
>
> @@ -443,23 +442,6 @@ _xfs_buf_find(
> ASSERT(!(numbytes < (1 << btp->bt_sshift)));
> ASSERT(!(BBTOB(blkno) & (xfs_off_t)btp->bt_smask));
>
> - /*
> - * Corrupted block numbers can get through to here, unfortunately, so we
> - * have to check that the buffer falls within the filesystem bounds.
> - */
> - eofs = XFS_FSB_TO_BB(btp->bt_mount, btp->bt_mount->m_sb.sb_dblocks);
> - if (blkno >= eofs) {
> - /*
> - * XXX (dgc): we should really be returning EFSCORRUPTED here,
> - * but none of the higher level infrastructure supports
> - * returning a specific error on buffer lookup failures.
> - */
> - xfs_alert(btp->bt_mount,
> - "%s: Block out of range: block 0x%llx, EOFS 0x%llx ",
> - __func__, blkno, eofs);
> - return NULL;
> - }
> -
> /* get tree root */
> pag = xfs_perag_get(btp->bt_mount,
> xfs_daddr_to_agno(btp->bt_mount, blkno));
> --
> 1.8.3.2
More information about the kernel-team
mailing list