[Trusty][Utopic][CVE-2014-6410][PATCH 1/2] udf: Fold udf_fill_inode() into __udf_read_inode()

Luis Henriques luis.henriques at canonical.com
Mon Sep 22 16:10:29 UTC 2014


From: Jan Kara <jack at suse.cz>

There's no good reason to separate these since udf_fill_inode() is
called only from __udf_read_inode() and both do part of the same thing.

Signed-off-by: Jan Kara <jack at suse.cz>
(cherry picked from commit bb7720a0b4a8ca3269fd86fbb45a78d2e0d3deaf)
[ luis: required for a clean cherry-pick of the CVE-2014-6410 fix ]
CVE-2014-6410
BugLink: http://bugs.launchpad.net/bugs/1370042
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 fs/udf/inode.c | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 062b7925bca0..ba59939d4e5a 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -51,7 +51,6 @@ MODULE_LICENSE("GPL");
 
 static umode_t udf_convert_permissions(struct fileEntry *);
 static int udf_update_inode(struct inode *, int);
-static void udf_fill_inode(struct inode *, struct buffer_head *);
 static int udf_sync_inode(struct inode *inode);
 static int udf_alloc_i_data(struct inode *inode, size_t size);
 static sector_t inode_getblk(struct inode *, sector_t, int *, int *);
@@ -1274,8 +1273,11 @@ static void __udf_read_inode(struct inode *inode)
 {
 	struct buffer_head *bh = NULL;
 	struct fileEntry *fe;
+	struct extendedFileEntry *efe;
 	uint16_t ident;
 	struct udf_inode_info *iinfo = UDF_I(inode);
+	struct udf_sb_info *sbi = UDF_SB(inode->i_sb);
+	unsigned int link_count;
 
 	/*
 	 * Set defaults, but the inode is still incomplete!
@@ -1306,6 +1308,7 @@ static void __udf_read_inode(struct inode *inode)
 	}
 
 	fe = (struct fileEntry *)bh->b_data;
+	efe = (struct extendedFileEntry *)bh->b_data;
 
 	if (fe->icbTag.strategyType == cpu_to_le16(4096)) {
 		struct buffer_head *ibh;
@@ -1345,22 +1348,6 @@ static void __udf_read_inode(struct inode *inode)
 		make_bad_inode(inode);
 		return;
 	}
-	udf_fill_inode(inode, bh);
-
-	brelse(bh);
-}
-
-static void udf_fill_inode(struct inode *inode, struct buffer_head *bh)
-{
-	struct fileEntry *fe;
-	struct extendedFileEntry *efe;
-	struct udf_sb_info *sbi = UDF_SB(inode->i_sb);
-	struct udf_inode_info *iinfo = UDF_I(inode);
-	unsigned int link_count;
-
-	fe = (struct fileEntry *)bh->b_data;
-	efe = (struct extendedFileEntry *)bh->b_data;
-
 	if (fe->icbTag.strategyType == cpu_to_le16(4))
 		iinfo->i_strat4096 = 0;
 	else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */
@@ -1550,6 +1537,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh)
 		} else
 			make_bad_inode(inode);
 	}
+	brelse(bh);
 }
 
 static int udf_alloc_i_data(struct inode *inode, size_t size)
-- 
2.1.0




More information about the kernel-team mailing list