korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 01:04:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
be2f6bd62d
linux/fs/ubifs
History
Adrian Hunter be2f6bd62d UBIFS: check buffer length when scanning for LPT nodes 
'is_a_node()' function was reading from a buffer before
checking the buffer length, resulting in an OOPS as
follows:

BUG: unable to handle kernel paging request at f8f74002
IP: [<f8f9783f>] :ubifs:ubifs_unpack_bits+0xca/0x233
*pde = 19e95067 *pte = 00000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: ubifs ubi mtdchar bio2mtd mtd brd video output
[last unloaded: mtd]

Pid: 6414, comm: integck Not tainted (2.6.27-rc6ubifs34 #23)
EIP: 0060:[<f8f9783f>] EFLAGS: 00010246 CPU: 0
EIP is at ubifs_unpack_bits+0xca/0x233 [ubifs]
EAX: 00000000 EBX: f6090630 ECX: d9badcfc EDX: 00000000
ESI: 00000004 EDI: f8f74002 EBP: d9badcec ESP: d9badcc0
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process integck (pid: 6414, ti=d9bac000 task=f727dae0 task.ti=d9bac000)
Stack: 00000006 f7306240 00000002 00000000 d9badcfc d9badd00 0000001c 00000000
       f6090630 f6090630 f8f74000 d9badd10 f8fa1cc9 00000000 f8f74002 00000000
       f8f74002 f60fe128 f6090630 f8f74000 d9badd68 f8fa1e46 00000000 0001e000
Call Trace:
 [<f8fa1cc9>] ? is_a_node+0x30/0x90 [ubifs]
 [<f8fa1e46>] ? dbg_check_ltab+0x11d/0x5bd [ubifs]
 [<f8fa388f>] ? ubifs_lpt_start_commit+0x42/0xed3 [ubifs]
 [<c038e76a>] ? mutex_unlock+0x8/0xa
 [<f8f9625d>] ? ubifs_tnc_start_commit+0x1c8/0xedb [ubifs]
 [<f8f8d90b>] ? do_commit+0x187/0x523 [ubifs]
 [<c038e76a>] ? mutex_unlock+0x8/0xa
 [<f8f7ca17>] ? bud_wbuf_callback+0x22/0x28 [ubifs]
 [<f8f8dd1d>] ? ubifs_run_commit+0x76/0xc0 [ubifs]
 [<f8f8032c>] ? ubifs_sync_fs+0xd2/0xe6 [ubifs]
 [<c01a2e97>] ? vfs_quota_sync+0x0/0x17e
 [<c01a5ba6>] ? quota_sync_sb+0x26/0xbb
 [<c01a2e97>] ? vfs_quota_sync+0x0/0x17e
 [<c01a5c5d>] ? sync_dquots+0x22/0x12c
 [<c0173d1b>] ? __fsync_super+0x19/0x68
 [<c0173d75>] ? fsync_super+0xb/0x19
 [<c0174065>] ? generic_shutdown_super+0x22/0xe7
 [<c01a31fc>] ? vfs_quota_off+0x0/0x5fd
 [<f8f7cf4d>] ? ubifs_kill_sb+0x31/0x35 [ubifs]
 [<c01741f9>] ? deactivate_super+0x5e/0x71
 [<c0187610>] ? mntput_no_expire+0x82/0xe4
 [<c0187905>] ? sys_umount+0x4c/0x2f6
 [<c0187bc8>] ? sys_oldumount+0x19/0x1b
 [<c0103b71>] ? sysenter_do_call+0x12/0x25
 =======================
Code: c1 f8 03 8d 04 07 8b 4d e8 89 01 8b 45 e4 89 10 89 d8 89 f1 d3 e8 85 c0
      74 07 29 d6 83 fe 20 75 2a 89 d8 83 c4 20 5b 5e 5f 5d
EIP: [<f8f9783f>] ubifs_unpack_bits+0xca/0x233 [ubifs] SS:ESP 0068:d9badcc0
---[ end trace 1f02572436518c13 ]---

Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
2008-09-30 11:12:59 +03:00
..
budget.c UBIFS: add a print, fix comments and more minor stuff 2008-09-30 11:12:55 +03:00
commit.c UBIFS: increment commit number earlier 2008-08-13 11:27:47 +03:00
compress.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
debug.c UBIFS: add more debugging messages for LPT 2008-09-30 11:12:59 +03:00
debug.h UBIFS: add more debugging messages for LPT 2008-09-30 11:12:59 +03:00
dir.c UBIFS: fix printk format warnings 2008-09-18 09:57:57 +03:00
file.c UBIFS: fix bulk-read handling uptodate pages 2008-09-30 11:12:59 +03:00
find.c UBIFS: remove unneeded unlikely() 2008-09-30 11:12:55 +03:00
gc.c UBIFS: improve garbage collection 2008-09-30 11:12:59 +03:00
io.c UBIFS: check data CRC when in error state 2008-09-30 11:12:57 +03:00
ioctl.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
journal.c UBIFS: xattr bugfixes 2008-08-14 12:46:20 +03:00
Kconfig UBIFS: include to compilation 2008-07-15 17:35:24 +03:00
key.h UBIFS: add bulk-read facility 2008-09-30 11:12:56 +03:00
log.c UBIFS: increment commit number earlier 2008-08-13 11:27:47 +03:00
lprops.c UBIFS: inline one-line functions 2008-09-30 11:12:56 +03:00
lpt_commit.c UBIFS: check buffer length when scanning for LPT nodes 2008-09-30 11:12:59 +03:00
lpt.c UBIFS: add more debugging messages for LPT 2008-09-30 11:12:59 +03:00
Makefile UBIFS: include to compilation 2008-07-15 17:35:24 +03:00
master.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
misc.h UBIFS: inline one-line functions 2008-09-30 11:12:56 +03:00
orphan.c UBIFS: increment commit number earlier 2008-08-13 11:27:47 +03:00
recovery.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
replay.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
sb.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
scan.c UBIFS: add no_chk_data_crc mount option 2008-09-30 11:12:56 +03:00
shrinker.c UBIFS: add new flash file system 2008-07-15 17:35:15 +03:00
super.c UBIFS: allow for sync_fs when read-only 2008-09-30 11:12:58 +03:00
tnc_commit.c UBIFS: minor tweaks in commit 2008-08-13 11:38:19 +03:00
tnc_misc.c UBIFS: correct key comparison 2008-09-30 11:12:57 +03:00
tnc.c UBIFS: correct condition to eliminate unecessary assignment 2008-09-30 11:12:59 +03:00
ubifs-media.h UBIFS: ensure data read beyond i_size is zeroed out correctly 2008-09-30 11:12:57 +03:00
ubifs.h UBIFS: add more debugging messages for LPT 2008-09-30 11:12:59 +03:00
xattr.c UBIFS: remove unneeded unlikely() 2008-09-30 11:12:55 +03:00