rpms/xfsprogs/devel xfsprogs-3.0.1-overflows.patch, NONE, 1.1 xfsprogs.spec, 1.63, 1.64
Eric Sandeen
sandeen at fedoraproject.org
Thu Jul 9 16:22:41 UTC 2009
Author: sandeen
Update of /cvs/pkgs/rpms/xfsprogs/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1656
Modified Files:
xfsprogs.spec
Added Files:
xfsprogs-3.0.1-overflows.patch
Log Message:
* Tue Jun 30 2009 Eric Sandeen <sandeen at redhat.com> 3.0.1-9
- Fix block overflows in xfs_repair and xfs_metadump
xfsprogs-3.0.1-overflows.patch:
--- NEW FILE xfsprogs-3.0.1-overflows.patch ---
From: Eric Sandeen <sandeen at sandeen.net>
Date: Thu, 2 Jul 2009 05:29:36 +0000 (-0500)
Subject: xfs_repair: fix agcount*agblocks overflows
X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=003e8e41124707f55b20b376a6359dc7f6292991
xfs_repair: fix agcount*agblocks overflows
The last test in verify_ag_bno() may overflow:
return (agbno >= (sbp->sb_dblocks -
((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
because sb_agcount & sb_agblocks are 32-bit integers; this
may then miss corrupt agbnos for the last ag, which can in
turn lead to out of bounds memory accesses later, for example
when the block nr is used to offset in set_agbno_state():
addr = ba_bmap[(agno)] + (ag_blockno)/XR_BB_NUM;
Similar problems in mk_incore_fstree
Reported-by: Jesse Stroik <jstroik at ssec.wisc.edu>
Signed-off-by: Eric Sandeen <sandeen at sandeen.net>
Reviewed-by: Felix Blyakher <felixb at sgi.com>
---
From: Eric Sandeen <sandeen at sandeen.net>
Date: Mon, 6 Jul 2009 19:53:35 +0000 (-0500)
Subject: xfs_metadump: agcount*agblocks overflow
X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=66be354ed0dfb73566f504ac7301fab7915e9475
xfs_metadump: agcount*agblocks overflow
Found another potential overflow in xfs_metadump,
similar to those just fixed in repair.
Signed-off-by: Eric Sandeen <sandeen at sandeen.net>
Reviewed-by: Christoph Hellwig <hch at infradead.org>
---
diff --git a/repair/dinode.c b/repair/dinode.c
index fdf52db..84e1d05 100644
--- a/repair/dinode.c
+++ b/repair/dinode.c
@@ -319,7 +319,8 @@ verify_ag_bno(xfs_sb_t *sbp,
return (agbno >= sbp->sb_agblocks);
if (agno == (sbp->sb_agcount - 1))
return (agbno >= (sbp->sb_dblocks -
- ((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
+ ((xfs_drfsbno_t)(sbp->sb_agcount - 1) *
+ sbp->sb_agblocks)));
return 1;
}
diff --git a/repair/phase5.c b/repair/phase5.c
index 2c243b6..26f5aa2 100644
--- a/repair/phase5.c
+++ b/repair/phase5.c
@@ -113,7 +113,8 @@ mk_incore_fstree(xfs_mount_t *mp, xfs_agnumber_t agno)
ag_end = mp->m_sb.sb_agblocks;
else
ag_end = mp->m_sb.sb_dblocks -
- mp->m_sb.sb_agblocks * (mp->m_sb.sb_agcount - 1);
+ (xfs_drfsbno_t)mp->m_sb.sb_agblocks *
+ (mp->m_sb.sb_agcount - 1);
/*
* ok, now find the number of extents, keep track of the
diff --git a/db/metadump.c b/db/metadump.c
index 19aed4f..ef6e571 100644
--- a/db/metadump.c
+++ b/db/metadump.c
@@ -222,7 +222,8 @@ valid_bno(
return 1;
if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
agbno <= (mp->m_sb.sb_dblocks -
- (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
+ (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
+ mp->m_sb.sb_agblocks))
return 1;
return 0;
Index: xfsprogs.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xfsprogs/devel/xfsprogs.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- xfsprogs.spec 30 Jun 2009 16:22:11 -0000 1.63
+++ xfsprogs.spec 9 Jul 2009 16:22:40 -0000 1.64
@@ -1,7 +1,7 @@
Summary: Utilities for managing the XFS filesystem
Name: xfsprogs
Version: 3.0.1
-Release: 8%{?dist}
+Release: 9%{?dist}
# Licensing based on generic "GNU GENERAL PUBLIC LICENSE"
# in source, with no mention of version.
# doc/COPYING file specifies what is GPL and what is LGPL
@@ -20,8 +20,9 @@ Conflicts: xfsdump < 3.0.1
# These are upstream
Patch0: xfsprogs-3.0.1-readline.patch
Patch1: xfsprogs-3.0.1-fallocate.patch
+Patch2: xfsprogs-3.0.1-overflows.patch
# This one, not yet
-Patch2: xfsprogs-3.0.1-mkfs-lazy-count-default.patch
+Patch3: xfsprogs-3.0.1-mkfs-lazy-count-default.patch
%description
A set of commands to use the XFS filesystem, including mkfs.xfs.
@@ -69,6 +70,7 @@ in building or running the xfstests QA s
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
export tagname=CC DEBUG=-DNDEBUG
@@ -195,6 +197,9 @@ rm -rf $RPM_BUILD_ROOT
%{_includedir}/xfs/xfs_types.h
%changelog
+* Tue Jun 30 2009 Eric Sandeen <sandeen at redhat.com> 3.0.1-9
+- Fix block overflows in xfs_repair and xfs_metadump
+
* Tue Jun 30 2009 Eric Sandeen <sandeen at redhat.com> 3.0.1-8
- Fix up build-requires after e2fsprogs splitup
More information about the fedora-extras-commits
mailing list