diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-16 21:24:34 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-16 21:24:34 -0800 |
| commit | ad26fc09dabfa6a33ad5baee80479f518370b316 (patch) | |
| tree | 15785e72ad1dd2ae32338696ba805f1c88bd2a93 /fs | |
| parent | 9ca27296662e3eef9cf6c58bcf22a0490d217738 (diff) | |
| parent | b0fce54b8c0d8e5f2b4c243c803c5996e73baee8 (diff) | |
| download | linux-ad26fc09dabfa6a33ad5baee80479f518370b316.tar.gz linux-ad26fc09dabfa6a33ad5baee80479f518370b316.tar.bz2 linux-ad26fc09dabfa6a33ad5baee80479f518370b316.zip | |
Merge tag 'mm-hotfixes-stable-2025-01-16-21-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"7 singleton hotfixes. 6 are MM.
Two are cc:stable and the remainder address post-6.12 issues"
* tag 'mm-hotfixes-stable-2025-01-16-21-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
ocfs2: check dir i_size in ocfs2_find_entry
mailmap: update entry for Ethan Carter Edwards
mm: zswap: move allocations during CPU init outside the lock
mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
mm: shmem: use signed int for version handling in casefold option
alloc_tag: skip pgalloc_tag_swap if profiling is disabled
mm: page_alloc: fix missed updates of lowmem_reserve in adjust_managed_page_count
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ocfs2/dir.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c index 213206ebdd58..7799f4d16ce9 100644 --- a/fs/ocfs2/dir.c +++ b/fs/ocfs2/dir.c @@ -1065,26 +1065,39 @@ int ocfs2_find_entry(const char *name, int namelen, { struct buffer_head *bh; struct ocfs2_dir_entry *res_dir = NULL; + int ret = 0; if (ocfs2_dir_indexed(dir)) return ocfs2_find_entry_dx(name, namelen, dir, lookup); + if (unlikely(i_size_read(dir) <= 0)) { + ret = -EFSCORRUPTED; + mlog_errno(ret); + goto out; + } /* * The unindexed dir code only uses part of the lookup * structure, so there's no reason to push it down further * than this. */ - if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL) + if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL) { + if (unlikely(i_size_read(dir) > dir->i_sb->s_blocksize)) { + ret = -EFSCORRUPTED; + mlog_errno(ret); + goto out; + } bh = ocfs2_find_entry_id(name, namelen, dir, &res_dir); - else + } else { bh = ocfs2_find_entry_el(name, namelen, dir, &res_dir); + } if (bh == NULL) return -ENOENT; lookup->dl_leaf_bh = bh; lookup->dl_entry = res_dir; - return 0; +out: + return ret; } /* @@ -2010,6 +2023,7 @@ int ocfs2_lookup_ino_from_name(struct inode *dir, const char *name, * * Return 0 if the name does not exist * Return -EEXIST if the directory contains the name + * Return -EFSCORRUPTED if found corruption * * Callers should have i_rwsem + a cluster lock on dir */ @@ -2023,9 +2037,12 @@ int ocfs2_check_dir_for_entry(struct inode *dir, trace_ocfs2_check_dir_for_entry( (unsigned long long)OCFS2_I(dir)->ip_blkno, namelen, name); - if (ocfs2_find_entry(name, namelen, dir, &lookup) == 0) { + ret = ocfs2_find_entry(name, namelen, dir, &lookup); + if (ret == 0) { ret = -EEXIST; mlog_errno(ret); + } else if (ret == -ENOENT) { + ret = 0; } ocfs2_free_dir_lookup_result(&lookup); |