From 7c9e69faa28027913ee059c285a5ea8382e24b5d Mon Sep 17 00:00:00 2001 From: "Aneesh Kumar K.V" Date: Tue, 16 Oct 2007 23:27:02 -0700 Subject: ext2/ext3/ext4: add block bitmap validation When a new block bitmap is read from disk in read_block_bitmap() there are a few bits that should ALWAYS be set. In particular, the blocks given by ext4_blk_bitmap, ext4_inode_bitmap and ext4_inode_table. Validate the block bitmap against these blocks. [akpm@linux-foundation.org: cleanups] Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andreas Dilger Acked-by: Mingming Cao Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ext3/balloc.c | 54 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 11 deletions(-) (limited to 'fs/ext3') diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c index d3758ee9cb5b..7a87d15523be 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c @@ -80,6 +80,14 @@ struct ext3_group_desc * ext3_get_group_desc(struct super_block * sb, return desc + offset; } +static inline int +block_in_use(ext3_fsblk_t block, struct super_block *sb, unsigned char *map) +{ + return ext3_test_bit ((block - + le32_to_cpu(EXT3_SB(sb)->s_es->s_first_data_block)) % + EXT3_BLOCKS_PER_GROUP(sb), map); +} + /** * read_block_bitmap() * @sb: super block @@ -93,20 +101,51 @@ struct ext3_group_desc * ext3_get_group_desc(struct super_block * sb, static struct buffer_head * read_block_bitmap(struct super_block *sb, unsigned int block_group) { + int i; struct ext3_group_desc * desc; struct buffer_head * bh = NULL; + ext3_fsblk_t bitmap_blk; desc = ext3_get_group_desc (sb, block_group, NULL); if (!desc) - goto error_out; - bh = sb_bread(sb, le32_to_cpu(desc->bg_block_bitmap)); + return NULL; + bitmap_blk = le32_to_cpu(desc->bg_block_bitmap); + bh = sb_bread(sb, bitmap_blk); if (!bh) - ext3_error (sb, "read_block_bitmap", + ext3_error (sb, __FUNCTION__, "Cannot read block bitmap - " "block_group = %d, block_bitmap = %u", block_group, le32_to_cpu(desc->bg_block_bitmap)); -error_out: + + /* check whether block bitmap block number is set */ + if (!block_in_use(bitmap_blk, sb, bh->b_data)) { + /* bad block bitmap */ + goto error_out; + } + /* check whether the inode bitmap block number is set */ + bitmap_blk = le32_to_cpu(desc->bg_inode_bitmap); + if (!block_in_use(bitmap_blk, sb, bh->b_data)) { + /* bad block bitmap */ + goto error_out; + } + /* check whether the inode table block number is set */ + bitmap_blk = le32_to_cpu(desc->bg_inode_table); + for (i = 0; i < EXT3_SB(sb)->s_itb_per_group; i++, bitmap_blk++) { + if (!block_in_use(bitmap_blk, sb, bh->b_data)) { + /* bad block bitmap */ + goto error_out; + } + } + return bh; + +error_out: + brelse(bh); + ext3_error(sb, __FUNCTION__, + "Invalid block bitmap - " + "block_group = %d, block = %lu", + block_group, bitmap_blk); + return NULL; } /* * The reservation window structure operations @@ -1733,13 +1772,6 @@ ext3_fsblk_t ext3_count_free_blocks(struct super_block *sb) #endif } -static inline int -block_in_use(ext3_fsblk_t block, struct super_block *sb, unsigned char *map) -{ - return ext3_test_bit ((block - - le32_to_cpu(EXT3_SB(sb)->s_es->s_first_data_block)) % - EXT3_BLOCKS_PER_GROUP(sb), map); -} static inline int test_root(int a, int b) { -- cgit v1.2.3