diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2021-09-16 18:09:37 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2021-09-16 18:09:37 +0300 |
| commit | 1ed76589b97cb8ebafe7d2c78eceea3a22247347 (patch) | |
| tree | 0b66917f0c332158e45bc444331302dc48b8e820 /fs/reiserfs | |
| parent | 42239a8d619a7b7264d77dc9262888f91349d205 (diff) | |
| parent | 3f066f394dfbaa992235d8c987ded95f7bcd981f (diff) | |
Merge remote-tracking branch 'common/android-4.4-p' into lineage-18.1-caf-msm8998
# By Thomas Gleixner (11) and others
# Via Greg Kroah-Hartman
* google/common/android-4.4-p:
Linux 4.4.283
Revert "floppy: reintroduce O_NDELAY fix"
fbmem: add margin check to fb_check_caps()
vt_kdsetmode: extend console locking
vringh: Use wiov->used to check for read/write desc order
virtio: Improve vq->broken access to avoid any compiler optimization
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
e1000e: Fix the max snoop/no-snoop latency for 10M
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
Linux 4.4.282
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
ASoC: intel: atom: Fix breakage for PCM buffer address setup
ipack: tpci200: fix many double free issues in tpci200_pci_probe
ALSA: hda - fix the 'Capture Switch' value change notifications
mmc: dw_mmc: Fix hang on data CRC error
mmc: dw_mmc: call the dw_mci_prep_stop_abort() by default
mmc: dw_mmc: Wait for data transfer after response errors.
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
net: 6pack: fix slab-out-of-bounds in decode_data
dccp: add do-while-0 stubs for dccp_pr_debug macros
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
PCI/MSI: Enforce MSI[X] entry updates to be visible
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Protect msi_desc::masked for multi-MSI
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Correct misleading comments
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Enable and mask MSI-X early
x86/tools: Fix objdump version check again
xen/events: Fix race in set_evtchn_to_irq
net: Fix memory leak in ieee802154_raw_deliver
i2c: dev: zero out array used for i2c reads from userspace
ASoC: intel: atom: Fix reference to PCM buffer address
ANDROID: xt_quota2: set usersize in xt_match registration object
ANDROID: xt_quota2: clear quota2_log message before sending
ANDROID: xt_quota2: remove trailing junk which might have a digit in it
UPSTREAM: netfilter: x_tables: fix pointer leaks to userspace
Linux 4.4.281
ovl: prevent private clone if bind mount is not allowed
net: xilinx_emaclite: Do not print real IOMEM pointer
USB:ehci:fix Kunpeng920 ehci hardware problem
pipe: increase minimum default pipe size to 2 pages
net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset
alpha: Send stop IPI to send to online CPUs
reiserfs: check directory items on read from disk
reiserfs: add check for root_inode in reiserfs_fill_super
pcmcia: i82092: fix a null pointer dereference bug
MIPS: Malta: Do not byte-swap accesses to the CBUS UART
serial: 8250: Mask out floating 16/32-bit bus bits
media: rtl28xxu: fix zero-length control request
scripts/tracing: fix the bug that can't parse raw_trace_func
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
USB: serial: ch341: fix character loss at high transfer rates
USB: serial: option: add Telit FD980 composition 0x1056
Bluetooth: defer cleanup of resources in hci_unregister_dev()
net: vxge: fix use-after-free in vxge_device_unregister
net: pegasus: fix uninit-value in get_interrupt_interval
bnx2x: fix an error code in bnx2x_nic_load()
mips: Fix non-POSIX regexp
net: natsemi: Fix missing pci_disable_device() in probe and remove
media: videobuf2-core: dequeue if start_streaming fails
scsi: sr: Return correct event when media event code is 3
ALSA: seq: Fix racy deletion of subscriber
Linux 4.4.280
rcu: Update documentation of rcu_read_unlock()
futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()
futex: Avoid freeing an active timer
futex: Handle transient "ownerless" rtmutex state correctly
rtmutex: Make wait_lock irq safe
futex: Futex_unlock_pi() determinism
futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
futex: Pull rt_mutex_futex_unlock() out from under hb->lock
futex,rt_mutex: Introduce rt_mutex_init_waiter()
futex: Cleanup refcounting
futex: Rename free_pi_state() to put_pi_state()
Linux 4.4.279
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net: Fix zero-copy head len calculation.
r8152: Fix potential PM refcount imbalance
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: mark compressed range uptodate only if all bio succeed
Conflicts:
net/bluetooth/hci_core.c
net/netfilter/xt_quota2.c
Change-Id: I66e2384c8cc40448a7bff34bb935c74e6103e924
Diffstat (limited to 'fs/reiserfs')
| -rw-r--r-- | fs/reiserfs/stree.c | 31 | ||||
| -rw-r--r-- | fs/reiserfs/super.c | 8 |
2 files changed, 34 insertions, 5 deletions
diff --git a/fs/reiserfs/stree.c b/fs/reiserfs/stree.c index 33b78ee9fb9e..13322c39e6cc 100644 --- a/fs/reiserfs/stree.c +++ b/fs/reiserfs/stree.c @@ -386,6 +386,24 @@ void pathrelse(struct treepath *search_path) search_path->path_length = ILLEGAL_PATH_ELEMENT_OFFSET; } +static int has_valid_deh_location(struct buffer_head *bh, struct item_head *ih) +{ + struct reiserfs_de_head *deh; + int i; + + deh = B_I_DEH(bh, ih); + for (i = 0; i < ih_entry_count(ih); i++) { + if (deh_location(&deh[i]) > ih_item_len(ih)) { + reiserfs_warning(NULL, "reiserfs-5094", + "directory entry location seems wrong %h", + &deh[i]); + return 0; + } + } + + return 1; +} + static int is_leaf(char *buf, int blocksize, struct buffer_head *bh) { struct block_head *blkh; @@ -453,11 +471,14 @@ static int is_leaf(char *buf, int blocksize, struct buffer_head *bh) "(second one): %h", ih); return 0; } - if (is_direntry_le_ih(ih) && (ih_item_len(ih) < (ih_entry_count(ih) * IH_SIZE))) { - reiserfs_warning(NULL, "reiserfs-5093", - "item entry count seems wrong %h", - ih); - return 0; + if (is_direntry_le_ih(ih)) { + if (ih_item_len(ih) < (ih_entry_count(ih) * IH_SIZE)) { + reiserfs_warning(NULL, "reiserfs-5093", + "item entry count seems wrong %h", + ih); + return 0; + } + return has_valid_deh_location(bh, ih); } prev_location = ih_location(ih); } diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c index 503d8c06e0d9..2ffcbe451202 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c @@ -2050,6 +2050,14 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) unlock_new_inode(root_inode); } + if (!S_ISDIR(root_inode->i_mode) || !inode_get_bytes(root_inode) || + !root_inode->i_size) { + SWARN(silent, s, "", "corrupt root inode, run fsck"); + iput(root_inode); + errval = -EUCLEAN; + goto error; + } + s->s_root = d_make_root(root_inode); if (!s->s_root) goto error; |