mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2025-02-25 09:48:50 +07:00
![]() If a malicious filesystem image contains a block+ format directory wherein the directory inode's core.mode is set such that S_ISDIR(core.mode) == 0, and if there are subdirectories of the corrupted directory, an attempt to traverse up the directory tree will crash the kernel in __xfs_dir3_data_check. Running the online scrub's parent checks will tend to do this. The crash occurs because the directory inode's d_ops get set to xfs_dir[23]_nondir_ops (it's not a directory) but the parent pointer scrubber's indiscriminate call to xfs_readdir proceeds past the ASSERT if we have non fatal asserts configured. Fix the null pointer dereference crash in __xfs_dir3_data_check by looking for S_ISDIR or wrong d_ops; and teach the parent scrubber to bail out if it is fed a non-directory "parent". Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> |
||
---|---|---|
.. | ||
agheader.c | ||
alloc.c | ||
attr.c | ||
bmap.c | ||
btree.c | ||
btree.h | ||
common.c | ||
common.h | ||
dabtree.c | ||
dabtree.h | ||
dir.c | ||
ialloc.c | ||
inode.c | ||
parent.c | ||
quota.c | ||
refcount.c | ||
rmap.c | ||
rtbitmap.c | ||
scrub.c | ||
scrub.h | ||
symlink.c | ||
trace.c | ||
trace.h | ||
xfs_scrub.h |