linux-hardened/fs/hfsplus
Sergei Antonov 98cf21c61a hfsplus: fix B-tree corruption after insertion at position 0
Fix B-tree corruption when a new record is inserted at position 0 in the
node in hfs_brec_insert().  In this case a hfs_brec_update_parent() is
called to update the parent index node (if exists) and it is passed
hfs_find_data with a search_key containing a newly inserted key instead
of the key to be updated.  This results in an inconsistent index node.
The bug reproduces on my machine after an extents overflow record for
the catalog file (CNID=4) is inserted into the extents overflow B-tree.
Because of a low (reserved) value of CNID=4, it has to become the first
record in the first leaf node.

The resulting first leaf node is correct:

  ----------------------------------------------------
  | key0.CNID=4 | key1.CNID=123 | key2.CNID=456, ... |
  ----------------------------------------------------

But the parent index key0 still contains the previous key CNID=123:

  -----------------------
  | key0.CNID=123 | ... |
  -----------------------

A change in hfs_brec_insert() makes hfs_brec_update_parent() work
correctly by preventing it from getting fd->record=-1 value from
__hfs_brec_find().

Along the way, I removed duplicate code with unification of the if
condition.  The resulting code is equivalent to the original code
because node is never 0.

Also hfs_brec_update_parent() will now return an error after getting a
negative fd->record value.  However, the return value of
hfs_brec_update_parent() is not checked anywhere in the file and I'm
leaving it unchanged by this patch.  brec.c lacks error checking after
some other calls too, but this issue is of less importance than the one
being fixed by this patch.

Signed-off-by: Sergei Antonov <saproj@gmail.com>
Cc: Joe Perches <joe@perches.com>
Reviewed-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Acked-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Anton Altaparmakov <aia21@cam.ac.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-03-25 16:20:31 -07:00
..
acl.h hfsplus: use generic posix ACL infrastructure 2014-01-25 23:58:20 -05:00
attributes.c hfsplus: remove unused routine hfsplus_attr_build_key_uni 2014-06-06 16:08:09 -07:00
bfind.c hfs/hfsplus: convert printks to pr_<level> 2013-04-30 17:04:05 -07:00
bitmap.c hfsplus: remove duplicated message prefix in hfsplus_block_free() 2013-04-30 17:04:05 -07:00
bnode.c hfsplus: fix "unused node is not erased" error 2014-06-06 16:08:10 -07:00
brec.c hfsplus: fix B-tree corruption after insertion at position 0 2015-03-25 16:20:31 -07:00
btree.c hfsplus: fix "unused node is not erased" error 2014-06-06 16:08:10 -07:00
catalog.c hfsplus: fix longname handling 2014-12-18 19:08:10 -08:00
dir.c VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) 2015-02-22 11:38:41 -05:00
extents.c fs/hfsplus: fix pr_foo() and hfs_dbg formats 2014-06-06 16:08:10 -07:00
hfsplus_fs.h hfsplus: fix longname handling 2014-12-18 19:08:10 -08:00
hfsplus_raw.h hfsplus: fix "unused node is not erased" error 2014-06-06 16:08:10 -07:00
inode.c write_iter variants of {__,}generic_file_aio_write() 2014-05-06 17:38:00 -04:00
ioctl.c hfsplus: add support of manipulation by attributes file 2013-02-27 19:10:10 -08:00
Kconfig hfsplus: add necessary declarations for POSIX ACLs support 2013-09-11 15:59:00 -07:00
Makefile hfsplus: integrate POSIX ACLs support into driver 2013-09-11 15:59:01 -07:00
options.c fs/hfsplus/options.c: replace seq_printf by seq_puts 2014-06-06 16:08:10 -07:00
part_tbl.c hfsplus: ensure bio requests are not smaller than the hardware sectors 2011-07-22 16:37:44 +02:00
posix_acl.c hfsplus: use generic posix ACL infrastructure 2014-01-25 23:58:20 -05:00
super.c hfsplus: fix longname handling 2014-12-18 19:08:10 -08:00
tables.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
unicode.c Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
wrapper.c fs/hfsplus/wrapper.c: replace shift loop by ilog2 2014-06-06 16:08:10 -07:00
xattr.c hfsplus: fix compiler warning on PowerPC 2014-06-06 16:08:10 -07:00
xattr.h hfsplus: use xattr handlers for removexattr 2014-01-31 14:44:39 -05:00
xattr_security.c hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes 2014-06-06 16:08:09 -07:00
xattr_trusted.c hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes 2014-06-06 16:08:09 -07:00
xattr_user.c hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes 2014-06-06 16:08:09 -07:00