linux-hardened/fs
Joel Becker b657c95c11 ocfs2: Wrap inode block reads in a dedicated function.
The ocfs2 code currently reads inodes off disk with a simple
ocfs2_read_block() call.  Each place that does this has a different set
of sanity checks it performs.  Some check only the signature.  A couple
validate the block number (the block read vs di->i_blkno).  A couple
others check for VALID_FL.  Only one place validates i_fs_generation.  A
couple check nothing.  Even when an error is found, they don't all do
the same thing.

We wrap inode reading into ocfs2_read_inode_block().  This will validate
all the above fields, going readonly if they are invalid (they never
should be).  ocfs2_read_inode_block_full() is provided for the places
that want to pass read_block flags.  Every caller is passing a struct
inode with a valid ip_blkno, so we don't need a separate blkno argument
either.

We will remove the validation checks from the rest of the code in a
later commit, as they are no longer necessary.

Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
2009-01-05 08:36:52 -08:00
..
9p Merge branch 'next' into for-linus 2008-12-25 11:40:09 +11:00
adfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
affs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
afs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
autofs CRED: Wrap task credential accesses in the autofs filesystem 2008-11-14 10:38:45 +11:00
autofs4 Merge branch 'master' into next 2008-11-14 11:29:12 +11:00
befs befs: ensure fast symlinks are NUL-terminated 2008-12-31 18:07:40 -05:00
bfs CRED: Wrap task credential accesses in the BFS filesystem 2008-11-14 10:38:47 +11:00
cifs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
coda coda: fix creds reference 2008-11-20 08:11:52 +11:00
configfs [PATCH] assorted path_lookup() -> kern_path() conversions 2008-10-23 05:12:52 -04:00
cramfs cramfs: fix named-pipe handling 2008-08-20 15:40:32 -07:00
debugfs integrity: special fs magic 2008-10-13 09:47:43 +11:00
devpts CRED: Wrap task credential accesses in the devpts filesystem 2009-01-02 10:19:38 -08:00
dlm fix warning in fs/dlm/netlink.c 2008-11-25 16:51:45 -08:00
ecryptfs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
efs [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
exportfs Merge branch 'next' into for-linus 2008-12-25 11:40:09 +11:00
ext2 nfsd race fixes: ext2 2008-12-31 18:07:43 -05:00
ext3 fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
ext4 fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
fat Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6 2008-12-30 20:33:34 -08:00
freevxfs freevxfs: ensure fast symlinks are NUL-terminated 2008-12-31 18:07:40 -05:00
fuse fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
gfs2 fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
hfs CRED: Wrap task credential accesses in the HFS filesystem 2008-11-14 10:38:54 +11:00
hfsplus CRED: Wrap task credential accesses in the HFSplus filesystem 2008-11-14 10:38:54 +11:00
hostfs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
hpfs CRED: Wrap task credential accesses in the HPFS filesystem 2008-11-14 10:38:55 +11:00
hppfs CRED: Use creds in file structs 2008-11-14 10:39:25 +11:00
hugetlbfs CRED: Wrap current->cred and a few other accessors 2008-11-14 10:39:18 +11:00
isofs [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
jbd jbd: don't give up looking for space so easily in __log_wait_for_space 2008-11-06 22:37:59 -05:00
jbd2 jbd2: don't give up looking for space so easily in __jbd2_log_wait_for_space 2008-11-06 22:38:07 -05:00
jffs2 fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
jfs nfsd race fixes: jfs 2008-12-31 18:07:44 -05:00
lockd Merge branch 'devel' into next 2008-12-30 16:51:43 -05:00
minix CRED: Wrap task credential accesses in the Minix filesystem 2008-11-14 10:38:57 +11:00
ncpfs CRED: Wrap task credential accesses in the NCPFS filesystem 2008-11-14 10:38:58 +11:00
nfs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
nfs_common SUNRPC: nfsacl_encode/nfsacl_decode should be exported as GPL-only 2008-12-23 15:21:32 -05:00
nfsd Merge branch 'devel' into next 2008-12-30 16:51:43 -05:00
nls remove CONFIG_KMOD from fs 2008-10-17 02:38:36 +11:00
notify filesystem notification: create fs/notify to contain all fs notification 2008-12-31 18:07:43 -05:00
ntfs ntfs: don't fool kernel-doc 2008-12-01 19:55:25 -08:00
ocfs2 ocfs2: Wrap inode block reads in a dedicated function. 2009-01-05 08:36:52 -08:00
omfs CRED: Wrap task credential accesses in the OMFS filesystem 2008-11-14 10:38:59 +11:00
openpromfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
partitions block/md: fix md autodetection 2008-11-18 15:08:56 +01:00
proc Merge branch 'irq-fixes-for-linus-4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-12-31 09:00:59 -08:00
qnx4 SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ramfs CRED: Wrap task credential accesses in the RAMFS filesystem 2008-11-14 10:39:00 +11:00
reiserfs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
romfs romfs_readpage: don't report errors for pages beyond i_size 2008-07-30 14:30:34 -07:00
smbfs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
sysfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
sysv sysv: ensure fast symlinks are NUL-terminated 2008-12-31 18:07:39 -05:00
ubifs fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
udf Merge branch 'master' into next 2008-12-04 17:16:36 +11:00
ufs CRED: Wrap task credential accesses in the UFS filesystem 2008-11-14 10:39:04 +11:00
xfs [XFS] Fix merge failures 2008-12-29 16:47:18 +11:00
aio.c aio: make the lookup_ioctx() lockless 2008-12-29 08:29:50 +01:00
anon_inodes.c anon_inodes: use fops->owner for module refcount 2008-12-31 16:55:44 +02:00
attr.c CRED: Wrap task credential accesses in the filesystem subsystem 2008-11-14 10:39:05 +11:00
bad_inode.c kill ->dir_notify() 2008-12-31 18:07:43 -05:00
binfmt_aout.c sanitize ifdefs in binfmt_aout 2009-01-03 11:45:54 -08:00
binfmt_elf.c Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6 2008-12-28 12:33:21 -08:00
binfmt_elf_fdpic.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
binfmt_em86.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_flat.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
binfmt_misc.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_script.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_som.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
bio-integrity.c bio: allow individual slabs in the bio_set 2008-12-29 08:29:23 +01:00
bio.c bio: get rid of bio_vec clearing 2008-12-29 08:29:53 +01:00
block_dev.c fs/block_dev.c: __read_mostly improvement and sb_is_blkdev_sb utilization 2008-12-31 18:07:43 -05:00
buffer.c fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
char_dev.c [PATCH] tidy up chrdev_open 2008-10-23 05:12:59 -04:00
compat.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
compat_binfmt_elf.c
compat_ioctl.c remove unused #include <linux/dirent.h>'s 2008-07-25 10:53:34 -07:00
dcache.c filp_cachep can be static in fs/file_table.c 2008-12-31 18:07:42 -05:00
dcookies.c shrink struct dentry 2008-12-31 18:07:38 -05:00
direct-io.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
dquot.c CRED: Wrap task credential accesses in the filesystem subsystem 2008-11-14 10:39:05 +11:00
drop_caches.c
eventfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
eventpoll.c epoll: introduce resource usage limits 2008-12-01 19:55:24 -08:00
exec.c get rid of special-casing the /sbin/loader on alpha 2009-01-03 11:45:54 -08:00
fcntl.c Merge branch 'next' into for-linus 2008-12-25 11:40:09 +11:00
fifo.c [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
file.c [PATCH] merge locate_fd() and get_unused_fd() 2008-08-01 11:25:23 -04:00
file_table.c filp_cachep can be static in fs/file_table.c 2008-12-31 18:07:42 -05:00
filesystems.c proc: move /proc/filesystems to fs/filesystems.c 2008-10-23 14:27:09 +04:00
fs-writeback.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
generic_acl.c
inode.c nfsd/create race fixes, infrastructure 2008-12-31 18:07:43 -05:00
internal.h CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
ioctl.c Fix a race condition in FASYNC handling 2008-12-05 15:35:10 -08:00
ioprio.c CRED: Use RCU to access another task's creds and to release a task's own creds 2008-11-14 10:39:19 +11:00
Kconfig ocfs2: add mount option and Kconfig option for acl 2009-01-05 08:36:52 -08:00
Kconfig.binfmt add CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS 2008-10-20 08:52:39 -07:00
libfs.c fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
locks.c CRED: Wrap task credential accesses in the filesystem subsystem 2008-11-14 10:39:05 +11:00
Makefile filesystem notification: create fs/notify to contain all fs notification 2008-12-31 18:07:43 -05:00
mbcache.c
mpage.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
namei.c fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
namespace.c fs/namespace.c: drop code after return 2008-12-31 18:07:38 -05:00
nfsctl.c pass a struct path * to may_open 2008-12-31 18:07:41 -05:00
no-block.c
open.c introduce new LSM hooks where vfsmount is available. 2008-12-31 18:07:37 -05:00
pipe.c sanitize audit_fd_pair() 2009-01-04 15:14:41 -05:00
pnode.c
pnode.h
posix_acl.c CRED: Wrap task credential accesses in the filesystem subsystem 2008-11-14 10:39:05 +11:00
quota.c CRED: Wrap task credential accesses in the filesystem subsystem 2008-11-14 10:39:05 +11:00
quota_v1.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
quota_v2.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
read_write.c [PATCH] generic_file_llseek tidyups 2008-10-23 05:12:59 -04:00
read_write.h
readdir.c [PATCH] prepare vfs_readdir() callers to returning filldir result 2008-10-23 05:13:10 -04:00
select.c select: deal with math overflow from borderline valid userland data 2008-10-26 11:22:08 -07:00
seq_file.c Merge branch 'cpus4096-for-linus-3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-01-03 12:04:39 -08:00
signalfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
splice.c fs: remove prepare_write/commit_write 2008-10-30 11:38:45 -07:00
stack.c
stat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
super.c security: pass mount flags to security_sb_kern_mount() 2008-12-20 09:02:39 +11:00
sync.c SYNC_FILE_RANGE_WRITE may and will block. Document that. 2008-07-24 10:47:17 -07:00
timerfd.c hrtimer: convert timerfd to the new hrtimer apis 2008-09-05 21:35:09 -07:00
utimes.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr_acl.c