Ryusuke Konishi d8fd150fe3 nilfs2: fix sanity check of btree level in nilfs_btree_root_broken() ... The range check for b-tree level parameter in nilfs_btree_root_broken() is wrong; it accepts the case of "level == NILFS_BTREE_LEVEL_MAX" even though the level is limited to values in the range of 0 to (NILFS_BTREE_LEVEL_MAX - 1). Since the level parameter is read from storage device and used to index nilfs_btree_path array whose element count is NILFS_BTREE_LEVEL_MAX, it can cause memory overrun during btree operations if the boundary value is set to the level parameter on device. This fixes the broken sanity check and adds a comment to clarify that the upper bound NILFS_BTREE_LEVEL_MAX is exclusive. Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2015-05-05 17:10:11 -07:00
..
alloc.c	nilfs2: unify type of key arguments in bmap interface	2015-04-17 09:04:03 -04:00
alloc.h	nilfs2: implement calculation of free inodes count	2013-07-03 16:08:01 -07:00
bmap.c	nilfs2: add bmap function to seek a valid key	2015-04-17 09:04:03 -04:00
bmap.h	nilfs2: add bmap function to seek a valid key	2015-04-17 09:04:03 -04:00
btnode.c
btnode.h
btree.c	nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()	2015-05-05 17:10:11 -07:00
btree.h
cpfile.c	nilfs2: improve execution time of NILFS_IOCTL_GET_CPINFO ioctl	2015-04-17 09:04:04 -04:00
cpfile.h
dat.c	nilfs2: verify metadata sizes read from disk	2014-04-03 16:21:26 -07:00
dat.h
dir.c	VFS: normal filesystems (and lustre): d_inode() annotations	2015-04-15 15:06:57 -04:00
direct.c	nilfs2: add bmap function to seek a valid key	2015-04-17 09:04:03 -04:00
direct.h
export.h
file.c	make new_sync_{read,write}() static	2015-04-11 22:29:40 -04:00
gcinode.c	fs: remove mapping->backing_dev_info	2015-01-20 14:03:05 -07:00
ifile.c	] nilfs2: use atomic64_t type for inodes_count and blocks_count fields in nilfs_root struct	2013-07-03 16:08:01 -07:00
ifile.h	nilfs2: implement calculation of free inodes count	2013-07-03 16:08:01 -07:00
inode.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2015-04-26 17:22:07 -07:00
ioctl.c	nilfs2: add missing blkdev_issue_flush() to nilfs_sync_fs()	2014-10-14 02:18:20 +02:00
Kconfig	fs/nilfs2: remove depends on CONFIG_EXPERIMENTAL	2013-01-11 11:39:04 -08:00
Makefile	nilfs2: integrate sysfs support into driver	2014-08-08 15:57:21 -07:00
mdt.c	nilfs2: add helper to find existent block on metadata file	2015-04-17 09:04:04 -04:00
mdt.h	nilfs2: add helper to find existent block on metadata file	2015-04-17 09:04:04 -04:00
namei.c	VFS: normal filesystems (and lustre): d_inode() annotations	2015-04-15 15:06:57 -04:00
nilfs.h	nilfs2: fix deadlock of segment constructor over I_SYNC flag	2015-02-05 13:35:29 -08:00
page.c	nilfs2: use set_mask_bits() for operations on buffer state bitmap	2015-04-17 09:04:03 -04:00
page.h	fs: remove mapping->backing_dev_info	2015-01-20 14:03:05 -07:00
recovery.c	nilfs2: drop vmtruncate	2012-12-20 18:40:54 -05:00
segbuf.c	block: Abstract out bvec iterator	2013-11-23 22:33:47 -08:00
segbuf.h
segment.c	nilfs2: use set_mask_bits() for operations on buffer state bitmap	2015-04-17 09:04:03 -04:00
segment.h	nilfs2: fix deadlock of segment constructor over I_SYNC flag	2015-02-05 13:35:29 -08:00
sufile.c	nilfs2: verify metadata sizes read from disk	2014-04-03 16:21:26 -07:00
sufile.h	nilfs2: add nilfs_sufile_trim_fs to trim clean segs	2014-04-03 16:21:25 -07:00
super.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2015-04-26 17:22:07 -07:00
sysfs.c	nilfs2: integrate sysfs support into driver	2014-08-08 15:57:21 -07:00
sysfs.h	nilfs2: add /sys/fs/nilfs2/<device>/mounted_snapshots/<snapshot> group	2014-08-08 15:57:21 -07:00
the_nilfs.c	nilfs2: deletion of an unnecessary check before the function call "iput"	2014-12-10 17:41:16 -08:00
the_nilfs.h	nilfs2: add missing blkdev_issue_flush() to nilfs_sync_fs()	2014-10-14 02:18:20 +02:00