Ryusuke Konishi c043edcc42 nilfs2: fix sanity check of btree level in nilfs_btree_root_broken() ... commit d8fd150fe3935e1692bf57c66691e17409ebb9c1 upstream. The range check for b-tree level parameter in nilfs_btree_root_broken() is wrong; it accepts the case of "level == NILFS_BTREE_LEVEL_MAX" even though the level is limited to values in the range of 0 to (NILFS_BTREE_LEVEL_MAX - 1). Since the level parameter is read from storage device and used to index nilfs_btree_path array whose element count is NILFS_BTREE_LEVEL_MAX, it can cause memory overrun during btree operations if the boundary value is set to the level parameter on device. This fixes the broken sanity check and adds a comment to clarify that the upper bound NILFS_BTREE_LEVEL_MAX is exclusive. Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2015-05-17 09:51:32 -07:00
..
alloc.c
alloc.h
bmap.c
bmap.h
btnode.c
btnode.h
btree.c	nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()	2015-05-17 09:51:32 -07:00
btree.h
cpfile.c
cpfile.h
dat.c
dat.h
dir.c
direct.c
direct.h
export.h
file.c
gcinode.c
ifile.c
ifile.h
inode.c	nilfs2: fix the nilfs_iget() vs. nilfs_new_inode() races	2015-01-16 06:59:02 -08:00
ioctl.c
Kconfig
Makefile
mdt.c
mdt.h
namei.c	nilfs2: fix the nilfs_iget() vs. nilfs_new_inode() races	2015-01-16 06:59:02 -08:00
nilfs.h	nilfs2: fix deadlock of segment constructor over I_SYNC flag	2015-02-11 14:48:16 +08:00
page.c
page.h
recovery.c
segbuf.c
segbuf.h
segment.c	nilfs2: fix deadlock of segment constructor during recovery	2015-03-26 15:00:59 +01:00
segment.h	nilfs2: fix deadlock of segment constructor over I_SYNC flag	2015-02-11 14:48:16 +08:00
sufile.c
sufile.h
super.c
the_nilfs.c
the_nilfs.h