• Sergei Antonov's avatar
    hfsplus: fix B-tree corruption after insertion at position 0 · cb5cce5d
    Sergei Antonov authored
    commit 98cf21c6 upstream.
    
    Fix B-tree corruption when a new record is inserted at position 0 in the
    node in hfs_brec_insert().  In this case a hfs_brec_update_parent() is
    called to update the parent index node (if exists) and it is passed
    hfs_find_data with a search_key containing a newly inserted key instead
    of the key to be updated.  This results in an inconsistent index node.
    The bug reproduces on my machine after an extents overflow record for
    the catalog file (CNID=4) is inserted into the extents overflow B-tree.
    Because of a low (reserved) value of CNID=4, it has to become the first
    record in the first leaf node.
    
    The resulting first leaf node is correct:
    
      ----------------------------------------------------
      | key0.CNID=4 | key1.CNID=123 | key2.CNID=456, ... |
      ----------------------------------------------------
    
    But the parent index key0 still contains the previous key CNID=123:
    
      -----------------------
      | key0.CNID=123 | ... |
      -----------------------
    
    A change in hfs_brec_insert() makes hfs_brec_update_parent() work
    correctly by preventing it from getting fd->record=-1 value from
    __hfs_brec_find().
    
    Along the way, I removed duplicate code with unification of the if
    condition.  The resulting code is equivalent to the original code
    because node is never 0.
    
    Also hfs_brec_update_parent() will now return an error after getting a
    negative fd->record value.  However, the return value of
    hfs_brec_update_parent() is not checked anywhere in the file and I'm
    leaving it unchanged by this patch.  brec.c lacks error checking after
    some other calls too, but this issue is of less importance than the one
    being fixed by this patch.
    Signed-off-by: default avatarSergei Antonov <saproj@gmail.com>
    Cc: Joe Perches <joe@perches.com>
    Reviewed-by: default avatarVyacheslav Dubeyko <slava@dubeyko.com>
    Acked-by: default avatarHin-Tak Leung <htl10@users.sourceforge.net>
    Cc: Anton Altaparmakov <aia21@cam.ac.uk>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Christoph Hellwig <hch@infradead.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    cb5cce5d
brec.c 13.3 KB