JFS: Don't allow reading beyond the inode map's EOF

If we try to read inodes that are beyond the size of the inode map, __read_metapages would read unitialized pages into the inode map's address space. If the inode map is later grown in order to allocate more inodes, the page is initialized and written under a different address space. Having the stale page in the page cache prevents the properly initialized page from being read, and results in errors. This problem can be provoked by an nfs client trying to read an inode that does not exist. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>

JFS: Don't allow reading beyond the inode map's EOF
If we try to read inodes that are beyond the size of the inode map, __read_metapages would read unitialized pages into the inode map's address space. If the inode map is later grown in order to allocate more inodes, the page is initialized and written under a different address space. Having the stale page in the page cache prevents the properly initialized page from being read, and results in errors. This problem can be provoked by an nfs client trying to read an inode that does not exist. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
595fbf15 · Dave Kleikamp · fff4f98f · 595fbf15
Commit 595fbf15 authored Jun 14, 2004 by Dave Kleikamp
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

fs/jfs/jfs_metapage.c fs/jfs/jfs_metapage.c +9 -1

No files found.
--- a/fs/jfs/jfs_metapage.c
+++ b/fs/jfs/jfs_metapage.c
@@ -225,8 +225,16 @@ struct metapage *__get_metapage(struct inode *inode, unsigned long lblock,

 	if (absolute)
 		mapping = inode->i_sb->s_bdev->bd_inode->i_mapping;
-	else
+	else {
+		/*
+		 * If an nfs client tries to read an inode that is larger
+		 * than any existing inodes, we may try to read past the
+		 * end of the inode map
+		 */
+		if ((lblock << inode->i_blkbits) >= inode->i_size)
+			return NULL;
 		mapping = inode->i_mapping;
+	}

 	hash_ptr = meta_hash(mapping, lblock);
 again: