summaryrefslogtreecommitdiffstats
path: root/fs/ext2
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2016-12-19 17:23:53 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2016-12-19 17:23:53 +0100
commite93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6 (patch)
tree9757e9167daff086a314b031429d9b65a39b96bc /fs/ext2
parentMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm (diff)
parentquota: Fix bogus warning in dquot_disable() (diff)
downloadlinux-e93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6.tar.xz
linux-e93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6.zip
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull quota, fsnotify and ext2 updates from Jan Kara: "Changes to locking of some quota operations from dedicated quota mutex to s_umount semaphore, a fsnotify fix and a simple ext2 fix" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: quota: Fix bogus warning in dquot_disable() fsnotify: Fix possible use-after-free in inode iteration on umount ext2: reject inodes with negative size quota: Remove dqonoff_mutex ocfs2: Use s_umount for quota recovery protection quota: Remove dqonoff_mutex from dquot_scan_active() ocfs2: Protect periodic quota syncing with s_umount semaphore quota: Use s_umount protection for quota operations quota: Hold s_umount in exclusive mode when enabling / disabling quotas fs: Provide function to get superblock with exclusive s_umount
Diffstat (limited to 'fs/ext2')
-rw-r--r--fs/ext2/inode.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
index e173afe92661..0093ea2512a8 100644
--- a/fs/ext2/inode.c
+++ b/fs/ext2/inode.c
@@ -1478,6 +1478,10 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
else
ei->i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl);
+ if (i_size_read(inode) < 0) {
+ ret = -EFSCORRUPTED;
+ goto bad_inode;
+ }
ei->i_dtime = 0;
inode->i_generation = le32_to_cpu(raw_inode->i_generation);
ei->i_state = 0;