| blob | 8f750677a401db1ebb9ea504c170bd9087d7aa92 |
1 ext4: Avoid printk floods in the face of directory corruption
3 Note: some people thinks this represents a security bug, since it
4 might make the system go away while it is printing a large number of
5 console messages, especially if a serial console is involved. Hence,
6 it has been assigned CVE-2008-3528, but it requires that the attacker
7 either has physical access to your machine to insert a USB disk with a
8 corrupted filesystem image (at which point why not just hit the power
9 button), or is otherwise able to convince the system administrator to
10 mount an arbitrary filesystem image (at which point why not just
11 include a setuid shell or world-writable hard disk device file or some
12 such). Me, I think they're just being silly.
14 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
15 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
16 Cc: linux-ext4@vger.kernel.org
17 Cc: Eugene Teo <eugeneteo@kernel.sg>
18 diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
19 index d40da31..3ca6a2b 100644
20 --- a/fs/ext4/dir.c
21 +++ b/fs/ext4/dir.c
22 @@ -102,6 +102,7 @@ static int ext4_readdir(struct file *filp,
23 int err;
24 struct inode *inode = filp->f_path.dentry->d_inode;
25 int ret = 0;
26 + int dir_has_error = 0;
28 sb = inode->i_sb;
30 @@ -148,9 +149,13 @@ static int ext4_readdir(struct file *filp,
31 * of recovering data when there's a bad sector
32 */
33 if (!bh) {
34 - ext4_error(sb, "ext4_readdir",
35 - "directory #%lu contains a hole at offset %lu",
36 - inode->i_ino, (unsigned long)filp->f_pos);
37 + if (!dir_has_error) {
38 + ext4_error(sb, __func__, "directory #%lu "
39 + "contains a hole at offset %Lu",
40 + inode->i_ino,
41 + (unsigned long long) filp->f_pos);
42 + dir_has_error = 1;
43 + }
44 /* corrupt size? Maybe no more blocks to read */
45 if (filp->f_pos > inode->i_blocks << 9)
46 break;