always-check-ext4_ext_find_extent-result

   1 ext4: always check ext4_ext_find_extent result
   2
   3 From: Dmitry Monakhov <dmonakhov@openvz.org>
   4
   5 Where are some places where logic guaranties us that extent we are
   6 searching exits, but this may not be true due to on-disk data
   7 corruption. If such corruption happens we must prevent possible
   8 null pointer dereferences.
   9
  10 Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
  11 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
  12 ---
  13  fs/ext4/extents.c | 17 +++++++++++++++++
  14  1 file changed, 17 insertions(+)
  15
  16 diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
  17 index 38be063..64b4003 100644
  18 --- a/fs/ext4/extents.c
  19 +++ b/fs/ext4/extents.c
  20 @@ -3313,6 +3313,11 @@ static int ext4_split_extent(handle_t *handle,
  21                 return PTR_ERR(path);
  22         depth = ext_depth(inode);
  23         ex = path[depth].p_ext;
  24 +       if (!ex) {
  25 +               EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
  26 +                                (unsigned long) map->m_lblk);
  27 +               return -EIO;
  28 +       }
  29         uninitialized = ext4_ext_is_uninitialized(ex);
  30         split_flag1 = 0;
  31
  32 @@ -3694,6 +3699,12 @@ static int ext4_convert_initialized_extents(handle_t *handle,
  33                 }
  34                 depth = ext_depth(inode);
  35                 ex = path[depth].p_ext;
  36 +               if (!ex) {
  37 +                       EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
  38 +                                        (unsigned long) map->m_lblk);
  39 +                       err = -EIO;
  40 +                       goto out;
  41 +               }
  42         }
  43
  44         err = ext4_ext_get_access(handle, inode, path + depth);
  45 @@ -5340,6 +5351,12 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
  46                         return PTR_ERR(path);
  47                 depth = path->p_depth;
  48                 extent = path[depth].p_ext;
  49 +               if (!extent) {
  50 +                       EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
  51 +                                        (unsigned long) start);
  52 +                       return -EIO;
  53 +               }
  54 +
  55                 current_block = le32_to_cpu(extent->ee_block);
  56                 if (start > current_block) {
  57                         /* Hole, move to the next extent */