Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 032d8f7268444a0f5d4ee02d9513d682d5b8edfc^! / . / fs / logfs / super.c
commit032d8f7268444a0f5d4ee02d9513d682d5b8edfc[log] [tgz]
authorJoern Engel <joern@logfs.org>Tue Apr 13 17:46:37 2010 +0200
committerJoern Engel <joern@logfs.org>Tue Apr 13 17:46:37 2010 +0200
tree57cd841514abb9ffe7df7d2569513663f551f960
parente05c378f4973674a16d5b9636f2310cf88aca5f2 [diff] [blame]
[LogFS] Prevent memory corruption on large deletes

Removing sufficiently large files would create aliases for a large
number of segments.  This in turn results in a large number of journal
entries and an overflow of s_je_array.

Cheap fix is to add a BUG_ON, turning memory corruption into something
annoying, but less dangerous.  Real fix is to count the number of
affected segments and prevent the problem completely.

Signed-off-by: Joern Engel <joern@logfs.org>

diff --git a/fs/logfs/super.c b/fs/logfs/super.c
index 9d856c4..d6e1f4f 100644
--- a/fs/logfs/super.c
+++ b/fs/logfs/super.c

@@ -451,6 +451,8 @@
 
 	btree_init_mempool64(&super->s_shadow_tree.new, super->s_btree_pool);
 	btree_init_mempool64(&super->s_shadow_tree.old, super->s_btree_pool);
+	btree_init_mempool32(&super->s_shadow_tree.segment_map,
+			super->s_btree_pool);
 
 	ret = logfs_init_mapping(sb);
 	if (ret)