Mikulas Patocka e9c6a18264 dm snapshot: fix data corruption
This patch fixes a particular type of data corruption that has been
encountered when loading a snapshot's metadata from disk.

When we allocate a new chunk in persistent_prepare, we increment
ps->next_free and we make sure that it doesn't point to a metadata area
by further incrementing it if necessary.

When we load metadata from disk on device activation, ps->next_free is
positioned after the last used data chunk. However, if this last used
data chunk is followed by a metadata area, ps->next_free is positioned
erroneously to the metadata area. A newly-allocated chunk is placed at
the same location as the metadata area, resulting in data or metadata
corruption.

This patch changes the code so that ps->next_free skips the metadata
area when metadata are loaded in function read_exceptions.

The patch also moves a piece of code from persistent_prepare_exception
to a separate function skip_metadata to avoid code duplication.

CVE-2013-4299

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Cc: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2013-10-16 03:17:47 +01:00
..
2013-03-01 22:45:51 +00:00
2013-03-01 22:45:51 +00:00
2013-03-01 22:45:51 +00:00
2013-08-23 09:02:13 -04:00
2013-09-05 20:46:06 -04:00
2013-08-23 09:02:13 -04:00
2013-08-23 09:02:13 -04:00
2013-09-05 20:46:06 -04:00
2013-07-10 23:41:19 +01:00
2013-07-10 23:41:17 +01:00
2013-03-01 22:45:47 +00:00
2013-03-23 14:15:29 -07:00
2013-07-10 23:41:19 +01:00
2013-03-23 14:15:29 -07:00
2013-09-05 20:46:06 -04:00
2013-09-02 10:31:29 +10:00
2013-09-02 10:31:29 +10:00
2013-07-25 16:46:53 +10:00