From: Allison Henderson <allison.henderson@oracle.com>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH v24 03/11] xfs: Set up infrastructure for log atrribute replay
Date: Tue, 31 Aug 2021 12:03:07 -0700 [thread overview]
Message-ID: <2bc0d0a8-a6c9-0d1d-fb7c-89b6fc549907@oracle.com> (raw)
In-Reply-To: <20210831004851.GT3657114@dread.disaster.area>
On 8/30/21 5:48 PM, Dave Chinner wrote:
> On Tue, Aug 24, 2021 at 03:44:26PM -0700, Allison Henderson wrote:
>> +/*
>> + * Allocate and initialize an attri item. Caller may allocate an additional
>> + * trailing buffer of the specified size
>> + */
>> +STATIC struct xfs_attri_log_item *
>> +xfs_attri_init(
>> + struct xfs_mount *mp,
>> + int buffer_size)
>> +
>> +{
>> + struct xfs_attri_log_item *attrip;
>> + uint size;
>> +
>> + size = sizeof(struct xfs_attri_log_item) + buffer_size;
>> + attrip = kvmalloc(size, KM_ZERO);
>> + if (attrip == NULL)
>> + return NULL;
>
> kvmalloc() takes GFP flags. I think you want GFP_KERNEL | __GFP_ZERO
> here.
>
> Also, buffer size is taken directly from on-disk without bounds/length
> validation, meaning this could end up being an attacker controlled
> memory allocation, so .....
>
Ok, will fix
>> +STATIC int
>> +xlog_recover_attri_commit_pass2(
>> + struct xlog *log,
>> + struct list_head *buffer_list,
>> + struct xlog_recover_item *item,
>> + xfs_lsn_t lsn)
>> +{
>> + int error;
>> + struct xfs_mount *mp = log->l_mp;
>> + struct xfs_attri_log_item *attrip;
>> + struct xfs_attri_log_format *attri_formatp;
>> + char *name = NULL;
>> + char *value = NULL;
>> + int region = 0;
>> + int buffer_size;
>> +
>> + attri_formatp = item->ri_buf[region].i_addr;
>> +
>> + /* Validate xfs_attri_log_format */
>> + if (attri_formatp->__pad != 0 || attri_formatp->alfi_name_len == 0 ||
>> + (attri_formatp->alfi_op_flags == XFS_ATTR_OP_FLAGS_REMOVE &&
>> + attri_formatp->alfi_value_len != 0)) {
>> + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, mp);
>> + return -EFSCORRUPTED;
>> + }
>> +
>> + buffer_size = attri_formatp->alfi_name_len +
>> + attri_formatp->alfi_value_len;
>> +
>> + attrip = xfs_attri_init(mp, buffer_size);
>> + if (attrip == NULL)
>> + return -ENOMEM;
>
> There needs to be a lot better validation of the attribute
> name/value lengths here. Also, memory allocation failure here will
> abort recovery, so it might be worth adding a comment here....
Maybe we can add a call to xfs_attri_validate here? I think we can just
modify it to directly check the xfs_attri_log_format.
Thanks!
Allison
>
> Cheers,
>
> Dave.
>
next prev parent reply other threads:[~2021-08-31 19:03 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-24 22:44 [PATCH v24 00/11] Log Attribute Replay Allison Henderson
2021-08-24 22:44 ` [PATCH v24 01/11] xfs: Return from xfs_attr_set_iter if there are no more rmtblks to process Allison Henderson
2021-08-24 22:44 ` [PATCH v24 02/11] xfs: Capture buffers for delayed ops Allison Henderson
2021-08-27 11:33 ` Chandan Babu R
2021-08-31 18:03 ` Allison Henderson
2021-08-30 17:44 ` Darrick J. Wong
2021-08-31 17:50 ` Allison Henderson
2021-09-18 0:02 ` Darrick J. Wong
2021-08-24 22:44 ` [PATCH v24 03/11] xfs: Set up infrastructure for log atrribute replay Allison Henderson
2021-08-27 14:17 ` Chandan Babu R
2021-08-31 18:03 ` Allison Henderson
2021-08-31 0:48 ` Dave Chinner
2021-08-31 19:03 ` Allison Henderson [this message]
2021-08-31 21:52 ` Dave Chinner
2021-09-01 5:34 ` Allison Henderson
2021-08-24 22:44 ` [PATCH v24 04/11] xfs: Implement attr logging and replay Allison Henderson
2021-08-30 7:47 ` Chandan Babu R
2021-08-31 18:11 ` Allison Henderson
2021-08-24 22:44 ` [PATCH v24 05/11] RFC xfs: Skip flip flags for delayed attrs Allison Henderson
2021-08-30 10:15 ` Chandan Babu R
2021-08-31 18:11 ` Allison Henderson
2021-08-24 22:44 ` [PATCH v24 06/11] xfs: Add xfs_attr_set_deferred and xfs_attr_remove_deferred Allison Henderson
2021-08-30 10:27 ` Chandan Babu R
2021-08-31 18:12 ` Allison Henderson
2021-09-01 3:47 ` Dave Chinner
2021-09-01 5:34 ` Allison Henderson
2021-08-24 22:44 ` [PATCH v24 07/11] xfs: Remove unused xfs_attr_*_args Allison Henderson
2021-08-24 22:44 ` [PATCH v24 08/11] xfs: Add log attribute error tag Allison Henderson
2021-08-24 22:44 ` [PATCH v24 09/11] xfs: Add larp debug option Allison Henderson
2021-08-30 12:03 ` Chandan Babu R
2021-08-31 18:12 ` Allison Henderson
2021-08-24 22:44 ` [PATCH v24 10/11] xfs: Merge xfs_delattr_context into xfs_attr_item Allison Henderson
2021-08-24 22:44 ` [PATCH v24 11/11] xfs: Add helper function xfs_attr_leaf_addname Allison Henderson
2021-08-30 14:17 ` Chandan Babu R
2021-08-31 18:13 ` Allison Henderson
2021-08-31 0:20 ` [PATCH v24 00/11] Log Attribute Replay Dave Chinner
2021-08-31 18:27 ` Allison Henderson
2021-09-01 6:29 ` Dave Chinner
2021-09-01 7:30 ` [PATCH 0/5] xfs: various logged attribute fixes Dave Chinner
2021-09-01 7:30 ` [PATCH 1/5] xfs: fix fallthrough annotations in xfs_attr_set_iter() Dave Chinner
2021-09-01 7:30 ` [PATCH 2/5] xfs: fix flags passed to kvmalloc() by xfs_attri_init() Dave Chinner
2021-09-01 7:30 ` [PATCH 3/5] xfs: hide log iovec alignment constraints Dave Chinner
2021-09-01 7:30 ` [PATCH 4/5] xfs: fix attribute log iovec sizing Dave Chinner
2021-09-01 7:30 ` [PATCH 5/5] [RFC] xfs: don't commit the first deferred transaction without intents Dave Chinner
2021-09-01 21:43 ` [PATCH 0/5] xfs: various logged attribute fixes Allison Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2bc0d0a8-a6c9-0d1d-fb7c-89b6fc549907@oracle.com \
--to=allison.henderson@oracle.com \
--cc=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).