From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Zhang Yi <yi.zhang@huawei.com>,
Theodore Tso <tytso@mit.edu>
Subject: [PATCH 5.10 06/76] ext4: check for inconsistent extents between index and leaf block
Date: Mon, 27 Dec 2021 16:30:21 +0100 [thread overview]
Message-ID: <20211227151324.936249530@linuxfoundation.org> (raw)
In-Reply-To: <20211227151324.694661623@linuxfoundation.org>
From: Zhang Yi <yi.zhang@huawei.com>
commit 9c6e071913792d80894cd0be98cc3c4b770e26d3 upstream.
Now that we can check out overlapping extents in leaf block and
out-of-order index extents in index block. But the .ee_block in the
first extent of one leaf block should equal to the .ei_block in it's
parent index extent entry. This patch add a check to verify such
inconsistent between the index and leaf block.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Link: https://lore.kernel.org/r/20210908120850.4012324-3-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 59 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 36 insertions(+), 23 deletions(-)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -366,7 +366,8 @@ static int ext4_valid_extent_idx(struct
static int ext4_valid_extent_entries(struct inode *inode,
struct ext4_extent_header *eh,
- ext4_fsblk_t *pblk, int depth)
+ ext4_lblk_t lblk, ext4_fsblk_t *pblk,
+ int depth)
{
unsigned short entries;
ext4_lblk_t lblock = 0;
@@ -380,6 +381,14 @@ static int ext4_valid_extent_entries(str
if (depth == 0) {
/* leaf entries */
struct ext4_extent *ext = EXT_FIRST_EXTENT(eh);
+
+ /*
+ * The logical block in the first entry should equal to
+ * the number in the index block.
+ */
+ if (depth != ext_depth(inode) &&
+ lblk != le32_to_cpu(ext->ee_block))
+ return 0;
while (entries) {
if (!ext4_valid_extent(inode, ext))
return 0;
@@ -396,6 +405,14 @@ static int ext4_valid_extent_entries(str
}
} else {
struct ext4_extent_idx *ext_idx = EXT_FIRST_INDEX(eh);
+
+ /*
+ * The logical block in the first entry should equal to
+ * the number in the parent index block.
+ */
+ if (depth != ext_depth(inode) &&
+ lblk != le32_to_cpu(ext_idx->ei_block))
+ return 0;
while (entries) {
if (!ext4_valid_extent_idx(inode, ext_idx))
return 0;
@@ -416,7 +433,7 @@ static int ext4_valid_extent_entries(str
static int __ext4_ext_check(const char *function, unsigned int line,
struct inode *inode, struct ext4_extent_header *eh,
- int depth, ext4_fsblk_t pblk)
+ int depth, ext4_fsblk_t pblk, ext4_lblk_t lblk)
{
const char *error_msg;
int max = 0, err = -EFSCORRUPTED;
@@ -442,7 +459,7 @@ static int __ext4_ext_check(const char *
error_msg = "invalid eh_entries";
goto corrupted;
}
- if (!ext4_valid_extent_entries(inode, eh, &pblk, depth)) {
+ if (!ext4_valid_extent_entries(inode, eh, lblk, &pblk, depth)) {
error_msg = "invalid extent entries";
goto corrupted;
}
@@ -472,7 +489,7 @@ corrupted:
}
#define ext4_ext_check(inode, eh, depth, pblk) \
- __ext4_ext_check(__func__, __LINE__, (inode), (eh), (depth), (pblk))
+ __ext4_ext_check(__func__, __LINE__, (inode), (eh), (depth), (pblk), 0)
int ext4_ext_check_inode(struct inode *inode)
{
@@ -505,16 +522,18 @@ static void ext4_cache_extents(struct in
static struct buffer_head *
__read_extent_tree_block(const char *function, unsigned int line,
- struct inode *inode, ext4_fsblk_t pblk, int depth,
- int flags)
+ struct inode *inode, struct ext4_extent_idx *idx,
+ int depth, int flags)
{
struct buffer_head *bh;
int err;
gfp_t gfp_flags = __GFP_MOVABLE | GFP_NOFS;
+ ext4_fsblk_t pblk;
if (flags & EXT4_EX_NOFAIL)
gfp_flags |= __GFP_NOFAIL;
+ pblk = ext4_idx_pblock(idx);
bh = sb_getblk_gfp(inode->i_sb, pblk, gfp_flags);
if (unlikely(!bh))
return ERR_PTR(-ENOMEM);
@@ -527,8 +546,8 @@ __read_extent_tree_block(const char *fun
}
if (buffer_verified(bh) && !(flags & EXT4_EX_FORCE_CACHE))
return bh;
- err = __ext4_ext_check(function, line, inode,
- ext_block_hdr(bh), depth, pblk);
+ err = __ext4_ext_check(function, line, inode, ext_block_hdr(bh),
+ depth, pblk, le32_to_cpu(idx->ei_block));
if (err)
goto errout;
set_buffer_verified(bh);
@@ -546,8 +565,8 @@ errout:
}
-#define read_extent_tree_block(inode, pblk, depth, flags) \
- __read_extent_tree_block(__func__, __LINE__, (inode), (pblk), \
+#define read_extent_tree_block(inode, idx, depth, flags) \
+ __read_extent_tree_block(__func__, __LINE__, (inode), (idx), \
(depth), (flags))
/*
@@ -597,8 +616,7 @@ int ext4_ext_precache(struct inode *inod
i--;
continue;
}
- bh = read_extent_tree_block(inode,
- ext4_idx_pblock(path[i].p_idx++),
+ bh = read_extent_tree_block(inode, path[i].p_idx++,
depth - i - 1,
EXT4_EX_FORCE_CACHE);
if (IS_ERR(bh)) {
@@ -903,8 +921,7 @@ ext4_find_extent(struct inode *inode, ex
path[ppos].p_depth = i;
path[ppos].p_ext = NULL;
- bh = read_extent_tree_block(inode, path[ppos].p_block, --i,
- flags);
+ bh = read_extent_tree_block(inode, path[ppos].p_idx, --i, flags);
if (IS_ERR(bh)) {
ret = PTR_ERR(bh);
goto err;
@@ -1509,7 +1526,6 @@ static int ext4_ext_search_right(struct
struct ext4_extent_header *eh;
struct ext4_extent_idx *ix;
struct ext4_extent *ex;
- ext4_fsblk_t block;
int depth; /* Note, NOT eh_depth; depth from top of tree */
int ee_len;
@@ -1576,20 +1592,17 @@ got_index:
* follow it and find the closest allocated
* block to the right */
ix++;
- block = ext4_idx_pblock(ix);
while (++depth < path->p_depth) {
/* subtract from p_depth to get proper eh_depth */
- bh = read_extent_tree_block(inode, block,
- path->p_depth - depth, 0);
+ bh = read_extent_tree_block(inode, ix, path->p_depth - depth, 0);
if (IS_ERR(bh))
return PTR_ERR(bh);
eh = ext_block_hdr(bh);
ix = EXT_FIRST_INDEX(eh);
- block = ext4_idx_pblock(ix);
put_bh(bh);
}
- bh = read_extent_tree_block(inode, block, path->p_depth - depth, 0);
+ bh = read_extent_tree_block(inode, ix, path->p_depth - depth, 0);
if (IS_ERR(bh))
return PTR_ERR(bh);
eh = ext_block_hdr(bh);
@@ -2968,9 +2981,9 @@ again:
ext_debug(inode, "move to level %d (block %llu)\n",
i + 1, ext4_idx_pblock(path[i].p_idx));
memset(path + i + 1, 0, sizeof(*path));
- bh = read_extent_tree_block(inode,
- ext4_idx_pblock(path[i].p_idx), depth - i - 1,
- EXT4_EX_NOCACHE);
+ bh = read_extent_tree_block(inode, path[i].p_idx,
+ depth - i - 1,
+ EXT4_EX_NOCACHE);
if (IS_ERR(bh)) {
/* should we reset i_size? */
err = PTR_ERR(bh);
next prev parent reply other threads:[~2021-12-27 15:40 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-27 15:30 [PATCH 5.10 00/76] 5.10.89-rc1 review Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 01/76] arm64: vdso32: drop -no-integrated-as flag Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 02/76] arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 03/76] net: usb: lan78xx: add Allied Telesis AT29M2-AF Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 04/76] ext4: prevent partial update of the extent blocks Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 05/76] ext4: check for out-of-order index extents in ext4_valid_extent_entries() Greg Kroah-Hartman
2021-12-27 15:30 ` Greg Kroah-Hartman [this message]
2021-12-27 15:30 ` [PATCH 5.10 07/76] HID: holtek: fix mouse probing Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 08/76] HID: potential dereference of null pointer Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 09/76] arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 10/76] spi: change clk_disable_unprepare to clk_unprepare Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 11/76] ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 12/76] IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 13/76] RDMA/hns: Replace kfree() with kvfree() Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 14/76] netfilter: fix regression in looped (broad|multi)casts MAC handling Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 15/76] ARM: dts: imx6qdl-wandboard: Fix Ethernet support Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 16/76] net: marvell: prestera: fix incorrect return of port_find Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 17/76] qlcnic: potential dereference null pointer of rx_queue->page_ring Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 18/76] net: accept UFOv6 packages in virtio_net_hdr_to_skb Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 19/76] net: skip virtio_net_hdr_set_proto if protocol already set Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 20/76] igb: fix deadlock caused by taking RTNL in RPM resume path Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 21/76] ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 22/76] bonding: fix ad_actor_system option setting to default Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 23/76] fjes: Check for error irq Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 24/76] drivers: net: smc911x: " Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 25/76] net: ks8851: " Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 26/76] sfc: Check null pointer of rx_queue->page_ring Greg Kroah-Hartman
2021-12-29 11:17 ` Pavel Machek
2022-01-01 11:54 ` Martin Habets
2021-12-27 15:30 ` [PATCH 5.10 27/76] sfc: falcon: " Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 28/76] Input: elantech - fix stack out of bound access in elantech_change_report_id() Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 29/76] pinctrl: bcm2835: Change init order for gpio hogs Greg Kroah-Hartman
2021-12-31 9:52 ` Pavel Machek
2021-12-27 15:30 ` [PATCH 5.10 30/76] hwmon: (lm90) Fix usage of CONFIG2 register in detect function Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 31/76] hwmon: (lm90) Add basic support for TI TMP461 Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 32/76] hwmon: (lm90) Introduce flag indicating extended temperature support Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 33/76] hwmon: (lm90) Drop critical attribute support for MAX6654 Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 34/76] ALSA: jack: Check the return value of kstrdup() Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 35/76] ALSA: drivers: opl3: Fix incorrect use of vp->state Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 36/76] ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 37/76] ALSA: hda/realtek: Add new alc285-hp-amp-init model Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 38/76] ALSA: hda/realtek: Fix quirk for Clevo NJ51CU Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 39/76] ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 40/76] Input: atmel_mxt_ts - fix double free in mxt_read_info_block Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 41/76] ipmi: bail out if init_srcu_struct fails Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 42/76] ipmi: ssif: initialize ssif_info->client early Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 43/76] ipmi: fix initialization when workqueue allocation fails Greg Kroah-Hartman
2021-12-27 15:30 ` [PATCH 5.10 44/76] parisc: Correct completer in lws start Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 45/76] parisc: Fix mask used to select futex spinlock Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 46/76] tee: handle lookup of shm with reference count 0 Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 47/76] x86/pkey: Fix undefined behaviour with PKRU_WD_BIT Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 48/76] platform/x86: intel_pmc_core: fix memleak on registration failure Greg Kroah-Hartman
2021-12-31 10:04 ` Pavel Machek
2021-12-31 10:18 ` Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 49/76] KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 50/76] pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 51/76] gpio: dln2: Fix interrupts when replugging the device Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 52/76] mmc: sdhci-tegra: Fix switch to HS400ES mode Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 53/76] mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 54/76] mmc: core: Disable card detect during shutdown Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 55/76] mmc: mmci: stm32: clear DLYB_CR after sending tuning command Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 56/76] ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 57/76] mac80211: fix locking in ieee80211_start_ap error path Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 58/76] mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 59/76] tee: optee: Fix incorrect page free bug Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 60/76] f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() Greg Kroah-Hartman
2022-01-03 21:11 ` Salvatore Bonaccorso
2022-01-04 9:29 ` Chao Yu
2022-01-04 9:56 ` Salvatore Bonaccorso
2022-01-04 10:22 ` Greg Kroah-Hartman
2022-01-04 21:10 ` Jaegeuk Kim
2022-01-05 8:10 ` Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 61/76] ceph: fix up non-directory creation in SGID directories Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 62/76] usb: gadget: u_ether: fix race in setting MAC address in setup phase Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 63/76] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 64/76] mm: mempolicy: fix THP allocations escaping mempolicy restrictions Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 65/76] Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 66/76] Input: i8042 - enable deferred probe quirk for ASUS UM325UA Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 67/76] Input: goodix - add id->model mapping for the "9111" model Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 68/76] ASoC: tas2770: Fix setting of high sample rates Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 69/76] ASoC: rt5682: fix the wrong jack type detected Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 70/76] pinctrl: mediatek: fix global-out-of-bounds issue Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 71/76] hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 72/76] hwmon: (lm90) Do not report busy status bit as alarm Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 73/76] ax25: NPD bug when detaching AX25 device Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 74/76] hamradio: defer ax25 kfree after unregister_netdev Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 75/76] hamradio: improve the incomplete fix to avoid NPD Greg Kroah-Hartman
2021-12-27 15:31 ` [PATCH 5.10 76/76] phonet/pep: refuse to enable an unbound pipe Greg Kroah-Hartman
2021-12-27 18:02 ` [PATCH 5.10 00/76] 5.10.89-rc1 review Florian Fainelli
2021-12-28 8:12 ` Naresh Kamboju
2021-12-28 13:22 ` Sudip Mukherjee
2021-12-28 17:07 ` Guenter Roeck
2021-12-28 21:27 ` Shuah Khan
2021-12-29 1:33 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211227151324.936249530@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).