From: Dave Chinner <david@fromorbit.com>
To: Eric Sandeen <sandeen@redhat.com>
Cc: linux-xfs <linux-xfs@vger.kernel.org>
Subject: Re: [PATCH] xfs_repair: allow '/' in attribute names
Date: Fri, 4 Jan 2019 08:20:44 +1100 [thread overview]
Message-ID: <20190103212044.GO4205@dastard> (raw)
In-Reply-To: <1c673348-0244-89ff-5b3c-545ee3e458e4@redhat.com>
On Thu, Jan 03, 2019 at 01:15:56PM -0600, Eric Sandeen wrote:
> For some reason, since the earliest days of XFS, a '/' character
> in an extended attribute name has been treated as corruption by
> xfs_repair. This despite nothing in other userspace tools or the
> kernel having this restriction.
>
> My best guess is that this was an unintentional leftover from
> common code between dirs & attrs in the "da" code, and there has
> never been a good reason for it.
>
> Since userspace and kernelspace allow such a name to be set,
> listed, and read, it seems wrong to flag it as corruption.
> So, make this test conditional on whether we're validating a name
> in a dir, as opposed to the name of an attr.
Sounds fair.
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
>
> diff --git a/repair/attr_repair.c b/repair/attr_repair.c
> index 1d04500..2f6f7ef 100644
> --- a/repair/attr_repair.c
> +++ b/repair/attr_repair.c
> @@ -292,11 +292,9 @@ process_shortform_attr(
> }
> }
>
> - /* namecheck checks for / and null terminated for file names.
> - * attributes names currently follow the same rules.
> - */
> + /* namecheck checks for null chars in attr names. */
> if (namecheck((char *)¤tentry->nameval[0],
> - currententry->namelen)) {
> + currententry->namelen, false)) {
Hmmmm. that's kinda messy. How about:
/* attr_namecheck checks for null chars in attr names. */
bool
attr_namecheck(
uint8_t name,
int length)
{
return namecheck((char *)name, length, false);
}
> do_warn(
> _("entry contains illegal character in shortform attribute name\n"));
> junkit = 1;
> @@ -459,7 +457,7 @@ process_leaf_attr_local(
>
> local = xfs_attr3_leaf_name_local(leaf, i);
> if (local->namelen == 0 || namecheck((char *)&local->nameval[0],
> - local->namelen)) {
> + local->namelen, false)) {
> do_warn(
> _("attribute entry %d in attr block %u, inode %" PRIu64 " has bad name (namelen = %d)\n"),
> i, da_bno, ino, local->namelen);
> @@ -514,7 +512,7 @@ process_leaf_attr_remote(
> remotep = xfs_attr3_leaf_name_remote(leaf, i);
>
> if (remotep->namelen == 0 || namecheck((char *)&remotep->name[0],
> - remotep->namelen) ||
> + remotep->namelen, false) ||
> be32_to_cpu(entry->hashval) !=
> libxfs_da_hashname((unsigned char *)&remotep->name[0],
> remotep->namelen) ||
That gets rid of the casts out of this code as well, and hides
the boolean inside the scope where it has meaning.
> diff --git a/repair/da_util.c b/repair/da_util.c
> index 1450767..1f6568e 100644
> --- a/repair/da_util.c
> +++ b/repair/da_util.c
> @@ -13,20 +13,25 @@
> #include "da_util.h"
>
> /*
> - * takes a name and length (name need not be null-terminated)
> - * and returns 1 if the name contains a '/' or a \0, returns 0
> - * otherwise
> + * takes a name and length (name need not be null-terminated) and whether
> + * we are checking a dir (vs an attr), and returns 1 if the direntry contains
> + * a '/', or if anything contains a \0, and returns 0 otherwise
> */
> int
> -namecheck(char *name, int length)
> +namecheck(
> + char *name,
> + int length,
> + bool isadir)
> {
> - char *c;
> - int i;
> + char *c;
> + int i;
>
> ASSERT(length < MAXNAMELEN);
>
> for (c = name, i = 0; i < length; i++, c++) {
> - if (*c == '/' || *c == '\0')
> + if (isadir && *c == '/')
> + return 0;
> + if (*c == '\0')
> return 1;
> }
>
> diff --git a/repair/da_util.h b/repair/da_util.h
> index d36dfd0..041dff7 100644
> --- a/repair/da_util.h
> +++ b/repair/da_util.h
> @@ -27,7 +27,8 @@ typedef struct da_bt_cursor {
> int
> namecheck(
> char *name,
> - int length);
> + int length,
> + bool isadir);
>
> struct xfs_buf *
> da_read_buf(
> diff --git a/repair/dir2.c b/repair/dir2.c
> index ba5763e..6d592d6 100644
> --- a/repair/dir2.c
> +++ b/repair/dir2.c
> @@ -310,7 +310,7 @@ _("entry #%d %s in shortform dir %" PRIu64),
> * the length value is stored in a byte
> * so it can't be too big, it can only wrap
> */
> - if (namecheck((char *)&sfep->name[0], namelen)) {
> + if (namecheck((char *)&sfep->name[0], namelen, true)) {
same for these - convert to a dir_namecheck() wrapper function....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2019-01-03 21:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-03 19:15 [PATCH] xfs_repair: allow '/' in attribute names Eric Sandeen
2019-01-03 21:20 ` Dave Chinner [this message]
2019-01-03 21:27 ` Eric Sandeen
2019-01-03 21:51 ` Darrick J. Wong
2019-01-11 23:12 ` [PATCH V2] " Eric Sandeen
2019-01-14 19:54 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190103212044.GO4205@dastard \
--to=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.