From: Christoph Hellwig <hch@lst.de>
To: stable@vger.kernel.org
Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" <darrick.wong@oracle.com>
Subject: [PATCH 08/26] xfs: verify free block header fields
Date: Sat, 1 Apr 2017 08:34:54 +0200 [thread overview]
Message-ID: <20170401063512.25313-9-hch@lst.de> (raw)
In-Reply-To: <20170401063512.25313-1-hch@lst.de>
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit de14c5f541e78c59006bee56f6c5c2ef1ca07272 upstream.
Perform basic sanity checking of the directory free block header
fields so that we avoid hanging the system on invalid data.
(Granted that just means that now we shutdown on directory write,
but that seems better than hanging...)
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
fs/xfs/libxfs/xfs_dir2_node.c | 51 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 49 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
index 75a557432d0f..bbd1238852b3 100644
--- a/fs/xfs/libxfs/xfs_dir2_node.c
+++ b/fs/xfs/libxfs/xfs_dir2_node.c
@@ -155,6 +155,42 @@ const struct xfs_buf_ops xfs_dir3_free_buf_ops = {
.verify_write = xfs_dir3_free_write_verify,
};
+/* Everything ok in the free block header? */
+static bool
+xfs_dir3_free_header_check(
+ struct xfs_inode *dp,
+ xfs_dablk_t fbno,
+ struct xfs_buf *bp)
+{
+ struct xfs_mount *mp = dp->i_mount;
+ unsigned int firstdb;
+ int maxbests;
+
+ maxbests = dp->d_ops->free_max_bests(mp->m_dir_geo);
+ firstdb = (xfs_dir2_da_to_db(mp->m_dir_geo, fbno) -
+ xfs_dir2_byte_to_db(mp->m_dir_geo, XFS_DIR2_FREE_OFFSET)) *
+ maxbests;
+ if (xfs_sb_version_hascrc(&mp->m_sb)) {
+ struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
+
+ if (be32_to_cpu(hdr3->firstdb) != firstdb)
+ return false;
+ if (be32_to_cpu(hdr3->nvalid) > maxbests)
+ return false;
+ if (be32_to_cpu(hdr3->nvalid) < be32_to_cpu(hdr3->nused))
+ return false;
+ } else {
+ struct xfs_dir2_free_hdr *hdr = bp->b_addr;
+
+ if (be32_to_cpu(hdr->firstdb) != firstdb)
+ return false;
+ if (be32_to_cpu(hdr->nvalid) > maxbests)
+ return false;
+ if (be32_to_cpu(hdr->nvalid) < be32_to_cpu(hdr->nused))
+ return false;
+ }
+ return true;
+}
static int
__xfs_dir3_free_read(
@@ -168,11 +204,22 @@ __xfs_dir3_free_read(
err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
XFS_DATA_FORK, &xfs_dir3_free_buf_ops);
+ if (err || !*bpp)
+ return err;
+
+ /* Check things that we can't do in the verifier. */
+ if (!xfs_dir3_free_header_check(dp, fbno, *bpp)) {
+ xfs_buf_ioerror(*bpp, -EFSCORRUPTED);
+ xfs_verifier_error(*bpp);
+ xfs_trans_brelse(tp, *bpp);
+ return -EFSCORRUPTED;
+ }
/* try read returns without an error or *bpp if it lands in a hole */
- if (!err && tp && *bpp)
+ if (tp)
xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_FREE_BUF);
- return err;
+
+ return 0;
}
int
--
2.11.0
next prev parent reply other threads:[~2017-04-01 6:35 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-01 6:34 4.10-stable updates for XFS Christoph Hellwig
2017-04-01 6:34 ` [PATCH 01/26] xfs: pull up iolock from xfs_free_eofblocks() Christoph Hellwig
2017-04-01 6:34 ` [PATCH 02/26] xfs: sync eofblocks scans under iolock are livelock prone Christoph Hellwig
2017-04-01 6:34 ` [PATCH 03/26] xfs: fix eofblocks race with file extending async dio writes Christoph Hellwig
2017-04-01 6:34 ` [PATCH 04/26] xfs: fix toctou race when locking an inode to access the data map Christoph Hellwig
2017-04-01 6:34 ` [PATCH 05/26] xfs: fail _dir_open when readahead fails Christoph Hellwig
2017-04-01 6:34 ` [PATCH 06/26] xfs: filter out obviously bad btree pointers Christoph Hellwig
2017-04-01 6:34 ` [PATCH 07/26] xfs: check for obviously bad level values in the bmbt root Christoph Hellwig
2017-04-01 6:34 ` Christoph Hellwig [this message]
2017-04-01 6:34 ` [PATCH 09/26] xfs: allow unwritten extents in the CoW fork Christoph Hellwig
2017-04-01 6:34 ` [PATCH 10/26] xfs: mark speculative prealloc CoW fork extents unwritten Christoph Hellwig
2017-04-01 6:34 ` [PATCH 11/26] xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t Christoph Hellwig
2017-04-01 6:34 ` [PATCH 12/26] xfs: reject all unaligned direct writes to reflinked files Christoph Hellwig
2017-04-01 17:21 ` Greg KH
2017-04-01 17:22 ` Christoph Hellwig
2017-04-01 17:26 ` Greg KH
2017-04-01 17:42 ` Christoph Hellwig
2017-04-01 6:34 ` [PATCH 13/26] xfs: update ctime and mtime on clone destinatation inodes Christoph Hellwig
2017-04-01 6:35 ` [PATCH 14/26] xfs: correct null checks and error processing in xfs_initialize_perag Christoph Hellwig
2017-04-01 6:35 ` [PATCH 15/26] xfs: don't fail xfs_extent_busy allocation Christoph Hellwig
2017-04-01 6:35 ` [PATCH 16/26] xfs: handle indlen shortage on delalloc extent merge Christoph Hellwig
2017-04-01 6:35 ` [PATCH 17/26] xfs: split indlen reservations fairly when under reserved Christoph Hellwig
2017-04-01 6:35 ` [PATCH 18/26] xfs: fix uninitialized variable in _reflink_convert_cow Christoph Hellwig
2017-04-01 6:35 ` [PATCH 19/26] xfs: don't reserve blocks for right shift transactions Christoph Hellwig
2017-04-01 6:35 ` [PATCH 20/26] xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment Christoph Hellwig
2017-04-01 6:35 ` [PATCH 21/26] xfs: tune down agno asserts in the bmap code Christoph Hellwig
2017-04-01 6:35 ` [PATCH 22/26] xfs: only reclaim unwritten COW extents periodically Christoph Hellwig
2017-04-01 6:35 ` [PATCH 23/26] xfs: fix and streamline error handling in xfs_end_io Christoph Hellwig
2017-04-01 6:35 ` [PATCH 24/26] xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask Christoph Hellwig
2017-04-01 6:35 ` [PATCH 25/26] xfs: use iomap new flag for newly allocated delalloc blocks Christoph Hellwig
2017-04-01 6:35 ` [PATCH 26/26] xfs: try any AG when allocating the first btree block when reflinking Christoph Hellwig
2017-04-01 7:43 ` 4.10-stable updates for XFS Eryu Guan
2017-04-01 13:37 ` Christoph Hellwig
2017-04-01 17:32 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2017-03-27 8:38 Christoph Hellwig
2017-03-27 8:38 ` [PATCH 08/26] xfs: verify free block header fields Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170401063512.25313-9-hch@lst.de \
--to=hch@lst.de \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.