From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 06/13] xfs: move inode fork verifiers to xfs_dinode_verify
Date: Tue, 19 Dec 2017 16:16:19 +1100 [thread overview]
Message-ID: <20171219051619.GP4094@dastard> (raw)
In-Reply-To: <151320952955.30654.5858027812526222455.stgit@magnolia>
On Wed, Dec 13, 2017 at 03:58:49PM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> Consolidate the fork size and format verifiers to xfs_dinode_verify so
> that we can reject bad inodes earlier and in a single place.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
> fs/xfs/libxfs/xfs_inode_buf.c | 72 ++++++++++++++++++++++++++++++++-
> fs/xfs/libxfs/xfs_inode_fork.c | 86 ----------------------------------------
> 2 files changed, 69 insertions(+), 89 deletions(-)
>
>
> diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
> index 0e4c720..1392fe9 100644
> --- a/fs/xfs/libxfs/xfs_inode_buf.c
> +++ b/fs/xfs/libxfs/xfs_inode_buf.c
> @@ -390,6 +390,7 @@ xfs_dinode_verify(
> uint16_t mode;
> uint16_t flags;
> uint64_t flags2;
> + uint64_t di_size;
>
> if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
> return __this_address;
> @@ -408,7 +409,8 @@ xfs_dinode_verify(
> }
>
> /* don't allow invalid i_size */
> - if (be64_to_cpu(dip->di_size) & (1ULL << 63))
> + di_size = be64_to_cpu(dip->di_size);
> + if (di_size & (1ULL << 63))
> return __this_address;
>
> mode = be16_to_cpu(dip->di_mode);
> @@ -416,14 +418,74 @@ xfs_dinode_verify(
> return __this_address;
>
> /* No zero-length symlinks/dirs. */
> - if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
> + if ((S_ISLNK(mode) || S_ISDIR(mode)) && di_size == 0)
> return __this_address;
>
> + /* Fork checks carried over from xfs_iformat_fork */
> + if (mode &&
> + be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) >
> + be64_to_cpu(dip->di_nblocks))
Can you indent this last line so it doesn't look like a spearate
logic check?
if (mode &&
be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) >
be64_to_cpu(dip->di_nblocks))
> + return __this_address;
> +
> + if (mode && dip->di_forkoff > mp->m_sb.sb_inodesize)
> + return __this_address;
Hold on, this check is completely bogus. di_forkoff is in units of 8 bytes,
which inode size is in bytes. Also, di_forkoff is a u8, so it can't
/ever/ be larger than the inode size which are >= 256 bytes. Yeah,
though so:
#define XFS_DFORK_BOFF(dip) ((int)((dip)->di_forkoff << 3))
This check needs to be:
if (mode && XFS_DFORK_BOFF(dip) > mp->m_sb.sb_inodesize)
return __this_address;
Otherwise looks good.
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2017-12-19 5:22 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-13 23:58 [PATCH 00/13] xfs: more and better verifiers Darrick J. Wong
2017-12-13 23:58 ` [PATCH 01/13] xfs: refactor long-format btree header verification routines Darrick J. Wong
2017-12-14 22:06 ` Dave Chinner
2017-12-15 0:12 ` Darrick J. Wong
2017-12-13 23:58 ` [PATCH 02/13] xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers Darrick J. Wong
2017-12-19 3:50 ` Dave Chinner
2017-12-13 23:58 ` [PATCH 03/13] xfs: have buffer verifier functions report failing address Darrick J. Wong
2017-12-19 4:12 ` Dave Chinner
2017-12-19 20:26 ` Darrick J. Wong
2017-12-13 23:58 ` [PATCH 04/13] xfs: refactor verifier callers to print address of failing check Darrick J. Wong
2017-12-14 22:03 ` Dave Chinner
2017-12-15 0:04 ` Darrick J. Wong
2017-12-15 3:09 ` Dave Chinner
2017-12-19 20:29 ` Darrick J. Wong
2017-12-13 23:58 ` [PATCH 05/13] xfs: verify dinode header first Darrick J. Wong
2017-12-19 4:13 ` Dave Chinner
2017-12-13 23:58 ` [PATCH 06/13] xfs: move inode fork verifiers to xfs_dinode_verify Darrick J. Wong
2017-12-19 5:16 ` Dave Chinner [this message]
2017-12-19 20:34 ` Darrick J. Wong
2017-12-19 20:48 ` Dave Chinner
2017-12-13 23:58 ` [PATCH 07/13] xfs: create structure verifier function for shortform xattrs Darrick J. Wong
2017-12-19 5:23 ` Dave Chinner
2017-12-19 20:41 ` Darrick J. Wong
2017-12-19 20:51 ` Dave Chinner
2017-12-19 21:04 ` Darrick J. Wong
2017-12-13 23:59 ` [PATCH 08/13] xfs: create structure verifier function for short form symlinks Darrick J. Wong
2017-12-19 5:27 ` Dave Chinner
2017-12-19 20:45 ` Darrick J. Wong
2017-12-13 23:59 ` [PATCH 09/13] xfs: refactor short form directory structure verifier function Darrick J. Wong
2017-12-19 5:45 ` Dave Chinner
2017-12-13 23:59 ` [PATCH 10/13] xfs: provide a centralized method for verifying inline fork data Darrick J. Wong
2017-12-19 6:06 ` Dave Chinner
2017-12-19 20:50 ` Darrick J. Wong
2017-12-13 23:59 ` [PATCH 11/13] xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt Darrick J. Wong
2017-12-19 6:13 ` Dave Chinner
2017-12-13 23:59 ` [PATCH 12/13] xfs: create a new buf_ops pointer to verify structure metadata Darrick J. Wong
2017-12-19 6:22 ` Dave Chinner
2017-12-19 18:15 ` Darrick J. Wong
2017-12-19 20:53 ` Dave Chinner
2017-12-13 23:59 ` [PATCH 13/13] xfs: scrub in-core metadata Darrick J. Wong
2017-12-19 6:23 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171219051619.GP4094@dastard \
--to=david@fromorbit.com \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.