* [PATCH] ext4: Make the extent validity check more paranoid
@ 2009-04-23 1:29 Theodore Ts'o
2009-04-23 2:04 ` Eric Sandeen
0 siblings, 1 reply; 4+ messages in thread
From: Theodore Ts'o @ 2009-04-23 1:29 UTC (permalink / raw)
To: linux-ext4; +Cc: Theodore Ts'o
Instead of just checking that the extent block number is greater or
equal than s_first_data_block, make sure it it is not pointing into
the block group descriptors, since that is clearly wrong. This helps
prevent filesystem from getting very badly corrupted in case an extent
block is corrupted.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---
fs/ext4/extents.c | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 6132353..c28ffe2 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -326,11 +326,14 @@ ext4_ext_max_entries(struct inode *inode, int depth)
static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
{
- ext4_fsblk_t block = ext_pblock(ext);
+ ext4_fsblk_t block = ext_pblock(ext), valid_block;
int len = ext4_ext_get_actual_len(ext);
struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es;
- if (unlikely(block < le32_to_cpu(es->s_first_data_block) ||
- ((block + len) > ext4_blocks_count(es))))
+
+ valid_block = le32_to_cpu(es->s_first_data_block) +
+ EXT4_SB(inode->i_sb)->s_gdb_count;
+ if (unlikely(block <= valid_block ||
+ ((block + len) > ext4_blocks_count(es))))
return 0;
else
return 1;
@@ -339,10 +342,13 @@ static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
static int ext4_valid_extent_idx(struct inode *inode,
struct ext4_extent_idx *ext_idx)
{
- ext4_fsblk_t block = idx_pblock(ext_idx);
+ ext4_fsblk_t block = idx_pblock(ext_idx), valid_block;
struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es;
- if (unlikely(block < le32_to_cpu(es->s_first_data_block) ||
- (block >= ext4_blocks_count(es))))
+
+ valid_block = le32_to_cpu(es->s_first_data_block) +
+ EXT4_SB(inode->i_sb)->s_gdb_count;
+ if (unlikely(block <= valid_block ||
+ (block >= ext4_blocks_count(es))))
return 0;
else
return 1;
--
1.5.6.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ext4: Make the extent validity check more paranoid
2009-04-23 1:29 [PATCH] ext4: Make the extent validity check more paranoid Theodore Ts'o
@ 2009-04-23 2:04 ` Eric Sandeen
2009-04-23 4:19 ` Theodore Tso
0 siblings, 1 reply; 4+ messages in thread
From: Eric Sandeen @ 2009-04-23 2:04 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: linux-ext4
Theodore Ts'o wrote:
> Instead of just checking that the extent block number is greater or
> equal than s_first_data_block, make sure it it is not pointing into
> the block group descriptors, since that is clearly wrong. This helps
> prevent filesystem from getting very badly corrupted in case an extent
> block is corrupted.
>
> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Good idea. Maybe we can get our friends with the corrupted fs to run
with these validation patches... I can get this into rawhide at least.
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
> ---
> fs/ext4/extents.c | 18 ++++++++++++------
> 1 files changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 6132353..c28ffe2 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -326,11 +326,14 @@ ext4_ext_max_entries(struct inode *inode, int depth)
>
> static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
> {
> - ext4_fsblk_t block = ext_pblock(ext);
> + ext4_fsblk_t block = ext_pblock(ext), valid_block;
> int len = ext4_ext_get_actual_len(ext);
> struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es;
> - if (unlikely(block < le32_to_cpu(es->s_first_data_block) ||
> - ((block + len) > ext4_blocks_count(es))))
> +
> + valid_block = le32_to_cpu(es->s_first_data_block) +
> + EXT4_SB(inode->i_sb)->s_gdb_count;
> + if (unlikely(block <= valid_block ||
> + ((block + len) > ext4_blocks_count(es))))
> return 0;
> else
> return 1;
> @@ -339,10 +342,13 @@ static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
> static int ext4_valid_extent_idx(struct inode *inode,
> struct ext4_extent_idx *ext_idx)
> {
> - ext4_fsblk_t block = idx_pblock(ext_idx);
> + ext4_fsblk_t block = idx_pblock(ext_idx), valid_block;
> struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es;
> - if (unlikely(block < le32_to_cpu(es->s_first_data_block) ||
> - (block >= ext4_blocks_count(es))))
> +
> + valid_block = le32_to_cpu(es->s_first_data_block) +
> + EXT4_SB(inode->i_sb)->s_gdb_count;
> + if (unlikely(block <= valid_block ||
> + (block >= ext4_blocks_count(es))))
> return 0;
> else
> return 1;
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ext4: Make the extent validity check more paranoid
2009-04-23 2:04 ` Eric Sandeen
@ 2009-04-23 4:19 ` Theodore Tso
2009-04-23 12:52 ` Eric Sandeen
0 siblings, 1 reply; 4+ messages in thread
From: Theodore Tso @ 2009-04-23 4:19 UTC (permalink / raw)
To: Eric Sandeen; +Cc: linux-ext4
On Wed, Apr 22, 2009 at 09:04:30PM -0500, Eric Sandeen wrote:
> Theodore Ts'o wrote:
> > Instead of just checking that the extent block number is greater or
> > equal than s_first_data_block, make sure it it is not pointing into
> > the block group descriptors, since that is clearly wrong. This helps
> > prevent filesystem from getting very badly corrupted in case an extent
> > block is corrupted.
> >
> > Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
>
> Good idea. Maybe we can get our friends with the corrupted fs to run
> with these validation patches... I can get this into rawhide at least.
Yeah, unfortunately this patch requires some other patches that went
in during the 2.6.30 merge window, so some extra back-porting would be
needed for our friends running a 2.6.29.1 Fedora kernel.
I'm still trying figure out what's the best way to add the right kind
of checking for 2.6.29 based kernels. Looking at the dump files which
Kevin Shanahan, it doesn't look like they are coming from interior
nodes of extent trees. Some kind of kludge patch into the block
device layer might be the most fool-proof way to do things.
- Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ext4: Make the extent validity check more paranoid
2009-04-23 4:19 ` Theodore Tso
@ 2009-04-23 12:52 ` Eric Sandeen
0 siblings, 0 replies; 4+ messages in thread
From: Eric Sandeen @ 2009-04-23 12:52 UTC (permalink / raw)
To: Theodore Tso; +Cc: linux-ext4
Theodore Tso wrote:
> On Wed, Apr 22, 2009 at 09:04:30PM -0500, Eric Sandeen wrote:
>> Theodore Ts'o wrote:
>>> Instead of just checking that the extent block number is greater or
>>> equal than s_first_data_block, make sure it it is not pointing into
>>> the block group descriptors, since that is clearly wrong. This helps
>>> prevent filesystem from getting very badly corrupted in case an extent
>>> block is corrupted.
>>>
>>> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
>> Good idea. Maybe we can get our friends with the corrupted fs to run
>> with these validation patches... I can get this into rawhide at least.
>
> Yeah, unfortunately this patch requires some other patches that went
> in during the 2.6.30 merge window, so some extra back-porting would be
> needed for our friends running a 2.6.29.1 Fedora kernel.
Right, but rawhide has .30-etc, so a test on that might be helpful.
-Eric
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-23 12:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-04-23 1:29 [PATCH] ext4: Make the extent validity check more paranoid Theodore Ts'o
2009-04-23 2:04 ` Eric Sandeen
2009-04-23 4:19 ` Theodore Tso
2009-04-23 12:52 ` Eric Sandeen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.