From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: darrick.wong@oracle.com
Cc: linux-xfs@vger.kernel.org
Subject: [PATCH 4/5] xfs: complain if anyone tries to create a too-large buffer log item
Date: Thu, 09 Jan 2020 10:45:08 -0800 [thread overview]
Message-ID: <157859550791.164065.17052138010295333685.stgit@magnolia> (raw)
In-Reply-To: <157859548029.164065.5207227581806532577.stgit@magnolia>
From: Darrick J. Wong <darrick.wong@oracle.com>
Complain if someone calls xfs_buf_item_init on a buffer that is larger
than the dirty bitmap can handle, or tries to log a region that's past
the end of the dirty bitmap.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/xfs_buf_item.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index 9737f177a49b..be691d1d9fad 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -763,6 +763,15 @@ xfs_buf_item_init(
XFS_BLF_CHUNK);
map_size = DIV_ROUND_UP(chunks, NBWORD);
+ if (map_size > XFS_BLF_DATAMAP_SIZE) {
+ kmem_cache_free(xfs_buf_item_zone, bip);
+ xfs_err(mp,
+ "buffer item dirty bitmap (%u uints) too small to reflect %u bytes!",
+ map_size,
+ BBTOB(bp->b_maps[i].bm_len));
+ return -EFSCORRUPTED;
+ }
+
bip->bli_formats[i].blf_type = XFS_LI_BUF;
bip->bli_formats[i].blf_blkno = bp->b_maps[i].bm_bn;
bip->bli_formats[i].blf_len = bp->b_maps[i].bm_len;
@@ -795,6 +804,9 @@ xfs_buf_item_log_segment(
uint end_bit;
uint mask;
+ ASSERT(first < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);
+ ASSERT(last < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);
+
/*
* Convert byte offsets to bit numbers.
*/
next prev parent reply other threads:[~2020-01-09 18:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-09 18:44 [PATCH v2 0/5] xfs: fix buf log item memory corruption on non-amd64 Darrick J. Wong
2020-01-09 18:44 ` [PATCH 1/5] xfs: refactor remote attr value buffer invalidation Darrick J. Wong
2020-01-10 11:55 ` Christoph Hellwig
2020-01-14 0:43 ` Darrick J. Wong
2020-01-09 18:44 ` [PATCH 2/5] xfs: fix memory corruption during " Darrick J. Wong
2020-01-10 11:57 ` Christoph Hellwig
2020-01-14 0:59 ` Darrick J. Wong
2020-01-09 18:45 ` [PATCH 3/5] xfs: clean up xfs_buf_item_get_format return value Darrick J. Wong
2020-01-10 11:58 ` Christoph Hellwig
2020-01-09 18:45 ` Darrick J. Wong [this message]
2020-01-10 11:58 ` [PATCH 4/5] xfs: complain if anyone tries to create a too-large buffer log item Christoph Hellwig
2020-01-09 18:45 ` [PATCH 5/5] xfs: make struct xfs_buf_log_format have a consistent size Darrick J. Wong
2020-01-10 11:59 ` Christoph Hellwig
2020-01-10 16:53 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=157859550791.164065.17052138010295333685.stgit@magnolia \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.